Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DRMS_Tender_No._P500-2023-102.exe

Overview

General Information

Sample Name:DRMS_Tender_No._P500-2023-102.exe
Analysis ID:1330490
MD5:2e450823db1430464efb84f8074cc84f
SHA1:88c86734e5de9f22154ca8c55cd141b2068e922f
SHA256:50e8e741266264cb161b567f8dbcd65bf8cdcfea296c9807dc00a9cae853b8fe
Tags:exe
Infos:

Detection

Predator
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Sigma detected: Scheduled temp file as task from temp location
Antivirus detection for URL or domain
Yara detected Predator
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file / registry access)
.NET source code references suspicious native API functions
Machine Learning detection for sample
.NET source code contains potential unpacker
Yara detected Generic Downloader
.NET source code contains method to dynamically call methods (often used by packers)
Machine Learning detection for dropped file
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
May check the online IP address of the machine
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to detect virtual machines (SLDT)
Potential key logger detected (key state polling based)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • DRMS_Tender_No._P500-2023-102.exe (PID: 1824 cmdline: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
    • powershell.exe (PID: 3032 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 3428 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • DRMS_Tender_No._P500-2023-102.exe (PID: 5192 cmdline: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
      • Zip.exe (PID: 2052 cmdline: "C:\Users\user\AppData\Local\Temp\Zip.exe" MD5: 3AFD64484A2A34FC34D1155747DD3847)
  • LUHgPxjH.exe (PID: 5680 cmdline: C:\Users\user\AppData\Roaming\LUHgPxjH.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
    • schtasks.exe (PID: 908 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp5038.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • LUHgPxjH.exe (PID: 2688 cmdline: C:\Users\user\AppData\Roaming\LUHgPxjH.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
    • LUHgPxjH.exe (PID: 6012 cmdline: C:\Users\user\AppData\Roaming\LUHgPxjH.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
  • update_232312.exe (PID: 7240 cmdline: "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start MD5: 2E450823DB1430464EFB84F8074CC84F)
  • update_232312.exe (PID: 7304 cmdline: "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start MD5: 2E450823DB1430464EFB84F8074CC84F)
    • powershell.exe (PID: 7464 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7500 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp866B.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • update_232312.exe (PID: 7648 cmdline: C:\Users\user\AppData\Local\Temp\update_232312.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
  • update_232312.exe (PID: 7980 cmdline: "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start MD5: 2E450823DB1430464EFB84F8074CC84F)
  • update_232312.exe (PID: 8020 cmdline: "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start MD5: 2E450823DB1430464EFB84F8074CC84F)
    • powershell.exe (PID: 8100 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 8136 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • update_232312.exe (PID: 5636 cmdline: C:\Users\user\AppData\Local\Temp\update_232312.exe MD5: 2E450823DB1430464EFB84F8074CC84F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
HawkEye Keylogger, Predator PainHawKeye is a keylogger that is distributed since 2013. Discovered by IBM X-Force, it is currently spread over phishing campaigns targeting businesses on a worldwide scale. It is designed to steal credentials from numerous applications but, in the last observed versions, new "loader capabilities" have been spotted. It is sold by its development team on dark web markets and hacking forums.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.hawkeye_keylogger

Malware Configuration

Threatname: Predator

{"C2 url": "http://www.biopharmzpharma.com/Maxwhite/"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.3901670213.0000000002AF8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PredatorYara detected PredatorJoe Security
      00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_PredatorYara detected PredatorJoe Security
          00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 13 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpackJoeSecurity_PredatorYara detected PredatorJoe Security
              0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpackINDICATOR_SUSPICIOUS_EXE_References_VPNDetects executables referencing many VPN software clients. Observed in infosteslersditekSHen
                  • 0x1c54a:$s1: \Vpn\NordVPN
                  • 0x203fa:$s2: \VPN\OpenVPN
                  • 0x20468:$s3: \VPN\ProtonVPN
                  24.2.update_232312.exe.465ae8.1.raw.unpackJoeSecurity_PredatorYara detected PredatorJoe Security
                    Click to see the 37 entries

                    Sigma Signatures

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe, ParentImage: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe, ParentProcessId: 1824, ParentProcessName: DRMS_Tender_No._P500-2023-102.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp, ProcessId: 3428, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpackMalware Configuration Extractor: Predator {"C2 url": "http://www.biopharmzpharma.com/Maxwhite/"}
                    Multi AV Scanner detection for submitted file
                    Source: DRMS_Tender_No._P500-2023-102.exeReversingLabs: Detection: 78%
                    Source: DRMS_Tender_No._P500-2023-102.exeVirustotal: Detection: 71%Perma Link
                    Antivirus detection for URL or domain
                    Source: http://www.biopharmzpharma.com/Maxwhite/Avira URL Cloud: Label: malware
                    Yara detected Predator
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 1824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 5192, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: LUHgPxjH.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: update_232312.exe PID: 7648, type: MEMORYSTR
                    Multi AV Scanner detection for domain / URL
                    Source: http://www.biopharmzpharma.com/Maxwhite/Virustotal: Detection: 15%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeReversingLabs: Detection: 42%
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeVirustotal: Detection: 60%Perma Link
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeReversingLabs: Detection: 78%
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeVirustotal: Detection: 71%Perma Link
                    Machine Learning detection for sample
                    Source: DRMS_Tender_No._P500-2023-102.exeJoe Sandbox ML: detected
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeJoe Sandbox ML: detected
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: RvC:\Windows\dll\mscorlib.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3982734245.0000000007116000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\wHPoHSZYYg\src\obj\Debug\OGms.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, LUHgPxjH.exe.0.dr
                    Source: Binary string: System.Windows.Forms.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: mscorlib.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Windows.Forms.pdbt source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\wHPoHSZYYg\src\obj\Debug\OGms.pdbd source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, LUHgPxjH.exe.0.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3888195272.00000000013A6000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \gom_v_4.0\Zip\Zip\obj\Debug\Zip.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003309000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000000.1489950411.0000020AB6308000.00000002.00000001.01000000.00000010.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Zip.exe.7.dr
                    Source: Binary string: \gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdbH; source: update_232312.exe, 00000012.00000002.1630187359.0000000002914000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.Windows.Forms.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064EC000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: c:\Temp\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: DRMS_Tender_No._P500-2023-102.exe, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.4000726988.00000000093F2000.00000002.00000001.01000000.0000000F.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1702876054.0000000004659000.00000004.00000800.00020000.00000000.sdmp, Newtonsoft.Json.dll.7.dr, Newtonsoft.Json.dll0.7.dr
                    Source: Binary string: \gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 00000008.00000002.1491644409.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000012.00000002.1630187359.0000000002914000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 0000001D.00000002.1697902719.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: \gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdbX source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B8838h7_2_079B8770
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B8838h7_2_079B8760
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B86A8h7_2_079B85D0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B86A8h7_2_079B8568
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB358h7_2_079BB290
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB358h7_2_079BB281
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB188h7_2_079BB199
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB270h7_2_079BB199
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB270h7_2_079BB1A8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB188h7_2_079BB0B0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB188h7_2_079BB0C0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB0A0h7_2_079BAFD8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079BB0A0h7_2_079BAFC8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B8A08h7_2_079B8930
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B8A08h7_2_079B8940
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B8920h7_2_079B8858
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 079B8920h7_2_079B8849
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]7_2_08E9F020
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]7_2_092070A4
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then jmp 0D9247A1h7_2_0D924508
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]7_2_09200040
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 07158838h13_2_07158770
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 07158838h13_2_07158760
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 071586A8h13_2_07158568
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 071586A8h13_2_071585D0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B358h13_2_0715B290
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B358h13_2_0715B281
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B188h13_2_0715B199
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B270h13_2_0715B199
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B270h13_2_0715B1A8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B188h13_2_0715B0B0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B188h13_2_0715B0C0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B0A0h13_2_0715AFD8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 0715B0A0h13_2_0715AFC8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 07158A08h13_2_07158930
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 07158A08h13_2_07158940
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 07158920h13_2_07158858
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then jmp 07158920h13_2_0715884A
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]13_2_08538448
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]13_2_0853FA1C
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]13_2_08538438
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]13_2_085389B8
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 4x nop then dec eax14_2_00007FFB4AC60719
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]24_2_0500473C
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]24_2_05008F0C
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F8838h24_2_071F8770
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F8838h24_2_071F8760
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F86A8h24_2_071F8568
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F86A8h24_2_071F85D0
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB358h24_2_071FB290
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB358h24_2_071FB281
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB188h24_2_071FB198
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB270h24_2_071FB198
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB270h24_2_071FB1A8
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB188h24_2_071FB0B0
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB188h24_2_071FB0C0
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB0A0h24_2_071FAFD8
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071FB0A0h24_2_071FAFC8
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F8A08h24_2_071F8930
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F8A08h24_2_071F8940
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F8920h24_2_071F8858
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 4x nop then jmp 071F8920h24_2_071F8849

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: unknownDNS query: name: ip-api.com
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1702876054.0000000004659000.00000004.00000800.00020000.00000000.sdmp, Newtonsoft.Json.dll.7.dr, Newtonsoft.Json.dll0.7.drString found in binary or memory: http://expression/newtonsoft.json.dll
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.00000000036A6000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003162000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8302000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8354000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8312000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB831D000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8348000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1624744958.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003411000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Zip.exe.7.drString found in binary or memory: http://ip-api.com/json/
                    Source: Newtonsoft.Json.dll0.7.drString found in binary or memory: http://james.newtonking.com/projects/json
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3989484205.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3959916627.000000000735A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003131000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 00000008.00000002.1491644409.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8271000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000012.00000002.1630187359.0000000002914000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1624744958.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 0000001D.00000002.1697902719.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003411000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: update_232312.exe, 0000001D.00000002.1719369686.00000000047E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.biopharmzpharma.com/Maxwhite/
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB837F000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1624744958.0000000002B64000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003445000.00000004.00000800.00020000.00000000.sdmp, info.txt.7.drString found in binary or memory: https://gomorrah.pw
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: unknownDNS traffic detected: queries for: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.com
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0D925C51 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,7_2_0D925C51
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0D925C60 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,7_2_0D925C60
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_085F9F2B GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,24_2_085F9F2B

                    E-Banking Fraud

                    barindex
                    Yara detected Predator
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 1824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 5192, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: LUHgPxjH.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: update_232312.exe PID: 7648, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 0_2_0254E0AC0_2_0254E0AC
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 0_2_06C80F100_2_06C80F10
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0169C2187_2_0169C218
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0169DC307_2_0169DC30
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_052914077_2_05291407
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_052946187_2_05294618
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_052901C07_2_052901C0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_05295D587_2_05295D58
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0529AB007_2_0529AB00
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_05292B947_2_05292B94
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0529BF387_2_0529BF38
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08DB98797_2_08DB9879
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08DB7D947_2_08DB7D94
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08E9E8F07_2_08E9E8F0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08E9CAD87_2_08E9CAD8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08E942787_2_08E94278
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08E904487_2_08E90448
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08E9E8E07_2_08E9E8E0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08E9AC287_2_08E9AC28
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F950E07_2_08F950E0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F968907_2_08F96890
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F960887_2_08F96088
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F941387_2_08F94138
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F94BA87_2_08F94BA8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F95B507_2_08F95B50
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F965C07_2_08F965C0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F9D5C07_2_08F9D5C0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F9C5407_2_08F9C540
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F946707_2_08F94670
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F956187_2_08F95618
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F970F07_2_08F970F0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F938D87_2_08F938D8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F950DC7_2_08F950DC
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F9B0B07_2_08F9B0B0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F9B0A97_2_08F9B0A9
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F968887_2_08F96888
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F960787_2_08F96078
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F979707_2_08F97970
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F979687_2_08F97968
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F941287_2_08F94128
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F971007_2_08F97100
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F973D07_2_08F973D0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F973C17_2_08F973C1
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F94BA47_2_08F94BA4
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F96B607_2_08F96B60
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F96B547_2_08F96B54
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F95B407_2_08F95B40
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F97C407_2_08F97C40
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F97C307_2_08F97C30
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F965B87_2_08F965B8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F976A07_2_08F976A0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F976977_2_08F97697
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F946607_2_08F94660
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F96E307_2_08F96E30
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F96E1F7_2_08F96E1F
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F956107_2_08F95610
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092091B87_2_092091B8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092081F87_2_092081F8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B0B07_2_0920B0B0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092038F87_2_092038F8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920A0D07_2_0920A0D0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092063287_2_09206328
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B3987_2_0920B398
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_09209BC87_2_09209BC8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920C2707_2_0920C270
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920AAE07_2_0920AAE0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920ED287_2_0920ED28
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920ADC87_2_0920ADC8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920A5D87_2_0920A5D8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_09208CB07_2_09208CB0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092034897_2_09203489
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092087A87_2_092087A8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092096C07_2_092096C0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B9687_2_0920B968
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B9587_2_0920B958
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092091A97_2_092091A9
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092081E97_2_092081E9
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092000117_2_09200011
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B0A07_2_0920B0A0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092070E77_2_092070E7
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092038E87_2_092038E8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092070F87_2_092070F8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920A0C07_2_0920A0C0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092063197_2_09206319
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_09206B607_2_09206B60
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_09209BB97_2_09209BB9
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B3887_2_0920B388
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920C2627_2_0920C262
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920AAD17_2_0920AAD1
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092075087_2_09207508
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920ADB87_2_0920ADB8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920A5C87_2_0920A5C8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920BC427_2_0920BC42
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920BC507_2_0920BC50
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_09208CA07_2_09208CA0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092074F97_2_092074F9
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920BF2A7_2_0920BF2A
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920BF387_2_0920BF38
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092087987_2_09208798
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B6707_2_0920B670
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092096B07_2_092096B0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920B6807_2_0920B680
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0ADBDA107_2_0ADBDA10
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0ADB51007_2_0ADB5100
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0ADBE6907_2_0ADBE690
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0ADBDA107_2_0ADBDA10
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0D9241387_2_0D924138
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0D9217107_2_0D921710
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0D9286907_2_0D928690
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0D9217107_2_0D921710
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_09203DA07_2_09203DA0
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_092000407_2_09200040
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_02B3E0AC8_2_02B3E0AC
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_051EF5D88_2_051EF5D8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_051EFA608_2_051EFA60
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_051EF5C88_2_051EF5C8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_051EF9D88_2_051EF9D8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_051EF9ED8_2_051EF9ED
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_00BEAF6813_2_00BEAF68
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_00BEC21813_2_00BEC218
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_00BEDE8813_2_00BEDE88
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853427813_2_08534278
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853C26013_2_0853C260
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853044813_2_08530448
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853ECA013_2_0853ECA0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08537D0813_2_08537D08
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08535EF013_2_08535EF0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_085389B113_2_085389B1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853FA5F13_2_0853FA5F
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853FA7013_2_0853FA70
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853F4D813_2_0853F4D8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08537CF813_2_08537CF8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853EC9813_2_0853EC98
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853BE1013_2_0853BE10
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853C72013_2_0853C720
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861F80013_2_0861F800
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08612C0813_2_08612C08
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08611CF013_2_08611CF0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086144A013_2_086144A0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086174B013_2_086174B0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08617CB813_2_08617CB8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861556013_2_08615560
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08610D3013_2_08610D30
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861390013_2_08613900
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861650813_2_08616508
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861311013_2_08613110
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086179E813_2_086179E8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086121F813_2_086121F8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08614DD013_2_08614DD0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086141B813_2_086141B8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08616A4013_2_08616A40
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861361813_2_08613618
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086112E013_2_086112E0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08613ED013_2_08613ED0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08615A9813_2_08615A98
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861E77813_2_0861E778
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08616F7813_2_08616F78
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861270013_2_08612700
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08613BE813_2_08613BE8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086117E813_2_086117E8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08615FD013_2_08615FD0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861478813_2_08614788
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861906813_2_08619068
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861004013_2_08610040
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861905813_2_08619058
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861000613_2_08610006
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08611CE113_2_08611CE1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086138F013_2_086138F0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086164F913_2_086164F9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086174A113_2_086174A1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08617CA813_2_08617CA8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861449113_2_08614491
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861554F13_2_0861554F
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861852813_2_08618528
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861310013_2_08613100
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861851813_2_08618518
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08610D1F13_2_08610D1F
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086121E913_2_086121E9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086179D813_2_086179D8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086141A913_2_086141A9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08614DBF13_2_08614DBF
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08618D8813_2_08618D88
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08618D9813_2_08618D98
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08614A6113_2_08614A61
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08614A7013_2_08614A70
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861824813_2_08618248
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861825813_2_08618258
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08616A3013_2_08616A30
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861360A13_2_0861360A
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861D2E813_2_0861D2E8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086126F113_2_086126F1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08613EC013_2_08613EC0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08618AC813_2_08618AC8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086112D113_2_086112D1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861D2D713_2_0861D2D7
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08618AB813_2_08618AB8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08615A8713_2_08615A87
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08616F6813_2_08616F68
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08617F7913_2_08617F79
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861477813_2_08614778
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086187E913_2_086187E9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08612BF913_2_08612BF9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086187F813_2_086187F8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08615FC013_2_08615FC0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086117D913_2_086117D9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08613BD913_2_08613BD9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08617F8813_2_08617F88
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0864392813_2_08643928
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08646E4013_2_08646E40
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086481F013_2_086481F0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0864238813_2_08642388
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_086435E813_2_086435E8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0864D5F013_2_0864D5F0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0864468C13_2_0864468C
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0864ECE013_2_0864ECE0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08A17CF013_2_08A17CF0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08A6987C13_2_08A6987C
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08A67D9413_2_08A67D94
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_085389B813_2_085389B8
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0853C72813_2_0853C728
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC58C6614_2_00007FFB4AC58C66
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC59A1214_2_00007FFB4AC59A12
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC456C914_2_00007FFB4AC456C9
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC447F814_2_00007FFB4AC447F8
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC437A814_2_00007FFB4AC437A8
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC5343014_2_00007FFB4AC53430
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 18_2_0260E0AC18_2_0260E0AC
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_00E1C21824_2_00E1C218
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_00E1DC3024_2_00E1DC30
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_0500C61824_2_0500C618
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_05009A3824_2_05009A38
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_085F427824_2_085F4278
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_085F044824_2_085F0448
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_085FF67824_2_085FF678
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_086E4D3624_2_086E4D36
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_086E73A824_2_086E73A8
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_08B0987A24_2_08B0987A
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeCode function: 24_2_08B07D9424_2_08B07D94
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess Stats: CPU usage > 49%
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1470082546.0000000007340000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZip.exe( vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameupdate_windows10.exeD vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.00000000025C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRight.dll: vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1469289625.0000000004FD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRight.dll: vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameupdate_windows10.exeD vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1471268982.0000000009FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1471268982.0000000009FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZip.exe( vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameupdate_windows10.exeD vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1464434807.000000000076E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3938306202.00000000043FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOGms.exe8 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003162000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.4003630000.0000000009452000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003309000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZip.exe( vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3938306202.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOGms.exe8 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.00000000033B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCustomMarshalers.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.00000000033B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorlib.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualBasic.DLLT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Forms.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Drawing.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Configuration.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Core.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Xml.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Runtime.Remoting.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Web.Extensions.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\000004B0\\OriginalFilename vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Web.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Management.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003369000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Security.dllT vs DRMS_Tender_No._P500-2023-102.exe
                    Source: DRMS_Tender_No._P500-2023-102.exeBinary or memory string: OriginalFilenameOGms.exe8 vs DRMS_Tender_No._P500-2023-102.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: sfc.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: sfc.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: sfc.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: sfc.dll
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: LUHgPxjH.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: DRMS_Tender_No._P500-2023-102.exeReversingLabs: Detection: 78%
                    Source: DRMS_Tender_No._P500-2023-102.exeVirustotal: Detection: 71%
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile read: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeJump to behavior
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp5038.tmp
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Users\user\AppData\Local\Temp\Zip.exe "C:\Users\user\AppData\Local\Temp\Zip.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp866B.tmp
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe C:\Users\user\AppData\Local\Temp\update_232312.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe "C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe C:\Users\user\AppData\Local\Temp\update_232312.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmpJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Users\user\AppData\Local\Temp\Zip.exe "C:\Users\user\AppData\Local\Temp\Zip.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp5038.tmpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp866B.tmp
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe C:\Users\user\AppData\Local\Temp\update_232312.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe C:\Users\user\AppData\Local\Temp\update_232312.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile created: C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile created: C:\Users\user\AppData\Local\Temp\tmp474F.tmpJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@39/33@1/1
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26110d0.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.6860000.10.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26010c4.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F18000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002ACE000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002AF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, JXobuAJs22XMStQZDa.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, JXobuAJs22XMStQZDa.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, JXobuAJs22XMStQZDa.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, tBZvap49tGIIEVK0dL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeMutant created: \Sessions\1\BaseNamedObjects\uUGslSjqPcvvkAJrzrFwikuROv
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeMutant created: \Sessions\1\BaseNamedObjects\update_windows10
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:964:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5368:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile written: C:\Users\user\AppData\Local\Temp\US_31FBB958C8\Files\desktop.iniJump to behavior
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26010c4.1.raw.unpack, Ft.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26110d0.2.raw.unpack, Ft.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.6860000.10.raw.unpack, Ft.csCryptographic APIs: 'CreateDecryptor'
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeAutomated click: Continue
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeAutomated click: Continue
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: DRMS_Tender_No._P500-2023-102.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: RvC:\Windows\dll\mscorlib.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3982734245.0000000007116000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\wHPoHSZYYg\src\obj\Debug\OGms.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, LUHgPxjH.exe.0.dr
                    Source: Binary string: System.Windows.Forms.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: mscorlib.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Windows.Forms.pdbt source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\wHPoHSZYYg\src\obj\Debug\OGms.pdbd source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, LUHgPxjH.exe.0.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3888195272.00000000013A6000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \gom_v_4.0\Zip\Zip\obj\Debug\Zip.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003309000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000000.1489950411.0000020AB6308000.00000002.00000001.01000000.00000010.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Zip.exe.7.dr
                    Source: Binary string: \gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdbH; source: update_232312.exe, 00000012.00000002.1630187359.0000000002914000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.Windows.Forms.pdb source: LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064EC000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: c:\Temp\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: DRMS_Tender_No._P500-2023-102.exe, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.4000726988.00000000093F2000.00000002.00000001.01000000.0000000F.sdmp, update_232312.exe, 00000018.00000002.1630719452.0000000003D15000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1702876054.0000000004659000.00000004.00000800.00020000.00000000.sdmp, Newtonsoft.Json.dll.7.dr, Newtonsoft.Json.dll0.7.dr
                    Source: Binary string: \gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdb source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 00000008.00000002.1491644409.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000012.00000002.1630187359.0000000002914000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 0000001D.00000002.1697902719.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: \gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdbX source: DRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: DRMS_Tender_No._P500-2023-102.exe, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: LUHgPxjH.exe.0.dr, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, JXobuAJs22XMStQZDa.cs.Net Code: pSNGrmHtrS System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26010c4.1.raw.unpack, Ft.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26110d0.2.raw.unpack, Ft.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.6860000.10.raw.unpack, Ft.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 0_2_0254D4A8 push eax; iretd 0_2_0254D4A9
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_093F3DC8 push FFFFFF8Ch; retn 0000h7_2_093F3DF2
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0169E7C3 pushad ; ret 7_2_0169E799
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0529D1D9 push ebx; iretd 7_2_0529D1DA
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_079B97B6 pushad ; iretd 7_2_079B9A35
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_079B97A8 push esp; iretd 7_2_079B97B5
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_079B575C push B006D87Eh; retf 7_2_079B79C5
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_079B74F8 pushad ; ret 7_2_079B74FD
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_079B6DC8 pushad ; ret 7_2_079B6DD1
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_079B6998 pushad ; ret 7_2_079B74FD
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_0920E5D0 push esp; ret 7_2_0920E636
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 8_2_02B3D4A8 push eax; iretd 8_2_02B3D4A9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0715575C push B006627Eh; retf 13_2_071579C5
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_07152778 push es; ret 13_2_07152790
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_071597B8 pushad ; iretd 13_2_07159A35
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_071597A8 push esp; iretd 13_2_071597B5
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_071574F8 pushad ; ret 13_2_071574FD
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0715DEA0 push es; ret 13_2_0715DEB0
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_07156DC8 pushad ; ret 13_2_07156DD1
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_07156998 pushad ; ret 13_2_071574FD
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_071578C0 push B006627Eh; retf 13_2_071579C5
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0861F060 push es; ret 13_2_0861F070
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_0864B54C push ebx; iretd 13_2_0864B592
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08A11C70 push esp; retf 13_2_08A11C71
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08A11DA8 pushfd ; retf 13_2_08A11DA9
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeCode function: 13_2_08A60412 push es; retn 0004h13_2_08A60420
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AB2D2A5 pushad ; iretd 14_2_00007FFB4AB2D2A6
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC456C9 push esp; retf 14_2_00007FFB4AC459D9
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC4597F push esp; retf 14_2_00007FFB4AC459D9
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC47933 push ebx; retf 14_2_00007FFB4AC4796A
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeCode function: 14_2_00007FFB4AC457D7 push esp; retf 14_2_00007FFB4AC459D9
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.987200098333319
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.987200098333319
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26010c4.1.raw.unpack, Ft.csHigh entropy of concatenated method names: 'lZA', 'RgtTUJcyZL', 'dZ3', 'MZx', 'NZe', 'EZk', 'XNe8QK', 'mP', 'aY', 'ys'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, w1BCR3KLtE2W5ExMEVR.csHigh entropy of concatenated method names: 'mbqab5lyXa', 'R9yaeIYCE4', 'BdAarIAZ8e', 'bf1a6br5OF', 'e6JaviGUY3', 'ytcaRlbjQ9', 'Qe5aBougYu', 'OIKaSxFsMZ', 'QbuaFnx6Af', 'ppKahaGHKf'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, n33tCw1aVkohJCVDvy.csHigh entropy of concatenated method names: 'oi0mJlQ8WB', 'fcemx4SLMW', 'bXSmZAh2pm', 'eyemQqqLbp', 'fc8mAJgVIS', 'QX8mIeTsRv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, qd5fL1EP8RPcbbTJYr.csHigh entropy of concatenated method names: 'HlXc6tY02X', 'jBYcRXlZrr', 'sw8cSUa5oc', 'nDlcFIl0Vs', 'xlYc1xKvpE', 'sNXcfWxuDw', 'igScKGdJxm', 'DH2cmgjkci', 'QxFcawaJH6', 'BXvcLU5POW'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, S8EKoW5Oxf8MjB8nmu.csHigh entropy of concatenated method names: 'TOSrwiVyb', 'RbB6QW5Bn', 'TQERaLOIi', 'osVB7m01Z', 'CZTFSU8Ff', 'qIvhV28ow', 'G90dIO8b5WEtlaIeC9', 'Bsav18kyMwUJrP4Adb', 'CKKmxjOTo', 'TiYLS2dtY'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, rBdL4N26scnEJf1r55.csHigh entropy of concatenated method names: 'VOtO8Kr7PC', 'Rv3OcUZHOc', 'bLvO5AVPxs', 'HUl5TdCo59', 'xsC5zhMbPY', 'LllOiXOlH9', 'B6HOdAvfRM', 'FZXOw4eUZE', 'uG9O25qlkW', 'WiWOGbQvux'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, m8fKGpCZwY2uK6WbkG.csHigh entropy of concatenated method names: 'XDEm8NFljm', 'AXtmk10meE', 'De3mcn0gGX', 'DBBmYBkWEy', 'ctHm58AJ9c', 'bSVmOYrfFW', 'P2WmMO9A2j', 'DAGmVW8PiA', 'WPDmCytKsd', 'iTxmqjTPIr'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, eOxw61y62lmSCwKRqK.csHigh entropy of concatenated method names: 'scj5HoSSYd', 'nrw5kpsLZN', 'aOv5YTLcML', 't6j5OCg615', 'cU85MJeMRP', 'c0MYs4N683', 'SB2YUP5PUp', 'WSvYNefN1O', 'CbkYWSsRZE', 'HciY4X8srX'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, CwneDW9F4y0TitYVHs.csHigh entropy of concatenated method names: 'MKbKWjSL0s', 'FeIKT8docL', 'IeSmiFJdOI', 'FEomdl4nQ3', 'ycCKl7slNa', 'cYvKnZ0Ay9', 'MW4KPSOZQG', 'niMKA4aAKM', 'gVNKjuToJ7', 'wlyK7kMm2u'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, pK11FFayZ9VvNTlXnW.csHigh entropy of concatenated method names: 'aPd1DAbSZy', 'kBc1ny9loY', 'mX91AIISe1', 'gvD1jqt3qo', 'jqZ1xnBEtU', 'gkT1ZvRFYf', 'rPl1Qo8xmN', 'QdD1Ih0HWH', 'H0a10drjLY', 'LVC1X6vDaP'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, tBZvap49tGIIEVK0dL.csHigh entropy of concatenated method names: 'deOkAA9mh3', 'ARSkjAnYlI', 'ko9k7gxJMe', 'CHGku1wCnb', 'A0jksLaJ8K', 'Q7ykUaD5Sy', 'BD3kNJoJdI', 'pX4kW8eVgX', 'lYBk4oKUDO', 'GMrkTCUs70'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, ycVWHxKwSuDIdeHRk6Z.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gO6LANpHcN', 'OQsLjuecTD', 'PhAL7rqqkx', 'JOJLuTUAml', 'IxjLsJK06Y', 'eM6LUYNNQg', 'xCsLN6YTyq'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, BZjomSORFkPadjvrRJ.csHigh entropy of concatenated method names: 'Dispose', 'J6sd4kQy62', 'a4Mwx5a7v7', 'z9a991tCxi', 'uKjdTe6rsR', 'xhOdzJSdop', 'ProcessDialogKey', 'nC8wiNPq0p', 'EIHwdaXeZ7', 'riNwwUKopH'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, f0lYnTgCax4nN6x3dN.csHigh entropy of concatenated method names: 'jDv5ygbxl7', 'ALd5bUDQGv', 'z4c5r7K8ao', 'swF56Ma6Sb', 'uNM5RRKyBX', 'WCJ5B7SMNj', 'vyd5FcK9sq', 'Fe65hC2Xq7', 'Pq8rk2dpxMVAYnQFIEL', 'Vr4A09dDTvGfqI2YbBQ'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, BuOC0JkqOYhmw2LyuP.csHigh entropy of concatenated method names: 'kH8gSvlfVJ', 'x5rgF5qvJK', 'vg9gJNY8qE', 'pc1gxMnEs7', 'gXAgQPCER2', 'kEugInYtKT', 's3sgXLqlHo', 'uJmg302CEj', 'YYYgDbT3KA', 'yGuglufb8d'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, tOmT1AIMZ9BIFjF3x6.csHigh entropy of concatenated method names: 'h7vad0y5ji', 'NRfa252fAc', 'RNfaGhIOAj', 'OPYa8RuSc3', 'GQoakmvlf9', 'SfPaYuwN4i', 'Dkaa5gNFwq', 'gZpmN4uF16', 'wp0mWs832m', 'HSrm4x0cN3'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, tq4HWax5feBZfJ0xG9.csHigh entropy of concatenated method names: 'QPQObGpqGR', 'YwcOeF8530', 'q0tOrM0jgc', 'qxnO6m0eLt', 'fAUOv6D0mA', 'KWvORSGO2y', 'qbSOBdRrA8', 'DYjOStnCNU', 'gqUOFdf8Ov', 'Mw4OhfVKhO'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, igFLNrzIkhc8bJIvi0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hRKaglhkgQ', 'e45a1Kcd0M', 'PLUafdViWQ', 'sgGaKUSxd2', 'tVkamxPBbA', 'XNMaad9CEF', 'QlZaLJxLar'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, HJTJGhBo3ls0DPcCEQ.csHigh entropy of concatenated method names: 'XlPdOqk0j4', 'LgOdMJFEht', 'oqUdC8cYhK', 'l1odqLdJQO', 'QaLd18wNeG', 'iQ4dfxYcnB', 'SAik2L7QewcEqAN2Lo', 'TpdtY4uIXu1cgwGYPd', 'wbt3Up2kUMus2lIUp5', 'Jt8dd7K4v1'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, JXobuAJs22XMStQZDa.csHigh entropy of concatenated method names: 'gQ12HeiyIi', 'sDa28531QF', 'pVp2kvFMC4', 'bst2cNdHMp', 'Kv32YqF9TG', 'a6P25KlPhj', 'qXv2OsOcet', 'IFS2MRuxLZ', 'kx22VahE6B', 'dkQ2CHEYHc'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.7340000.11.raw.unpack, jl2K3MG8a1kIktySXh.csHigh entropy of concatenated method names: 'udGYvYlGap', 'OmVYBKqRXs', 'UIecZZy7c6', 'bpOcQVjdej', 'McIcIywMty', 'jbOc0PyqXF', 'P5qcXxF4cS', 'x47c3lsJy9', 'rE6cEadf2L', 'l3FcDbf8sP'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.26110d0.2.raw.unpack, Ft.csHigh entropy of concatenated method names: 'lZA', 'RgtTUJcyZL', 'dZ3', 'MZx', 'NZe', 'EZk', 'XNe8QK', 'mP', 'aY', 'ys'
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.6860000.10.raw.unpack, Ft.csHigh entropy of concatenated method names: 'lZA', 'RgtTUJcyZL', 'dZ3', 'MZx', 'NZe', 'EZk', 'XNe8QK', 'mP', 'aY', 'ys'
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile created: C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dllJump to dropped file
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile created: C:\Users\user\AppData\Local\Temp\Zip.exeJump to dropped file
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile created: C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to dropped file
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeFile created: C:\Users\user\Desktop\Newtonsoft.Json.dllJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Defender UpdaterJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Defender UpdaterJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: LUHgPxjH.exe PID: 5680, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: update_232312.exe PID: 7304, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe TID: 1872Thread sleep time: -35529s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe TID: 2160Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2200Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4912Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe TID: 6680Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exe TID: 5668Thread sleep time: -35529s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exe TID: 1892Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exe TID: 6664Thread sleep count: 32 > 30
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exe TID: 6664Thread sleep time: -29514790517935264s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exe TID: 5552Thread sleep count: 2759 > 30
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exe TID: 5552Thread sleep count: 6900 > 30
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exe TID: 2968Thread sleep time: -13835058055282155s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exe TID: 4300Thread sleep count: 1173 > 30
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exe TID: 4300Thread sleep count: 3655 > 30
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exe TID: 2160Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7308Thread sleep time: -35529s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7376Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7680Thread sleep time: -2767011611056431s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7620Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7772Thread sleep time: -2767011611056431s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7784Thread sleep count: 752 > 30
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7784Thread sleep count: 296 > 30
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7716Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 7696Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 8024Thread sleep time: -35529s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 8044Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5652Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2328Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 4996Thread sleep time: -4611686018427385s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 2160Thread sleep count: 796 > 30
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 2160Thread sleep count: 361 > 30
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 6108Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exe TID: 1904Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dllJump to dropped file
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeDropped PE file which has not been started: C:\Users\user\Desktop\Newtonsoft.Json.dllJump to dropped file
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5704Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1430Jump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWindow / User API: threadDelayed 5127Jump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWindow / User API: threadDelayed 3951Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWindow / User API: threadDelayed 2759
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWindow / User API: threadDelayed 6900
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeWindow / User API: threadDelayed 1173
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeWindow / User API: threadDelayed 3655
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4601
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2121
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWindow / User API: threadDelayed 752
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5359
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 916
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWindow / User API: threadDelayed 796
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWindow / User API: threadDelayed 361
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_093F61CB sldt word ptr [eax]7_2_093F61CB
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeThread delayed: delay time: 35529Jump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeThread delayed: delay time: 35529Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 35529
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 35529
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeThread delayed: delay time: 922337203685477
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3982734245.00000000070EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}UV{
                    Source: LUHgPxjH.exe, 00000008.00000002.1489997165.0000000000DBF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: LUHgPxjH.exe, 0000000D.00000002.3896257097.0000000000C37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
                    Source: LUHgPxjH.exe, 00000008.00000002.1489997165.0000000000D13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3888195272.00000000013A6000.00000004.00000020.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1530803304.0000020AB65C2000.00000004.00000020.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1622249374.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1685119542.000000000178A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess token adjusted: Debug
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeCode function: 7_2_08F988B8 LdrInitializeThunk,7_2_08F988B8
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    .NET source code references suspicious native API functions
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, FFDecryptor.csReference to suspicious API methods: LoadLibrary(text + "mozglue.dll")
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, FFDecryptor.csReference to suspicious API methods: GetProcAddress(NSS3, "NSS_Init")
                    Source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, main.csReference to suspicious API methods: GetAsyncKeyState(65)
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmpJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeProcess created: C:\Users\user\AppData\Local\Temp\Zip.exe "C:\Users\user\AppData\Local\Temp\Zip.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp5038.tmpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeProcess created: C:\Users\user\AppData\Roaming\LUHgPxjH.exe C:\Users\user\AppData\Roaming\LUHgPxjH.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp866B.tmp
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe C:\Users\user\AppData\Local\Temp\update_232312.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeProcess created: C:\Users\user\AppData\Local\Temp\update_232312.exe C:\Users\user\AppData\Local\Temp\update_232312.exe
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Users\user\Desktop\Newtonsoft.Json.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Users\user\AppData\Roaming\LUHgPxjH.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Users\user\AppData\Roaming\LUHgPxjH.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Zip.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Zip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Users\user\AppData\Local\Temp\update_232312.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Users\user\AppData\Local\Temp\update_232312.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Users\user\AppData\Local\Temp\update_232312.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Users\user\AppData\Local\Temp\update_232312.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\update_232312.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3982734245.00000000070EC000.00000004.00000020.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3951285047.00000000064B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Predator
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 1824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 5192, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: LUHgPxjH.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: update_232312.exe PID: 7648, type: MEMORYSTR
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Roaming\LUHgPxjH.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.3901670213.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3902155839.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 1824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 5192, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: LUHgPxjH.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: update_232312.exe PID: 7648, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Predator
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.3a5a510.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.465ae8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.402203.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6c2b.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.update_232312.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.39f6628.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.43e1170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d88b.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DRMS_Tender_No._P500-2023-102.exe.437d288.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 1824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DRMS_Tender_No._P500-2023-102.exe PID: 5192, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: LUHgPxjH.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: update_232312.exe PID: 7648, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts21
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		Exfiltration Over Other Network Medium1
                    Ingress Tool Transfer                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default Accounts1
                    Native API                    		1
                    Scheduled Task/Job                    		11
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		14
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		Exfiltration Over Bluetooth1
                    Encrypted Channel                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts1
                    Scheduled Task/Job                    		1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		Security Account Manager131
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		Automated Exfiltration2
                    Non-Application Layer Protocol                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)1
                    Registry Run Keys / Startup Folder                    		22
                    Software Packing                    		NTDS1
                    Process Discovery                    		Distributed Component Object Model1
                    Input Capture                    		Scheduled Transfer2
                    Application Layer Protocol                    		SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets41
                    Virtualization/Sandbox Evasion                    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common1
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items41
                    Virtualization/Sandbox Evasion                    		DCSync1
                    System Network Configuration Discovery                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
                    Process Injection                    		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1330490 Sample: DRMS_Tender_No._P500-2023-102.exe Startdate: 23/10/2023 Architecture: WINDOWS Score: 100 66 ip-api.com 2->66 70 Multi AV Scanner detection for domain / URL 2->70 72 Found malware configuration 2->72 74 Malicious sample detected (through community Yara rule) 2->74 76 10 other signatures 2->76 8 DRMS_Tender_No._P500-2023-102.exe 7 2->8         started        12 LUHgPxjH.exe 5 2->12         started        14 update_232312.exe 2->14         started        16 3 other processes 2->16 signatures3 process4 file5 62 C:\Users\user\AppData\Roaming\LUHgPxjH.exe, PE32 8->62 dropped 64 C:\Users\user\AppData\Local\...\tmp474F.tmp, XML 8->64 dropped 86 Uses schtasks.exe or at.exe to add and modify task schedules 8->86 88 Adds a directory exclusion to Windows Defender 8->88 18 DRMS_Tender_No._P500-2023-102.exe 16 21 8->18         started        23 powershell.exe 23 8->23         started        25 schtasks.exe 1 8->25         started        90 Multi AV Scanner detection for dropped file 12->90 92 Machine Learning detection for dropped file 12->92 27 LUHgPxjH.exe 12->27         started        29 schtasks.exe 12->29         started        31 LUHgPxjH.exe 12->31         started        33 powershell.exe 14->33         started        35 2 other processes 14->35 37 3 other processes 16->37 signatures6 process7 dnsIp8 68 ip-api.com 208.95.112.1, 49708, 49710, 49711 TUT-ASUS United States 18->68 56 C:\Users\user\AppData\Local\Temp\Zip.exe, PE32 18->56 dropped 58 C:\Users\user\Desktop58ewtonsoft.Json.dll, PE32 18->58 dropped 60 C:\Users\user\AppData\...60ewtonsoft.Json.dll, PE32 18->60 dropped 78 Tries to steal Mail credentials (via file / registry access) 18->78 39 Zip.exe 18->39         started        42 conhost.exe 23->42         started        44 conhost.exe 25->44         started        80 Tries to harvest and steal browser information (history, passwords, etc) 27->80 46 conhost.exe 29->46         started        48 conhost.exe 33->48         started        50 conhost.exe 35->50         started        52 conhost.exe 37->52         started        54 conhost.exe 37->54         started        file9 signatures10 process11 signatures12 82 Multi AV Scanner detection for dropped file 39->82 84 Machine Learning detection for dropped file 39->84

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    DRMS_Tender_No._P500-2023-102.exe78%ReversingLabsByteCode-MSIL.Trojan.AveMariaRAT
                    DRMS_Tender_No._P500-2023-102.exe72%VirustotalBrowse
                    DRMS_Tender_No._P500-2023-102.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\Zip.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\LUHgPxjH.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\Zip.exe42%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\AppData\Local\Temp\Zip.exe61%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\LUHgPxjH.exe78%ReversingLabsByteCode-MSIL.Trojan.AveMariaRAT
                    C:\Users\user\AppData\Roaming\LUHgPxjH.exe72%VirustotalBrowse
                    C:\Users\user\Desktop\Newtonsoft.Json.dll0%ReversingLabs
                    C:\Users\user\Desktop\Newtonsoft.Json.dll0%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://james.newtonking.com/projects/json0%URL Reputationsafe
                    http://purl.oen0%URL Reputationsafe
                    http://www.biopharmzpharma.com/Maxwhite/100%Avira URL Cloudmalware
                    https://gomorrah.pw0%Avira URL Cloudsafe
                    http://www.biopharmzpharma.com/Maxwhite/16%VirustotalBrowse
                    https://gomorrah.pw3%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ip-api.com
                    		208.95.112.1
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://ip-api.com/json/false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://ac.ecosia.org/autocomplete?q=LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabLUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoLUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://ip-api.comDRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.00000000036A6000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003162000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8302000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8354000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8312000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB831D000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8348000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1624744958.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003411000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.biopharmzpharma.com/Maxwhite/update_232312.exe, 0000001D.00000002.1719369686.00000000047E6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • 16%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ecosia.org/newtab/LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDRMS_Tender_No._P500-2023-102.exe, 00000000.00000002.1465298214.0000000002631000.00000004.00000800.00020000.00000000.sdmp, DRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3902155839.0000000003131000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 00000008.00000002.1491644409.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB8271000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000012.00000002.1630187359.0000000002914000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1624744958.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 0000001D.00000002.1697902719.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003411000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000400E000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.000000000405C000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3937427734.0000000004040000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://gomorrah.pwLUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3901670213.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, Zip.exe, 0000000E.00000002.1531982303.0000020AB837F000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1624744958.0000000002B64000.00000004.00000800.00020000.00000000.sdmp, update_232312.exe, 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, update_232312.exe, 00000022.00000002.1689258165.0000000003445000.00000004.00000800.00020000.00000000.sdmp, info.txt.7.drfalse
                                              • 3%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll0.7.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://purl.oenDRMS_Tender_No._P500-2023-102.exe, 00000007.00000002.3989484205.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, LUHgPxjH.exe, 0000000D.00000002.3959916627.000000000735A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              208.95.112.1
                                              		ip-api.comUnited States
                                              		53334TUT-ASUSfalse

                                              General Information

                                              Joe Sandbox Version:38.0.0 Ammolite
                                              Analysis ID:1330490
                                              Start date and time:2023-10-23 12:44:13 +02:00
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 13m 11s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:47
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:1
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample file name:DRMS_Tender_No._P500-2023-102.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@39/33@1/1
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 99%
                                              • Number of executed functions: 496
                                              • Number of non-executed functions: 28
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, WmiPrvSE.exe, svchost.exe
                                              • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              12:45:09API Interceptor8442374x Sleep call for process: DRMS_Tender_No._P500-2023-102.exe modified
                                              12:45:11Task SchedulerRun new task: LUHgPxjH path: C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                              12:45:11API Interceptor35x Sleep call for process: powershell.exe modified
                                              12:45:12API Interceptor7856559x Sleep call for process: LUHgPxjH.exe modified
                                              12:45:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Defender Updater C:\Users\user\AppData\Local\Temp\update_232312.exe / start
                                              12:45:16API Interceptor26x Sleep call for process: Zip.exe modified
                                              12:45:23AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Defender Updater C:\Users\user\AppData\Local\Temp\update_232312.exe / start
                                              12:45:25API Interceptor19x Sleep call for process: update_232312.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              208.95.112.1vZFGXiTg6o.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                              • ip-api.com/line/?fields=hosting
                                              SecuriteInfo.com.BackDoor.Quasar.1.1234.11747.exeGet hashmaliciousBlackshadesBrowse
                                              • ip-api.com/json/
                                              xeC7cROikxmJ.exeGet hashmaliciousQuasarBrowse
                                              • ip-api.com/json/
                                              Ref-231017AF-Payment-Details.jsGet hashmaliciousAgentTesla, WSHRATBrowse
                                              • ip-api.com/json/
                                              New_DHL_Shipment_Document_Arrival_Notice_Shipping_Documents_Original_BL,_Invoice_&_Packing_List.jsGet hashmaliciousWSHRat, VjW0rmBrowse
                                              • ip-api.com/json/
                                              WXzp6KMJ7i.exeGet hashmaliciousDCRat, Raccoon Stealer v2, RedLineBrowse
                                              • ip-api.com/line/?fields=hosting
                                              Payment_Copy.docx.vbsGet hashmaliciousAgentTesla, WSHRATBrowse
                                              • ip-api.com/json/
                                              RYwCwF604X.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              1697173443391df00c7408a96b6f171c3665fb615c66daa3825087c6632b5d286d07b6b591233.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              W7z1Z5tra2.exeGet hashmaliciousRedLine, WSHRATBrowse
                                              • ip-api.com/json/
                                              J1LICQ1PqV.exeGet hashmaliciousUnknownBrowse
                                              • ip-api.com/line/?fields=hosting
                                              Fekubiv.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • ip-api.com/json/?fields=11827
                                              Fekubiv.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • ip-api.com/json/?fields=11827
                                              2Elynyru.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • ip-api.com/json/?fields=11827
                                              16970164832f46ccf1ed8cbfb3a428dcf1a37a26fdb5f110b9d4713c4435d7b67ec0a18b61185.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              sample.exeGet hashmaliciousXWormBrowse
                                              • ip-api.com/line/?fields=hosting
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • ip-api.com/line/?fields=hosting
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • ip-api.com/line/?fields=hosting
                                              final_Invoice_and_P.O.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              UxFJn80MIy.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                              • ip-api.com/json/?fields=225545

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              ip-api.comvZFGXiTg6o.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                              • 208.95.112.1
                                              nej4vdHX1w.exeGet hashmaliciousAmadey, Glupteba, LummaC Stealer, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                              • 208.95.112.1
                                              SecuriteInfo.com.BackDoor.Quasar.1.1234.11747.exeGet hashmaliciousBlackshadesBrowse
                                              • 208.95.112.1
                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                              • 208.95.112.1
                                              TSiDou7y4f.exeGet hashmaliciousAmadey, LummaC Stealer, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                              • 208.95.112.1
                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Mystic Stealer, RedLine, SmokeLoader, XmrigBrowse
                                              • 208.95.112.1
                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Mystic Stealer, RedLine, SmokeLoader, XmrigBrowse
                                              • 208.95.112.1
                                              pdf-92837.xlsxGet hashmaliciousUnknownBrowse
                                              • 208.95.112.2
                                              xeC7cROikxmJ.exeGet hashmaliciousQuasarBrowse
                                              • 208.95.112.1
                                              Ref-231017AF-Payment-Details.jsGet hashmaliciousAgentTesla, WSHRATBrowse
                                              • 208.95.112.1
                                              https://app.donorview.com/Communication/Click?prm=uEvQjbLyROfQy1XICroxZgnn6zkK-jxszv3c-V7QVTzbyWCRnwEo72rfjdFLOn6LD-AbzGoObSWvJEDMZH3l_sAl_z1NUhFuXl1zt3juOmIcN_J3w3rrSbzKkTErDNu48wmAjuOwMWYFji5HSlNfrNvlQzfcdYndFW3XpMVPR1ahJlmQEYNAysRt4-YWnhMQPXKbA4Diq5MECXxH0hT8_be4LADzMz-s1ZJP8a9qn301&target=https://calm-snowflake-5721.on.fleek.co/#lauren.walsh@ifcfilms.com%20https://app.donorview.com/Communication/Click?prm=uEvQjbLyROfQy1XICroxZgnn6zkK-jxszv3c-V7QVTzbyWCRnwEo72rfjdFLOn6LD-AbzGoObSWvJEDMZH3l_sAl_z1NUhFuXl1zt3juOmIcN_J3w3rrSbzKkTErDNu48wmAjuOwMWYFji5HSlNfrNvlQzfcdYndFW3XpMVPR1ahJlmQEYNAysRt4-YWnhMQPXKbA4Diq5MECXxH0hT8_be4LADzMz-s1ZJP8a9qn301&target=https://calm-snowflake-5721.on.fleek.co/#lauren.walsh@ifcfilms.comGet hashmaliciousHTMLPhisherBrowse
                                              • 208.95.112.2
                                              New_DHL_Shipment_Document_Arrival_Notice_Shipping_Documents_Original_BL,_Invoice_&_Packing_List.jsGet hashmaliciousWSHRat, VjW0rmBrowse
                                              • 208.95.112.1
                                              WXzp6KMJ7i.exeGet hashmaliciousDCRat, Raccoon Stealer v2, RedLineBrowse
                                              • 208.95.112.1
                                              Payment_Copy.docx.vbsGet hashmaliciousAgentTesla, WSHRATBrowse
                                              • 208.95.112.1
                                              message.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 208.95.112.2
                                              Gsk-Lux.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 208.95.112.2
                                              RYwCwF604X.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • 208.95.112.1
                                              1697173443391df00c7408a96b6f171c3665fb615c66daa3825087c6632b5d286d07b6b591233.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • 208.95.112.1
                                              W7z1Z5tra2.exeGet hashmaliciousRedLine, WSHRATBrowse
                                              • 208.95.112.1
                                              J1LICQ1PqV.exeGet hashmaliciousUnknownBrowse
                                              • 208.95.112.1

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              TUT-ASUSvZFGXiTg6o.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                              • 208.95.112.1
                                              SecuriteInfo.com.BackDoor.Quasar.1.1234.11747.exeGet hashmaliciousBlackshadesBrowse
                                              • 208.95.112.1
                                              pdf-92837.xlsxGet hashmaliciousUnknownBrowse
                                              • 208.95.112.2
                                              pdf-92837.xlsxGet hashmaliciousUnknownBrowse
                                              • 208.95.112.2
                                              xeC7cROikxmJ.exeGet hashmaliciousQuasarBrowse
                                              • 208.95.112.1
                                              Ref-231017AF-Payment-Details.jsGet hashmaliciousAgentTesla, WSHRATBrowse
                                              • 208.95.112.1
                                              https://app.donorview.com/Communication/Click?prm=uEvQjbLyROfQy1XICroxZgnn6zkK-jxszv3c-V7QVTzbyWCRnwEo72rfjdFLOn6LD-AbzGoObSWvJEDMZH3l_sAl_z1NUhFuXl1zt3juOmIcN_J3w3rrSbzKkTErDNu48wmAjuOwMWYFji5HSlNfrNvlQzfcdYndFW3XpMVPR1ahJlmQEYNAysRt4-YWnhMQPXKbA4Diq5MECXxH0hT8_be4LADzMz-s1ZJP8a9qn301&target=https://calm-snowflake-5721.on.fleek.co/#lauren.walsh@ifcfilms.com%20https://app.donorview.com/Communication/Click?prm=uEvQjbLyROfQy1XICroxZgnn6zkK-jxszv3c-V7QVTzbyWCRnwEo72rfjdFLOn6LD-AbzGoObSWvJEDMZH3l_sAl_z1NUhFuXl1zt3juOmIcN_J3w3rrSbzKkTErDNu48wmAjuOwMWYFji5HSlNfrNvlQzfcdYndFW3XpMVPR1ahJlmQEYNAysRt4-YWnhMQPXKbA4Diq5MECXxH0hT8_be4LADzMz-s1ZJP8a9qn301&target=https://calm-snowflake-5721.on.fleek.co/#lauren.walsh@ifcfilms.comGet hashmaliciousHTMLPhisherBrowse
                                              • 208.95.112.2
                                              New_DHL_Shipment_Document_Arrival_Notice_Shipping_Documents_Original_BL,_Invoice_&_Packing_List.jsGet hashmaliciousWSHRat, VjW0rmBrowse
                                              • 208.95.112.1
                                              WXzp6KMJ7i.exeGet hashmaliciousDCRat, Raccoon Stealer v2, RedLineBrowse
                                              • 208.95.112.1
                                              Payment_Copy.docx.vbsGet hashmaliciousAgentTesla, WSHRATBrowse
                                              • 208.95.112.1
                                              message.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 208.95.112.2
                                              Gsk-Lux.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 208.95.112.2
                                              RYwCwF604X.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • 208.95.112.1
                                              1697173443391df00c7408a96b6f171c3665fb615c66daa3825087c6632b5d286d07b6b591233.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                              • 208.95.112.1
                                              W7z1Z5tra2.exeGet hashmaliciousRedLine, WSHRATBrowse
                                              • 208.95.112.1
                                              J1LICQ1PqV.exeGet hashmaliciousUnknownBrowse
                                              • 208.95.112.1
                                              Fekubiv.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 208.95.112.1
                                              Fekubiv.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 208.95.112.1
                                              2Elynyru.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 208.95.112.1
                                              gr.zipGet hashmaliciousUnknownBrowse
                                              • 208.95.112.1

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dllSecuriteInfo.com.Win32.PWSX-gen.23246.19502.exeGet hashmaliciousPredatorBrowse
                                                FedExInvoice013.exeGet hashmaliciousPredatorBrowse
                                                  https://cdn.discordapp.com/attachments/897446870190800920/1077789889103405057/REVISED_PO.zipGet hashmaliciousPredatorBrowse
                                                    REVISED PURCHASE ORDER.HTMLGet hashmaliciousPredatorBrowse
                                                      DHL #109#.exeGet hashmaliciousPredatorBrowse
                                                        5VXh2VBmA0.exeGet hashmaliciousPredatorBrowse
                                                          nwY3YpWQVx.exeGet hashmaliciousPredatorBrowse
                                                            5SUx8Md4kq.exeGet hashmaliciousPredatorBrowse
                                                              file.exeGet hashmaliciousPredatorBrowse
                                                                file.exeGet hashmaliciousPredatorBrowse
                                                                  file.exeGet hashmaliciousPredatorBrowse
                                                                    NicDx0BvqP.exeGet hashmaliciousPredatorBrowse
                                                                      ngyoL1siem.exeGet hashmaliciousPredatorBrowse
                                                                        SecuriteInfo.com.Exploit.ShellCode.69.5295.22971.rtfGet hashmaliciousPredatorBrowse
                                                                          AvtoKomander_Installer.msiGet hashmaliciousUnknownBrowse
                                                                            VFMPwzPWjM.exeGet hashmaliciousPredatorBrowse
                                                                              CpLGtq4jBl.exeGet hashmaliciousPredatorBrowse
                                                                                CpLGtq4jBl.exeGet hashmaliciousPredatorBrowse
                                                                                  5Qg0FFYoQd.exeGet hashmaliciousPredatorBrowse
                                                                                    IBK_Minervasoft.exeGet hashmaliciousUnknownBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Zip.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\Zip.exe
                                                                                      File Type:CSV text
                                                                                      Category:dropped
                                                                                      Size (bytes):2343
                                                                                      Entropy (8bit):5.3781939085865575
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:MxHKQwYHKGSI6o6+vxp3/ell1qHGIs0HKCtHTHhAHKKkBAmHKcAPHZHpHNpiHK+v:iqbYqGSI6o9Zp/ellwmj0qCtzHeqKkBT
                                                                                      MD5:5DD076E2F25FFD5822362D6B78DFB678
                                                                                      SHA1:DE1C29081F892E06C7AD99D93173A8EDF60E27B2
                                                                                      SHA-256:BE1B4BDD51820E50F0A7E751846A13C5D9BE7372294C8AAEE5CB4256F7551B2B
                                                                                      SHA-512:C3C5DEF9C48C7A2029F9AABB5F406953816080B7357F1698F89E647A5F17CC53573F76DAFD232207E5A81C698CE8FAA707882FAC5B5CAB90B8E0D264D6F5CE2E
                                                                                      Malicious:false
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_6

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DRMS_Tender_No._P500-2023-102.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1216
                                                                                      Entropy (8bit):5.34331486778365
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                      Malicious:false
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LUHgPxjH.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1216
                                                                                      Entropy (8bit):5.34331486778365
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                      Malicious:false
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\update_232312.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1216
                                                                                      Entropy (8bit):5.34331486778365
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                      Malicious:false
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):2232
                                                                                      Entropy (8bit):5.379238069165126
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:+WSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeoPUyus:+LHxvIIwLgZ2KRHWLOugYs
                                                                                      MD5:01217FC88E532E4576F9005CDDFD488F
                                                                                      SHA1:405D083AAEA73E79947C69661861928BAF9BBA43
                                                                                      SHA-256:9727D1C06F663BC20BD5AFD7DE4CC9DB9B2F7345076426872958F8801F353566
                                                                                      SHA-512:A9FECFC13B8F61D8D3B3E4FC371DA80C3EAA1EE8FF3DF5086EDB2C247FFDDF272163596816F1BA49009FBB24F0DE83F7972479698FD77450F81AF38DDCD814BE
                                                                                      Malicious:false
                                                                                      Preview:@...e.................................*..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                      C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):407776
                                                                                      Entropy (8bit):6.080910017085125
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:/+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWk:WPw2PjCLe3a6Q70zbR
                                                                                      MD5:F75FE8D06448D07720D5456F2A327F08
                                                                                      SHA1:DBA5D60848A7C24CE837225709D9E23690BB5CB3
                                                                                      SHA-256:977998AEC486395EABA6CE5661648425A1A181CE18C2C87C6288AF62B87D5ECA
                                                                                      SHA-512:EB05696F92881A698B7DEF0F8852286212A5EB235A2FF8A41460DEDBC6AE1964BFBEF613D3BEC736DF66525BF6E5A6C95FF5E0A71C904FA70B5C6675E2275A34
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                      Joe Sandbox View:
                                                                                      • Filename: SecuriteInfo.com.Win32.PWSX-gen.23246.19502.exe, Detection: malicious, Browse
                                                                                      • Filename: FedExInvoice013.exe, Detection: malicious, Browse
                                                                                      • Filename: , Detection: malicious, Browse
                                                                                      • Filename: REVISED PURCHASE ORDER.HTML, Detection: malicious, Browse
                                                                                      • Filename: DHL #109#.exe, Detection: malicious, Browse
                                                                                      • Filename: 5VXh2VBmA0.exe, Detection: malicious, Browse
                                                                                      • Filename: nwY3YpWQVx.exe, Detection: malicious, Browse
                                                                                      • Filename: 5SUx8Md4kq.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: NicDx0BvqP.exe, Detection: malicious, Browse
                                                                                      • Filename: ngyoL1siem.exe, Detection: malicious, Browse
                                                                                      • Filename: SecuriteInfo.com.Exploit.ShellCode.69.5295.22971.rtf, Detection: malicious, Browse
                                                                                      • Filename: AvtoKomander_Installer.msi, Detection: malicious, Browse
                                                                                      • Filename: VFMPwzPWjM.exe, Detection: malicious, Browse
                                                                                      • Filename: CpLGtq4jBl.exe, Detection: malicious, Browse
                                                                                      • Filename: CpLGtq4jBl.exe, Detection: malicious, Browse
                                                                                      • Filename: 5Qg0FFYoQd.exe, Detection: malicious, Browse
                                                                                      • Filename: IBK_Minervasoft.exe, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:Q.P...........!..................... ... ....... .......................`............@.................................\...O.... ..0................>...@......$................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H.......`e..............c..X...P .......................................R..p..4j../ux..;....B.6z.R...K.KT....i.r.p>.m~.p.?YQ.~16~v....J.h.}..k.......&...E....p..Ix..t;.uT7Ph..(.Rv:...y..qp...dX3...bu..{....*"..}....*V.(i.....(......}....*2.{....oj...*2.{....ok...*B..(....&..(....*...0...........oj........YE....{...............{...f...............f.......A...A...A...A...1...A...V...8<....t......{.....om...ol....or.....+U..om.....{.....o....oj...on.....o....o{...t.....o....o}.

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8.zip

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\Zip.exe
                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                      Category:dropped
                                                                                      Size (bytes):685086
                                                                                      Entropy (8bit):7.997687276660214
                                                                                      Encrypted:true
                                                                                      SSDEEP:12288:UtZrs7bAeuN9VBg2OuPNOQaHZWqgAk4NhMV2GG+GSBl5AJIWJMS9w6:UtZrs7kV+GXaHm0MVRpGSBlWJIWBR
                                                                                      MD5:8F9906CF75DF34C9610FFF0B41BF4ABC
                                                                                      SHA1:8E0A09DECE6487A052F33014390590016FD17FC2
                                                                                      SHA-256:3468B74BE5EF8ED24F8C34F541CB7127AFF6C784A8DC2A469D111BD1E48C5631
                                                                                      SHA-512:D320ADC1684956C732DA8F27EE3F1C0C02025D1B3CD45236C941097AA57333233A2D2EC0C34650AC75BA3CCA8EFD7FCF8D50DF77B04B28B90E1F6623A0B832F2
                                                                                      Malicious:false
                                                                                      Preview:PK.........eWW................Cards.txtPK.........eWW..._....r.......info.txt..1O.0..wK..7&.iHKTu.MEaH.Z.C..j^....M........7.ww...Vu..f.|..I...+.....y..*....g.7mj;8...J.4^....7\.LM,.f.T.........9g98O.S..b..)z)..E..<OS.#Kf)6...KIQRgyD.[.q..'.oVR...~...J...j.o....v.....[L&...j.~..G..PK.........eWW................Passwords.txtPK.........eWW...$...........ProgramList.txt...J.@......]*%...g.].E.T...I2..I&$.....N..7.E[.H...~s.7n.........5....M.!y.l...,.]?.+`,"..K!..|......\(.....8.Q*F9...1yg{[:X..I>.~@....1.........u.....~h...~.5D\.......Vw..'......t.C.......#=...Uj.AU.,.8....2]..u&....x.....0.....|_..4...B.....z.t..T.Ab..6.qG;.1..%.p1L......PK.........eWW.>..............ProsessList.txt.W.n.0..#.....R..[."..".B..E.$.x.......B.....cg.f.<.<w9.^[.N..9.f....tDvR..e.Fr.u.M.k.Z{...e(....r.....>%.g..W..*..c\43..0V....q.@.A.[..q.......url|...q...X.G....Y..?.A.k|\^.Ka<....{. @.._Al&B.......|.T..N..JR......."....c./.B....s.....P.$y.*..."E%~.%.JU.#v.E.{S*..N.."..

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8\Browsers\Chrome_Cookies.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):289
                                                                                      Entropy (8bit):5.809941724775416
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:Pk3rVc9xbiEv3rXmIrBNuYraqWTfqgqlB1Hwsv7OjPy:c7O9kEv7/BNuMWfqnym7O7y
                                                                                      MD5:79E06BF751CFD60DEAB80A00C0CB4213
                                                                                      SHA1:91B20D58AE126E274F19A2D7042F809897D27E03
                                                                                      SHA-256:FDB42A9E1190DFFD8538C493B78A1CB0A6B6153FEA0FB6C1E9FC07B45B125537
                                                                                      SHA-512:CC1C7711B8C41DDDAE23A73C03407BF3832F6941D3C0DC24A0BC4AA6B642BE4D8B05039D4526DF861D040833559326FD0943F5A006D73481081135973D645E2C
                                                                                      Malicious:false
                                                                                      Preview:.google.com.TRUE./.FALSE.13340967537946598.1P_JAR.2023-10-05-08...google.com.TRUE./.FALSE.13340967538131921.NID.511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE..

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8\Files\desktop.ini

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:modified
                                                                                      Size (bytes):282
                                                                                      Entropy (8bit):3.514693737970008
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlWygDAlLwkAl2FlRaQmZWGokJISlfY:QZsiL5wmHOlDmo0qmWvclLwr2FlDmo0I
                                                                                      MD5:9E36CC3537EE9EE1E3B10FA4E761045B
                                                                                      SHA1:7726F55012E1E26CC762C9982E7C6C54CA7BB303
                                                                                      SHA-256:4B9D687AC625690FD026ED4B236DAD1CAC90EF69E7AD256CC42766A065B50026
                                                                                      SHA-512:5F92493C533D3ADD10B4CE2A364624817EBD10E32DAA45EE16593E913073602DB5E339430A3F7D2C44ABF250E96CA4E679F1F09F8CA807D58A47CF3D5C9C3790
                                                                                      Malicious:false
                                                                                      Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.8.3.....

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8\ProgramList.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):752
                                                                                      Entropy (8bit):5.1306945589535875
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:c4cncPxaicxOKaioz+KcxLKaiccJ7GoG8aiccdBf8aiozPUycUZcKs/:c4cihcxOqI+KcxLqcWGoxczIPUNUZcKe
                                                                                      MD5:338F7B3CAFC87BB8F4BFD4224FEAA188
                                                                                      SHA1:6B12527597F02AA16C2BA7363A7D04E9E18E5D86
                                                                                      SHA-256:16158161682314569773E2EF9DD99EF2C6310378A887F99975087B1B18616878
                                                                                      SHA-512:1C9FDAF7DBE00428A0249F11903573E88B2FA41436B8E45BCE29B4F87CE0A5FC14CEBFB88EE3EDEDE76252F63E80E6B1C868AFA1D43FD7832BFA9BA7E082D3E9
                                                                                      Malicious:false
                                                                                      Preview:Application Name : Google Chrome....Version : 117.0.5938.132....Installed Date . 20231003....Application Name : Microsoft Edge....Version : 117.0.2045.47....Installed Date . 20231003....Application Name: Microsoft Edge Update....Application Name : Microsoft Edge WebView2 Runtime....Version : 117.0.2045.47....Installed Date . 20231003....Application Name : Java Auto Updater....Version : 2.8.381.9....Installed Date . 20231003....Application Name : Java 8 Update 381....Version : 8.0.3810.9....Installed Date . 20231003....Application Name: Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532....Application Name : Office 16 Click-to-Run Extensibility Component....Version : 16.0.16827.20130....Installed Date . 20231005....

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8\ProsessList.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):4544
                                                                                      Entropy (8bit):4.51754485816441
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:yiiHeZiGeisiSHp9iudi/9i11iiiuiuuiZ9/LiG7i9ii+qiiMJS7micb6iiiiiSN:0eodVcKpn0B
                                                                                      MD5:0321E55889478F0C45EFD69635BB9D88
                                                                                      SHA1:A608DAAC4FC7B49C291FF897FCF6B5C20EEEE357
                                                                                      SHA-256:D10B53B42C61AE542567CFE18D0B1C570AA83868F7BF3D971944585C706F8588
                                                                                      SHA-512:D43EB191A0FC9393D436CA89C239A22D61A6367109C133199FFEA57D794D15F30FDF49D294986A3FC4F883963DC16B6C3E7A52C009CC9A57E88C7FDEC80921BD
                                                                                      Malicious:false
                                                                                      Preview:Name : WmiPrvSE....Name : svchost....Name : DlFoDssgvLDUcSE....Name : DlFoDssgvLDUcSE....Name : DlFoDssgvLDUcSE....Name : svchost....Name : RuntimeBroker....Name : OfficeClickToRun....Name : DlFoDssgvLDUcSE....Name : DlFoDssgvLDUcSE....Name : StartMenuExperienceHost....Name : DlFoDssgvLDUcSE....Name : svchost....Name : svchost....Name : LUHgPxjH....Name : csrss....Name : ctfmon....Name : DlFoDssgvLDUcSE....Name : DlFoDssgvLDUcSE....Name : svchost....Name : dllhost....Name : DlFoDssgvLDUcSE....Name : DlFoDssgvLDUcSE....Name : WmiPrvSE....Name : svchost....Name : svchost....Name : svchost....Name : svchost....Name : svchost....Name : sihost....Name : svchost....Name : svchost....Name : DlFoDssgvLDUcSE....Name : svchost....Name : RuntimeBroker....Name : DlFoDssgvLDUcSE....Name : svchost....Name : DlFoDssgvLDUcSE....Name : fontdrvhost....Name : DlFoDssgvLDUcSE....Name : smartscreen....Name : DlFoDssgvLDUcSE....Name : DlFoDssgvLDUcSE....Name : TextInputHost....Name : fontdrvhost....Name : s

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8\Screenshot.png

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):698964
                                                                                      Entropy (8bit):7.926431659219831
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:VgXtZnFsKWTx47RdRF1L3eOQ/YCGC3ztuK67+3jyEsnUW0A:4td+JIRdteZ/oKv3IV
                                                                                      MD5:157D19CB4C303D42F1BCBEE76DD3A0C9
                                                                                      SHA1:1A79D535A1A5128B7291DB4D2057CB86F657D7D2
                                                                                      SHA-256:939C395C3EA99E44285F8C30339DDAB5CE6AD694DBE64993B554D6550BFA1E04
                                                                                      SHA-512:D8F96F4056AB1067C2FB0B2AD8094930F01B133D39C4E8ECD492122989369E89D5C01502F5095A1A561070A0F4CCF8CB1AA58F68953492EBB15CAC05210607E0
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....]....s.2=....oM..gf........i.i..$r.".mp.n.0.L..d..A..l.0....H"8..$....`......{.'.{..d_.zVU..V.s....O..w...0X^k.m.s.c+......R?.l...?..#........p.+.(>..e....$c..e.....^..3_J.Wl.h.~..1:j..8*.N...u..Sj...S......v`..S?...XP?am..AS;~MO..7r._]]14J..>;*.....r.......b(.~....'*...d....-..xG.>/........CO.N.0.i.^g.ZqmO.6B..Zg......C...o..S:.KN..=.-ca..c..8t.5.....s..q...39.S..@.>.`R..y.V0.:`e..........0.C...p.k.P...`..1..|@............M;..0e......}.N..S.g.s...7..{o..O..;.wbn..^...9w...+Bm..O|.>...|..{.......L,..N!/.k......}./K.........I{.......0..=..,Q...*6m.}a.^q....S...w...rW..4........KB}.;+..=.b[....7y.e.I...F.ZZb.O..uJ...w].Z....K......w&..sM...;....C;....8&'.....$.<bC;.}...}G..u{.O.1~......y;G.&...5}.^....C\.}.....V.I.b.v....OLy.8.....=.1.O...M...)...-).\].k1..i..q,..kN.1.)..5....}h....b......v.n....?..........6.)L.>...9...%..g...

                                                                                      C:\Users\user\AppData\Local\Temp\US_31FBB958C8\info.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):370
                                                                                      Entropy (8bit):4.708715853899114
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:9lHUXNqGCF2Rpj1hx0+A7JRXWQuZ3uGsLf15Ro1WcEuo8T:fbIpxXKRXWQOzsLN5RJcfV
                                                                                      MD5:71E79AAFCA678F7A190B5C0BA0A1188F
                                                                                      SHA1:412FEB36AFAE94054C49C23BDF332184E5821F10
                                                                                      SHA-256:FBB86B0E16B855CC6E1488DDB6E885CCD90B41A682AE8ED9B0793EFB1029363B
                                                                                      SHA-512:CA6C07CDC8526F52520E51E65C51C223A29998578484CFA5DC3D564633755C4FC002D97DA13AF00743494486F63A574F831BB2A50211FC11847E44D5029064B9
                                                                                      Malicious:false
                                                                                      Preview:PC Name : 468325..Operating System : Microsoft Windows 10 Pro..Anti virus : Windows Defender..Firewall : None..Processor : Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..Memory (RAM) : 8.00 GB..-----------------------------------------------------------------------..-------------Developed By th3darkly [ https://gomorrah.pw ]-------------

                                                                                      C:\Users\user\AppData\Local\Temp\Zip.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:modified
                                                                                      Size (bytes):32256
                                                                                      Entropy (8bit):5.043221621336474
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:efG95w+2ykc8OAJ60Lk24jXPlfa3XEV/5bIFfYpB3:RY+6c8Oc642XPr3
                                                                                      MD5:3AFD64484A2A34FC34D1155747DD3847
                                                                                      SHA1:451E1D878179F6FCFBAF9FA79D9EE8207489748F
                                                                                      SHA-256:BF78263914C6D3F84F825504536338FADD15868D788BF30D30613CA27ABEB7A9
                                                                                      SHA-512:D21A519C8867D569E56AC5C93CE861A72F6853E3A959467BF8E8779664F99B5E8BE76AD27E078935191C798AEA05891960E01D9A0D52E2A33D34EC5A58C00448
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 42%
                                                                                      • Antivirus: Virustotal, Detection: 61%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....eb.................D...6.......c... ........@.. ....................................`..................................b..W........1........................................................................... ............... ..H............text...$C... ...D.................. ..`.sdata..8............H..............@....rsrc....1.......2...J..............@..@.reloc...............|..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3uc5epj1.zim.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4o4s0mk.yqx.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_beaxvtdo.5ue.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eavwljor.cw1.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ee2dwict.0t3.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0ztukoo.2c5.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gad4bxzd.p1h.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdtmkyo2.apf.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h4yvlzgs.g14.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o2ktybal.ktl.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_put5giwo.zxn.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vvcb4pvu.02n.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\tmp474F.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):1581
                                                                                      Entropy (8bit):5.111520456527405
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNteDC0+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTsByv
                                                                                      MD5:FB51755C05957D71889EDAF1446AE286
                                                                                      SHA1:97C48B620D300ABD704EC5D4B4FA87D0C48F7A10
                                                                                      SHA-256:6A4DB9DE07FEA4FC0553738FB2EDD4047BFDDC379F5348C3FCD24489ABC55A02
                                                                                      SHA-512:13DD3807A2A74FA9DAF6E480ABE23A36205E98C22919C21531F990EF29732D80C996C0A639E3F127DFE1A6088F4D38A6340C4BBCE3E0DD2D4FF9531ACAB44004
                                                                                      Malicious:true
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                                      C:\Users\user\AppData\Local\Temp\tmp5038.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):1581
                                                                                      Entropy (8bit):5.111520456527405
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNteDC0+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTsByv
                                                                                      MD5:FB51755C05957D71889EDAF1446AE286
                                                                                      SHA1:97C48B620D300ABD704EC5D4B4FA87D0C48F7A10
                                                                                      SHA-256:6A4DB9DE07FEA4FC0553738FB2EDD4047BFDDC379F5348C3FCD24489ABC55A02
                                                                                      SHA-512:13DD3807A2A74FA9DAF6E480ABE23A36205E98C22919C21531F990EF29732D80C996C0A639E3F127DFE1A6088F4D38A6340C4BBCE3E0DD2D4FF9531ACAB44004
                                                                                      Malicious:false
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                                      C:\Users\user\AppData\Local\Temp\tmp866B.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):1581
                                                                                      Entropy (8bit):5.111520456527405
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNteDC0+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTsByv
                                                                                      MD5:FB51755C05957D71889EDAF1446AE286
                                                                                      SHA1:97C48B620D300ABD704EC5D4B4FA87D0C48F7A10
                                                                                      SHA-256:6A4DB9DE07FEA4FC0553738FB2EDD4047BFDDC379F5348C3FCD24489ABC55A02
                                                                                      SHA-512:13DD3807A2A74FA9DAF6E480ABE23A36205E98C22919C21531F990EF29732D80C996C0A639E3F127DFE1A6088F4D38A6340C4BBCE3E0DD2D4FF9531ACAB44004
                                                                                      Malicious:false
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                                      C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):1581
                                                                                      Entropy (8bit):5.111520456527405
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNteDC0+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTsByv
                                                                                      MD5:FB51755C05957D71889EDAF1446AE286
                                                                                      SHA1:97C48B620D300ABD704EC5D4B4FA87D0C48F7A10
                                                                                      SHA-256:6A4DB9DE07FEA4FC0553738FB2EDD4047BFDDC379F5348C3FCD24489ABC55A02
                                                                                      SHA-512:13DD3807A2A74FA9DAF6E480ABE23A36205E98C22919C21531F990EF29732D80C996C0A639E3F127DFE1A6088F4D38A6340C4BBCE3E0DD2D4FF9531ACAB44004
                                                                                      Malicious:false
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                                      C:\Users\user\AppData\Roaming\LUHgPxjH.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):957440
                                                                                      Entropy (8bit):7.983133177885842
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:UpCvo/Sfhf/+5SxYn89JnMKFpn/9IUI7ighRKA2E4jKk:iX2f/LxYnonMKHn/9K71hRjrq
                                                                                      MD5:2E450823DB1430464EFB84F8074CC84F
                                                                                      SHA1:88C86734E5DE9F22154CA8C55CD141B2068E922F
                                                                                      SHA-256:50E8E741266264CB161B567F8DBCD65BF8CDCFEA296C9807DC00A9CAE853B8FE
                                                                                      SHA-512:20C2EEDBA61F776D90636AD6DAE668AD9222C5ECA9A69437587317321E3116591250B8327FD41079F892EF021FC7D37035DD1FB20617D2C8331FDAB376973C2B
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 78%
                                                                                      • Antivirus: Virustotal, Detection: 72%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'e..............0..x..."........... ........@.. ....................................@.................................<...O.......D............................................................................ ............... ..H............text....w... ...x.................. ..`.rsrc...D........ ...z..............@..@.reloc..............................@..B................p.......H........I..(8......c...4.................................................(....*.0..-.......~....- r...p.....(....o....s...........~....*.~....*.......*.0..........(....rG..p~....o......t....*.~....*..(....*Vs....( ...t.........*....0..)........{.........(!...t......|......(...+...3.*....0..)........{.........(#...t......|......(...+...3.*"..(T...*...0..=........{B...o$....+...(%......o&.....(&...-...........o'.....(....*............(......N.{B....o(....(....*.0..i...........

                                                                                      C:\Users\user\AppData\Roaming\LUHgPxjH.exe:Zone.Identifier

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):26
                                                                                      Entropy (8bit):3.95006375643621
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                      Malicious:false
                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                      C:\Users\user\Desktop\Newtonsoft.Json.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):407776
                                                                                      Entropy (8bit):6.080910017085125
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:/+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWk:WPw2PjCLe3a6Q70zbR
                                                                                      MD5:F75FE8D06448D07720D5456F2A327F08
                                                                                      SHA1:DBA5D60848A7C24CE837225709D9E23690BB5CB3
                                                                                      SHA-256:977998AEC486395EABA6CE5661648425A1A181CE18C2C87C6288AF62B87D5ECA
                                                                                      SHA-512:EB05696F92881A698B7DEF0F8852286212A5EB235A2FF8A41460DEDBC6AE1964BFBEF613D3BEC736DF66525BF6E5A6C95FF5E0A71C904FA70B5C6675E2275A34
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:Q.P...........!..................... ... ....... .......................`............@.................................\...O.... ..0................>...@......$................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H.......`e..............c..X...P .......................................R..p..4j../ux..;....B.6z.R...K.KT....i.r.p>.m~.p.?YQ.~16~v....J.h.}..k.......&...E....p..Ix..t;.uT7Ph..(.Rv:...y..qp...dX3...bu..{....*"..}....*V.(i.....(......}....*2.{....oj...*2.{....ok...*B..(....&..(....*...0...........oj........YE....{...............{...f...............f.......A...A...A...A...1...A...V...8<....t......{.....om...ol....or.....+U..om.....{.....o....oj...on.....o....o{...t.....o....o}.

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.983133177885842
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      File name:DRMS_Tender_No._P500-2023-102.exe
                                                                                      File size:957'440 bytes
                                                                                      MD5:2e450823db1430464efb84f8074cc84f
                                                                                      SHA1:88c86734e5de9f22154ca8c55cd141b2068e922f
                                                                                      SHA256:50e8e741266264cb161b567f8dbcd65bf8cdcfea296c9807dc00a9cae853b8fe
                                                                                      SHA512:20c2eedba61f776d90636ad6dae668ad9222c5eca9a69437587317321e3116591250b8327fd41079f892ef021fc7d37035dd1fb20617d2c8331fdab376973c2b
                                                                                      SSDEEP:24576:UpCvo/Sfhf/+5SxYn89JnMKFpn/9IUI7ighRKA2E4jKk:iX2f/LxYnonMKHn/9K71hRjrq
                                                                                      TLSH:DB152302B76D83B7C53709F95A1960A70BF01741381DEEEACCA660F93E83B62C5C6957
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'e..............0..x..."........... ........@.. ....................................@................................

                                                                                      File Icon

                                                                                      Icon Hash:7c67ec8cef774b79

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x4e978e
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x652792C8 [Thu Oct 12 06:31:36 2023 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xe973c0x4f.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xea0000x1e44.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xec0000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xe96040x1c.text
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000xe77940xe7800False0.9780969475566955data7.987200098333319IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0xea0000x1e440x2000False0.84912109375data7.209028069497585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0xec0000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0xea0c80x19e4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.971937235968618
                                                                                      RT_GROUP_ICON0xebabc0x14data1.05
                                                                                      RT_VERSION0xebae00x360data0.4201388888888889

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Network Behavior

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Oct 23, 2023 12:45:12.760406017 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:12.853933096 CEST8049708208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:12.854043007 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:12.854928017 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:12.956814051 CEST8049708208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:13.009418011 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:13.439694881 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:13.535259962 CEST8049708208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:13.587532997 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.150115013 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.156358957 CEST4971080192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.243347883 CEST8049708208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:15.246870041 CEST4970880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.249979019 CEST8049710208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:15.251540899 CEST4971080192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.251540899 CEST4971080192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.251607895 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.344702959 CEST8049711208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:15.344841957 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.345238924 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.347039938 CEST8049710208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:15.405813932 CEST4971080192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:15.440942049 CEST8049711208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:15.493830919 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:16.390969992 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:16.486640930 CEST8049711208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:16.540661097 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:17.679398060 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:17.772236109 CEST8049714208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:17.772341967 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:17.774266005 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:17.869446993 CEST8049714208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:17.915662050 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:18.321120977 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:18.416269064 CEST8049714208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:18.462626934 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:18.533293009 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:18.628751040 CEST8049714208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:18.681315899 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:20.928172112 CEST4971480192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:28.907350063 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:29.000281096 CEST8049718208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:29.000351906 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:29.000602961 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:29.096105099 CEST8049718208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:29.150129080 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:29.504012108 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:29.599409103 CEST8049718208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:29.650127888 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:29.895807981 CEST4971880192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:35.152746916 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:35.246037006 CEST8049722208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:35.246129990 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:35.246408939 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:35.341909885 CEST8049722208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:35.525012016 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:35.841605902 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:35.947988033 CEST8049722208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:45:36.118210077 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:36.267569065 CEST4972280192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:45:50.664619923 CEST8049710208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:46:50.962744951 CEST8049711208.95.112.1192.168.2.8
                                                                                      Oct 23, 2023 12:46:50.962815046 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:46:56.493982077 CEST4971180192.168.2.8208.95.112.1
                                                                                      Oct 23, 2023 12:46:56.587186098 CEST8049711208.95.112.1192.168.2.8

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Oct 23, 2023 12:45:12.658329964 CEST6077653192.168.2.81.1.1.1
                                                                                      Oct 23, 2023 12:45:12.752818108 CEST53607761.1.1.1192.168.2.8

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Oct 23, 2023 12:45:12.658329964 CEST192.168.2.81.1.1.10x1fb6Standard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Oct 23, 2023 12:45:12.752818108 CEST1.1.1.1192.168.2.80x1fb6No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • ip-api.com

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.849708208.95.112.180C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 23, 2023 12:45:12.854928017 CEST0OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Oct 23, 2023 12:45:12.956814051 CEST1INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:12 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 60
                                                                                      X-Rl: 44
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}
                                                                                      Oct 23, 2023 12:45:13.439694881 CEST1OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Oct 23, 2023 12:45:13.535259962 CEST1INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:12 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 59
                                                                                      X-Rl: 43
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.849710208.95.112.180C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 23, 2023 12:45:15.251540899 CEST2OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Oct 23, 2023 12:45:15.347039938 CEST4INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:14 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 57
                                                                                      X-Rl: 42
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      2192.168.2.849711208.95.112.180C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 23, 2023 12:45:15.345238924 CEST3OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Oct 23, 2023 12:45:15.440942049 CEST4INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:14 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 57
                                                                                      X-Rl: 41
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}
                                                                                      Oct 23, 2023 12:45:16.390969992 CEST15OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Oct 23, 2023 12:45:16.486640930 CEST16INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:15 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 56
                                                                                      X-Rl: 40
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      3192.168.2.849714208.95.112.180C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 23, 2023 12:45:17.774266005 CEST16OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Oct 23, 2023 12:45:17.869446993 CEST17INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:17 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 55
                                                                                      X-Rl: 39
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}
                                                                                      Oct 23, 2023 12:45:18.321120977 CEST17OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Oct 23, 2023 12:45:18.416269064 CEST17INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:17 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 54
                                                                                      X-Rl: 38
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}
                                                                                      Oct 23, 2023 12:45:18.533293009 CEST18OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Oct 23, 2023 12:45:18.628751040 CEST18INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:17 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 54
                                                                                      X-Rl: 37
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      4192.168.2.849718208.95.112.180C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 23, 2023 12:45:29.000602961 CEST31OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Oct 23, 2023 12:45:29.096105099 CEST62INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:28 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 43
                                                                                      X-Rl: 36
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}
                                                                                      Oct 23, 2023 12:45:29.504012108 CEST63OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Oct 23, 2023 12:45:29.599409103 CEST64INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:28 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 43
                                                                                      X-Rl: 35
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      5192.168.2.849722208.95.112.180C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 23, 2023 12:45:35.246408939 CEST71OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Oct 23, 2023 12:45:35.341909885 CEST72INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:34 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 37
                                                                                      X-Rl: 34
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}
                                                                                      Oct 23, 2023 12:45:35.841605902 CEST72OUTGET /json/ HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Oct 23, 2023 12:45:35.947988033 CEST72INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Oct 2023 10:45:35 GMT
                                                                                      Content-Type: application/json; charset=utf-8
                                                                                      Content-Length: 288
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 37
                                                                                      X-Rl: 33
                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 43 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 7a 69 70 22 3a 22 35 36 39 37 32 22 2c 22 6c 61 74 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 22 3a 2d 37 37 2e 30 33 36 35 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 41 53 31 37 34 22 2c 22 6f 72 67 22 3a 22 22 2c 22 61 73 22 3a 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"DC","regionName":"District of Columbia","city":"Washington","zip":"56972","lat":38.894,"lon":-77.0365,"timezone":"America/New_York","isp":"AS174","org":"","as":"AS174 Cogent Communications","query":"154.16.49.82"}


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:12:45:08
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      Imagebase:0x140000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Predator, Description: Yara detected Predator, Source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1466076060.00000000038CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Predator, Description: Yara detected Predator, Source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1466076060.000000000437D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:12:45:10
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Imagebase:0xa40000
                                                                                      File size:433'152 bytes
                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:12:45:10
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:12:45:10
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp474F.tmp
                                                                                      Imagebase:0xb10000
                                                                                      File size:187'904 bytes
                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:12:45:10
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:12:45:10
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\DRMS_Tender_No._P500-2023-102.exe
                                                                                      Imagebase:0xe50000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3902155839.0000000003180000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:12:45:11
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Imagebase:0x710000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 78%, ReversingLabs
                                                                                      • Detection: 72%, Virustotal, Browse
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:12:45:12
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp5038.tmp
                                                                                      Imagebase:0xb10000
                                                                                      File size:187'904 bytes
                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:12:45:13
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:12:45:13
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Imagebase:0x340000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:12:45:13
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Imagebase:0x5f0000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.3901670213.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:14
                                                                                      Start time:12:45:15
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\Zip.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\Zip.exe"
                                                                                      Imagebase:0x20ab6300000
                                                                                      File size:32'256 bytes
                                                                                      MD5 hash:3AFD64484A2A34FC34D1155747DD3847
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 42%, ReversingLabs
                                                                                      • Detection: 61%, Virustotal, Browse
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:15
                                                                                      Start time:12:45:23
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                                                                                      Imagebase:0x8d0000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:18
                                                                                      Start time:12:45:23
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                                                                                      Imagebase:0x410000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:12:45:26
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Imagebase:0xa40000
                                                                                      File size:433'152 bytes
                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:21
                                                                                      Start time:12:45:26
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:22
                                                                                      Start time:12:45:26
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp866B.tmp
                                                                                      Imagebase:0xb10000
                                                                                      File size:187'904 bytes
                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:23
                                                                                      Start time:12:45:26
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:24
                                                                                      Start time:12:45:27
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Imagebase:0x680000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Predator, Description: Yara detected Predator, Source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.1620228473.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:27
                                                                                      Start time:12:45:31
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                                                                                      Imagebase:0x5e0000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:29
                                                                                      Start time:12:45:31
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\update_232312.exe" / start
                                                                                      Imagebase:0x330000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:30
                                                                                      Start time:12:45:32
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LUHgPxjH.exe
                                                                                      Imagebase:0xa40000
                                                                                      File size:433'152 bytes
                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:31
                                                                                      Start time:12:45:32
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:32
                                                                                      Start time:12:45:32
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LUHgPxjH" /XML "C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp
                                                                                      Imagebase:0xb10000
                                                                                      File size:187'904 bytes
                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:33
                                                                                      Start time:12:45:32
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6ee680000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:34
                                                                                      Start time:12:45:33
                                                                                      Start date:23/10/2023
                                                                                      Path:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\update_232312.exe
                                                                                      Imagebase:0xee0000
                                                                                      File size:957'440 bytes
                                                                                      MD5 hash:2E450823DB1430464EFB84F8074CC84F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:7.6%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:44
                                                                                        Total number of Limit Nodes:4
                                                                                        execution_graph 15994 254b190 15995 254b19f 15994->15995 15997 254b279 15994->15997 15998 254b282 15997->15998 15999 254b23e 15997->15999 16000 254b2bc 15998->16000 16006 254b510 15998->16006 16010 254b520 15998->16010 15999->15995 16000->15995 16001 254b4c0 GetModuleHandleW 16003 254b4ed 16001->16003 16002 254b2b4 16002->16000 16002->16001 16003->15995 16008 254b534 16006->16008 16007 254b559 16007->16002 16008->16007 16014 254ac90 16008->16014 16011 254b534 16010->16011 16012 254b559 16011->16012 16013 254ac90 LoadLibraryExW 16011->16013 16012->16002 16013->16012 16015 254b700 LoadLibraryExW 16014->16015 16017 254b779 16015->16017 16017->16007 16018 254d520 16019 254d566 GetCurrentProcess 16018->16019 16021 254d5b1 16019->16021 16022 254d5b8 GetCurrentThread 16019->16022 16021->16022 16023 254d5f5 GetCurrentProcess 16022->16023 16024 254d5ee 16022->16024 16025 254d62b 16023->16025 16024->16023 16026 254d653 GetCurrentThreadId 16025->16026 16027 254d684 16026->16027 16028 2544668 16029 2544672 16028->16029 16031 2544759 16028->16031 16032 254477d 16031->16032 16036 2544868 16032->16036 16040 2544859 16032->16040 16038 254488f 16036->16038 16037 254496c 16037->16037 16038->16037 16044 25444c4 16038->16044 16042 254488f 16040->16042 16041 254496c 16041->16041 16042->16041 16043 25444c4 CreateActCtxA 16042->16043 16043->16041 16045 25458f8 CreateActCtxA 16044->16045 16047 25459bb 16045->16047 16048 254d768 DuplicateHandle 16049 254d7fe 16048->16049

                                                                                        Executed Functions

                                                                                        Function 0254D512 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0254D59E
                                                                                        • GetCurrentThread.KERNEL32 ref: 0254D5DB
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0254D618
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0254D671
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: a09f6cffd8c1fb1dcd0cd0022a0a871233bbe879479ec0f23467eb8bc8f8d8a2
                                                                                        • Instruction ID: fff8114ef811eb161d32266c9f851f8b84edbc8dbb4f6549f2cc605931ba1742
                                                                                        • Opcode Fuzzy Hash: a09f6cffd8c1fb1dcd0cd0022a0a871233bbe879479ec0f23467eb8bc8f8d8a2
                                                                                        • Instruction Fuzzy Hash: B25168B0901749CFDB14DFA9D548BDEBBF1BF88308F248499E009A7361DB349944CB6A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254D520 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0254D59E
                                                                                        • GetCurrentThread.KERNEL32 ref: 0254D5DB
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0254D618
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0254D671
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: d880b79c4b39aa3b86c0c89d457c5e6a54e10da250fbf268c25b37bada9c501d
                                                                                        • Instruction ID: 9648325db32e80622a8dc783cfa8a923c82c827c7e4c88c18342b6298c59cee4
                                                                                        • Opcode Fuzzy Hash: d880b79c4b39aa3b86c0c89d457c5e6a54e10da250fbf268c25b37bada9c501d
                                                                                        • Instruction Fuzzy Hash: C65137B0901649CFDB14DFA9D548BDEFBF1BF88308F248459E419A7360DB349944CB6A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254B279 Relevance: 1.7, APIs: 1, Instructions: 217COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 45 254b279-254b280 46 254b282-254b297 45->46 47 254b23e-254b255 45->47 48 254b2c3-254b2c7 46->48 49 254b299-254b2a6 call 254ac2c 46->49 60 254b264-254b26c 47->60 61 254b257-254b262 47->61 50 254b2c9-254b2d3 48->50 51 254b2db-254b31c 48->51 58 254b2bc 49->58 59 254b2a8 49->59 50->51 62 254b31e-254b326 51->62 63 254b329-254b337 51->63 58->48 108 254b2ae call 254b510 59->108 109 254b2ae call 254b520 59->109 65 254b26f-254b274 60->65 61->65 62->63 66 254b339-254b33e 63->66 67 254b35b-254b35d 63->67 64 254b2b4-254b2b6 64->58 68 254b3f8-254b4b8 64->68 70 254b340-254b347 call 254ac38 66->70 71 254b349 66->71 69 254b360-254b367 67->69 103 254b4c0-254b4eb GetModuleHandleW 68->103 104 254b4ba-254b4bd 68->104 73 254b374-254b37b 69->73 74 254b369-254b371 69->74 72 254b34b-254b359 70->72 71->72 72->69 76 254b37d-254b385 73->76 77 254b388-254b391 call 254ac48 73->77 74->73 76->77 83 254b393-254b39b 77->83 84 254b39e-254b3a3 77->84 83->84 85 254b3a5-254b3ac 84->85 86 254b3c1-254b3c5 84->86 85->86 88 254b3ae-254b3be call 254ac58 call 254ac68 85->88 110 254b3c8 call 254b820 86->110 111 254b3c8 call 254b7f1 86->111 88->86 89 254b3cb-254b3ce 92 254b3d0-254b3ee 89->92 93 254b3f1-254b3f7 89->93 92->93 105 254b4f4-254b508 103->105 106 254b4ed-254b4f3 103->106 104->103 106->105 108->64 109->64 110->89 111->89
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0254B4DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 4fd84270e646cb2c0e1daadbe4d90b1cddb743b3f982d8336df25bdeb2d4978c
                                                                                        • Instruction ID: 916d806d758d0c59dbad2b1634f2c79fdada258f914aa3c6bf3aec9285b494c9
                                                                                        • Opcode Fuzzy Hash: 4fd84270e646cb2c0e1daadbe4d90b1cddb743b3f982d8336df25bdeb2d4978c
                                                                                        • Instruction Fuzzy Hash: 20816870A00B058FD764DF6AD04479ABBF2FF88308F008A2DD45ADBA50DB74E949CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 025458EC Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 112 25458ec-25459b9 CreateActCtxA 114 25459c2-2545a1c 112->114 115 25459bb-25459c1 112->115 122 2545a1e-2545a21 114->122 123 2545a2b-2545a2f 114->123 115->114 122->123 124 2545a40-2545a70 123->124 125 2545a31-2545a3d 123->125 129 2545a22-2545a27 124->129 130 2545a72-2545af4 124->130 125->124 129->123
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 025459A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 1fa81c8ab7f4dd1a5758dbc94d745b8ebf9fa61094e617f3c14e0f57ae7f177b
                                                                                        • Instruction ID: cdf95137130a3953afad7bc5cacd67ea0c1217f1062d510ffdcbd86188c15285
                                                                                        • Opcode Fuzzy Hash: 1fa81c8ab7f4dd1a5758dbc94d745b8ebf9fa61094e617f3c14e0f57ae7f177b
                                                                                        • Instruction Fuzzy Hash: B641CE70C00619CBEB24CFAAC884BDEFBB6BF49314F20816AD448AB251DB75594ACF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 025444C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 133 25444c4-25459b9 CreateActCtxA 136 25459c2-2545a1c 133->136 137 25459bb-25459c1 133->137 144 2545a1e-2545a21 136->144 145 2545a2b-2545a2f 136->145 137->136 144->145 146 2545a40-2545a70 145->146 147 2545a31-2545a3d 145->147 151 2545a22-2545a27 146->151 152 2545a72-2545af4 146->152 147->146 151->145
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 025459A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 2d9b18a697c8fc2e38df302a5a409cab7af72b2e5f9b3d8a6b7f849ea3c4f69a
                                                                                        • Instruction ID: f423e9d686d25d1fa02c09fada9909e58f04811fc9b760bec2537d5c870e2300
                                                                                        • Opcode Fuzzy Hash: 2d9b18a697c8fc2e38df302a5a409cab7af72b2e5f9b3d8a6b7f849ea3c4f69a
                                                                                        • Instruction Fuzzy Hash: 5041D070C00719CBEB24DFAAC844B8EFBF5BF49304F60806AD409AB251DB756949CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254D760 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 155 254d760-254d765 156 254d768-254d7fc DuplicateHandle 155->156 157 254d805-254d822 156->157 158 254d7fe-254d804 156->158 158->157
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0254D7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 9abaac3a3f0d0bc364b3da7ca4620ae44bdcb6a8bd25e1478d5bfa242c030f9c
                                                                                        • Instruction ID: cd02581a2d0fc681f6d4e2f3bce2a38a17065877a7667692a6ffce4a7f41767e
                                                                                        • Opcode Fuzzy Hash: 9abaac3a3f0d0bc364b3da7ca4620ae44bdcb6a8bd25e1478d5bfa242c030f9c
                                                                                        • Instruction Fuzzy Hash: 7A21F4B5900248EFDB10CFAAD884ADEFBF9EB48320F14805AE914A7310D379A940CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254D768 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 161 254d768-254d7fc DuplicateHandle 162 254d805-254d822 161->162 163 254d7fe-254d804 161->163 163->162
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0254D7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 03673a324e241fc50c682bf287da5d85467d51fa1fc484a9937f32414485aa8c
                                                                                        • Instruction ID: 2dcacf6908f2e5f530d945e4b494a31af30ba3c8a87502091e54da8349d8c3cc
                                                                                        • Opcode Fuzzy Hash: 03673a324e241fc50c682bf287da5d85467d51fa1fc484a9937f32414485aa8c
                                                                                        • Instruction Fuzzy Hash: D821F5B5900248DFDB10CFAAD984ADEFBF9FB48320F14801AE918A7350D378A940CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254AC90 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 166 254ac90-254b740 168 254b742-254b745 166->168 169 254b748-254b777 LoadLibraryExW 166->169 168->169 170 254b780-254b79d 169->170 171 254b779-254b77f 169->171 171->170
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0254B559,00000800,00000000,00000000), ref: 0254B76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 36209ec385e0d3f46b2fa3f808cd6c7b8942871e1c3e3358aeb88b0ababf9740
                                                                                        • Instruction ID: b5e05d2e4ca69bd534206ffc2abbc81215396e0454eae9d8a4fd3e517c62a8e0
                                                                                        • Opcode Fuzzy Hash: 36209ec385e0d3f46b2fa3f808cd6c7b8942871e1c3e3358aeb88b0ababf9740
                                                                                        • Instruction Fuzzy Hash: 281103B6D003089FDB10CFAAD444BDEFBF9BB48228F10842AD419A7200C779A545CFA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254B6F8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 174 254b6f8-254b740 176 254b742-254b745 174->176 177 254b748-254b777 LoadLibraryExW 174->177 176->177 178 254b780-254b79d 177->178 179 254b779-254b77f 177->179 179->178
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0254B559,00000800,00000000,00000000), ref: 0254B76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 61780d25cf4b0605e69bc11998f64f72fb2cc4164cca0a0ec401754bf2fa4802
                                                                                        • Instruction ID: 3596df7146e4e185fb8bfe523cf8197a6c760bbaafc0ff31fd57f4aaa70a8b12
                                                                                        • Opcode Fuzzy Hash: 61780d25cf4b0605e69bc11998f64f72fb2cc4164cca0a0ec401754bf2fa4802
                                                                                        • Instruction Fuzzy Hash: E01103B6C00348DFDB10CFAAD444BDEFBF9AB88624F14842AD419A7210C779A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254B478 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 182 254b478-254b4b8 183 254b4c0-254b4eb GetModuleHandleW 182->183 184 254b4ba-254b4bd 182->184 185 254b4f4-254b508 183->185 186 254b4ed-254b4f3 183->186 184->183 186->185
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0254B4DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 717694c4f4addab13de56bbc687d8ee0ab6049077315a9b7a1ad2251e7e28422
                                                                                        • Instruction ID: 3e490269face6561dd2f5a252d812a9748c98fda5d14baefac54ed3b731d3368
                                                                                        • Opcode Fuzzy Hash: 717694c4f4addab13de56bbc687d8ee0ab6049077315a9b7a1ad2251e7e28422
                                                                                        • Instruction Fuzzy Hash: 57110FB5C006498FDB20CF9AD444ADEFBF5AB88228F10841AD828A7210C779A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006CD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464031230.00000000006CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eabcd067afc67527a7e6170e4794e6d006142cc9970257f85c06a3009d3782cd
                                                                                        • Instruction ID: 36c0a1729b8913b40ea06be84ffa04532df6780cb379011b845d6b9bc7fdae43
                                                                                        • Opcode Fuzzy Hash: eabcd067afc67527a7e6170e4794e6d006142cc9970257f85c06a3009d3782cd
                                                                                        • Instruction Fuzzy Hash: 0D21CFB2504244EFDB15DF14D9C0F36BBA6FB88318F64C57DE9090B256C336D856CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0072D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464188127.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_72d000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e15be445403d5adf7c5aaeaf18c176b45a47d86f64653ab4190b386010d3dc8
                                                                                        • Instruction ID: ae62bb52d0b795fb4a760be02fb690b1570d6fe0c930dfb4a2f0fe7213d15a2d
                                                                                        • Opcode Fuzzy Hash: 6e15be445403d5adf7c5aaeaf18c176b45a47d86f64653ab4190b386010d3dc8
                                                                                        • Instruction Fuzzy Hash: AB212971504344EFDB25DF54E9C0B25BBA5FB84314F34C56DE8094B252C33ADC46CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0072D01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464188127.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_72d000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dcc85d1d0d9c84769e66f5e692f2ff5517454704760aa7a0cf26d770d71704a0
                                                                                        • Instruction ID: a0b9f74a75d4127d1787f676d0e50af473827d99ec083e2f0b47c7b347265919
                                                                                        • Opcode Fuzzy Hash: dcc85d1d0d9c84769e66f5e692f2ff5517454704760aa7a0cf26d770d71704a0
                                                                                        • Instruction Fuzzy Hash: A821D371604244DFDB34DF24E984B16BB65FB84314F24C569D8494B2A6C33ADC47CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006CD4BF Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464031230.00000000006CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction ID: c1c2d649ccc646577aa77ba470ebc981ee06d165d242f2897c1029966e374b2d
                                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction Fuzzy Hash: 6911AF76504280DFCB15CF10D9C4B66BF72FB94318F24C6ADD8494B656C336D856CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0072D017 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464188127.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_72d000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction ID: 7a1fb17592b1215e8106815d5164e128a5a3be9992025517fb395aa2702eeb2a
                                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction Fuzzy Hash: 63119D75504284DFCB25CF14E5C4B15FFA2FB88314F24C6AAD8494B666C33AD84ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0072D1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464188127.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_72d000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction ID: 10784f016b25f2082b862a34216900674c886c460adcac69bfe6482560ea5787
                                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction Fuzzy Hash: D3118B75904280DFDB15CF10D5C4B15FBA1FB84324F24C6A9D8498B696C33AD84ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006CD745 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464031230.00000000006CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fdb916018889a863935c44c99730e0edc3c295b046119ed416a1760c07723831
                                                                                        • Instruction ID: 35de1d7e2c2cf1fe4afc206acf8ececdc87272c59dc3f47718e93c4aadfed779
                                                                                        • Opcode Fuzzy Hash: fdb916018889a863935c44c99730e0edc3c295b046119ed416a1760c07723831
                                                                                        • Instruction Fuzzy Hash: C201F271004344ABE7205F65DD84FB7BB98EF81760F18C52EED084E282D2399801CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06C808AC Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1469974112.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6c80000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eb3449c76c3531a086e15e7f6159038f11bc61a1fb466d8bccc4dfe7fd2244eb
                                                                                        • Instruction ID: e296c0badba54a2acdaa2ebcd57c2559b9981a0a77ccfb1972d74bb76bf9c9ce
                                                                                        • Opcode Fuzzy Hash: eb3449c76c3531a086e15e7f6159038f11bc61a1fb466d8bccc4dfe7fd2244eb
                                                                                        • Instruction Fuzzy Hash: 8EF0F667B0D3D81FD32323B55C240567FB5DD9761570E41DFD086CB263D9449909C392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006CD744 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1464031230.00000000006CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dfedc811f49d271d2f04e111fc275943bd93c148615a588a8109b91c5b26b366
                                                                                        • Instruction ID: 53d8a27390cb1cc9751cc399e7b1c48515411f58cb2f14351b0356f38dd8b40c
                                                                                        • Opcode Fuzzy Hash: dfedc811f49d271d2f04e111fc275943bd93c148615a588a8109b91c5b26b366
                                                                                        • Instruction Fuzzy Hash: 48F06D71404344AEEB108E16D988FA2FFD8EB95734F18C46EED084E297D2799844CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06C80870 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1469974112.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6c80000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61ac84053c9d78995b3bdbf05a70ac5f9beb4f09a109f2839dac77d093ede3e6
                                                                                        • Instruction ID: 37a4a193ac4f4c6afcf55217a499c6648aaf7033ca991be18e2342971268fade
                                                                                        • Opcode Fuzzy Hash: 61ac84053c9d78995b3bdbf05a70ac5f9beb4f09a109f2839dac77d093ede3e6
                                                                                        • Instruction Fuzzy Hash: 17E020367086582FC33522A55414457BF659FC7315B09415FE04583202CA555804C3D5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06C80880 Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1469974112.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6c80000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: def093899cd224a085dcffe22bd4926ead6dde206edabd1ff66485f08ad4f588
                                                                                        • Instruction ID: cc107636576dad4d2a5421728f491eb0f188bebc6c102ad4f592791cad15cf5a
                                                                                        • Opcode Fuzzy Hash: def093899cd224a085dcffe22bd4926ead6dde206edabd1ff66485f08ad4f588
                                                                                        • Instruction Fuzzy Hash: 0AD0A73AB0492567C635365AB4145AFBBEEDFC9722B04402FE40A833008F766854C2E4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 06C80F10 Relevance: 1.9, Strings: 1, Instructions: 687COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1469974112.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_6c80000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: >:
                                                                                        • API String ID: 0-41300316
                                                                                        • Opcode ID: bc636588880b5e3e307be384413bd7fce99db731f705c4b0f7d4df75039ddb6b
                                                                                        • Instruction ID: 808895df6734941d291b932cecea3e5a46b1adc79aa9aaa3b6f87124a7f0073c
                                                                                        • Opcode Fuzzy Hash: bc636588880b5e3e307be384413bd7fce99db731f705c4b0f7d4df75039ddb6b
                                                                                        • Instruction Fuzzy Hash: 86D1AC71B013458FDBA9EB75C8207AAB7F6AF89708F18446DC046DBA90CF35D906CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0254E0AC Relevance: .3, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1465059013.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2540000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b7daecade7d42b7289cd43fe409b79b3af3d410047267916a6e39ff056ca2803
                                                                                        • Instruction ID: b2f3bab5445dcca274738b06425d14d26a28d6bf7377dc258f145d2577215597
                                                                                        • Opcode Fuzzy Hash: b7daecade7d42b7289cd43fe409b79b3af3d410047267916a6e39ff056ca2803
                                                                                        • Instruction Fuzzy Hash: A9A14C32E0021A9FCF09DFB9C84459EBBB2FF85308B15856AE805AB265DF35E915CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:16%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:1%
                                                                                        Total number of Nodes:1008
                                                                                        Total number of Limit Nodes:67
                                                                                        execution_graph 93355 8db21d8 93357 8db2201 93355->93357 93356 8db22f4 93357->93356 93358 8db22f6 93357->93358 93368 8db2266 93357->93368 93383 8dbc5e0 93358->93383 93387 8dbc5d0 93358->93387 93359 8db22a1 93360 8db22da 93359->93360 93374 8db05ac 93359->93374 93363 8db05ac SendMessageW 93360->93363 93361 8db2307 93370 8dbc5d0 SendMessageW 93361->93370 93371 8dbc5e0 SendMessageW 93361->93371 93365 8db22e6 93363->93365 93364 8db22cc 93379 8db05bc 93364->93379 93367 8db05bc SendMessageW 93365->93367 93367->93356 93368->93359 93391 8db059c SendMessageW 93368->93391 93370->93356 93371->93356 93376 8db05b7 93374->93376 93375 8dba58e 93375->93364 93376->93375 93392 8db94f8 93376->93392 93380 8db05c7 93379->93380 93381 8db94f8 SendMessageW 93380->93381 93382 8dba5f9 93381->93382 93382->93360 93384 8dbc5e5 93383->93384 93395 8db79d4 93384->93395 93388 8dbc5e0 93387->93388 93389 8db79d4 SendMessageW 93388->93389 93390 8dbc601 93389->93390 93390->93361 93391->93359 93393 8dba610 SendMessageW 93392->93393 93394 8dba5f9 93393->93394 93394->93364 93396 8dbc618 SendMessageW 93395->93396 93397 8dbc601 93396->93397 93397->93361 94100 15bd01c 94101 15bd034 94100->94101 94102 15bd08e 94101->94102 94104 8e99a51 SetTimer 94101->94104 94105 8e99a30 SetTimer 94101->94105 94106 5292adf 94101->94106 94104->94102 94105->94102 94107 5292af0 94106->94107 94111 5292b01 94107->94111 94117 5292b10 94107->94117 94108 5292afa 94108->94102 94112 5292b10 94111->94112 94123 5292f40 94112->94123 94132 5292ba4 94112->94132 94136 5292f30 94112->94136 94113 5292b26 94113->94108 94118 5292b1b 94117->94118 94120 5292f30 42 API calls 94118->94120 94121 5292f40 42 API calls 94118->94121 94122 5292ba4 41 API calls 94118->94122 94119 5292b26 94119->94108 94120->94119 94121->94119 94122->94119 94124 5292f6c 94123->94124 94129 5292f7d 94124->94129 94145 5293187 94124->94145 94149 5293198 94124->94149 94125 5292fe6 94125->94129 94153 5292b94 94125->94153 94127 5293004 94128 5292ba4 41 API calls 94127->94128 94128->94129 94129->94113 94133 5292baf 94132->94133 94179 529ab00 94133->94179 94137 5292f40 94136->94137 94142 5292f7d 94137->94142 94143 5293198 GetProcessWindowStation 94137->94143 94144 5293187 GetProcessWindowStation 94137->94144 94138 5292fe6 94139 5292b94 LoadLibraryExW 94138->94139 94138->94142 94140 5293004 94139->94140 94141 5292ba4 41 API calls 94140->94141 94141->94142 94142->94113 94143->94138 94144->94138 94146 5293198 94145->94146 94147 52931e0 GetProcessWindowStation 94146->94147 94148 5293208 94146->94148 94147->94148 94148->94125 94150 529319d 94149->94150 94151 52931e0 GetProcessWindowStation 94150->94151 94152 5293208 94150->94152 94151->94152 94152->94125 94154 5292b9f 94153->94154 94165 5292f18 94154->94165 94156 5293a4b 94170 5293560 94156->94170 94159 5293560 LoadLibraryExW 94160 5293a93 94159->94160 94161 5293560 LoadLibraryExW 94160->94161 94162 5293ab7 94161->94162 94163 5293560 LoadLibraryExW 94162->94163 94164 5293adb 94163->94164 94166 5292f23 94165->94166 94168 169726c LoadLibraryExW 94166->94168 94169 1698cd1 LoadLibraryExW 94166->94169 94167 5294e7b 94167->94156 94168->94167 94169->94167 94171 529356b 94170->94171 94174 52936e0 94171->94174 94173 5293a6f 94173->94159 94175 52936eb 94174->94175 94177 169726c LoadLibraryExW 94175->94177 94178 1698cd1 LoadLibraryExW 94175->94178 94176 52954d4 94176->94173 94177->94176 94178->94176 94180 529ab0b 94179->94180 94181 5293198 GetProcessWindowStation 94180->94181 94182 529c348 94180->94182 94186 529bffb 94181->94186 94243 8db72b0 94182->94243 94247 8db72a0 94182->94247 94183 529c072 GetCapture 94184 529c0b4 94183->94184 94185 529c0f5 GetActiveWindow 94184->94185 94188 529c12c 94185->94188 94186->94182 94186->94183 94187 529bf37 94187->94113 94188->94182 94189 529c29d 94188->94189 94194 529ab00 39 API calls 94188->94194 94200 529bf38 94188->94200 94221 529c708 94188->94221 94227 529c3bf 94188->94227 94232 529c718 94188->94232 94238 529c6c0 94188->94238 94196 8db7db9 28 API calls 94189->94196 94197 8db7dc8 28 API calls 94189->94197 94194->94189 94196->94182 94197->94182 94201 529bf48 94200->94201 94202 5293198 GetProcessWindowStation 94201->94202 94208 529c348 94201->94208 94205 529bffb 94202->94205 94203 529c072 GetCapture 94204 529c0b4 94203->94204 94206 529c0f5 GetActiveWindow 94204->94206 94205->94203 94205->94208 94207 529c12c 94206->94207 94207->94208 94210 529c29d 94207->94210 94211 529bf38 39 API calls 94207->94211 94212 529c708 36 API calls 94207->94212 94213 529c718 36 API calls 94207->94213 94214 529c3bf 36 API calls 94207->94214 94215 529ab00 39 API calls 94207->94215 94216 529c6c0 36 API calls 94207->94216 94219 8db72b0 36 API calls 94208->94219 94220 8db72a0 36 API calls 94208->94220 94209 529c703 94209->94189 94217 8db7db9 28 API calls 94210->94217 94218 8db7dc8 28 API calls 94210->94218 94211->94210 94212->94210 94213->94210 94214->94210 94215->94210 94216->94210 94217->94208 94218->94208 94219->94209 94220->94209 94222 529c6ba 94221->94222 94223 529c730 94222->94223 94225 8db72b0 36 API calls 94222->94225 94226 8db72a0 36 API calls 94222->94226 94224 529c703 94224->94189 94225->94224 94226->94224 94228 529c44b 94227->94228 94230 8db72b0 36 API calls 94228->94230 94231 8db72a0 36 API calls 94228->94231 94229 529c703 94229->94189 94230->94229 94231->94229 94233 529c6ba 94232->94233 94234 529c730 94233->94234 94236 8db72b0 36 API calls 94233->94236 94237 8db72a0 36 API calls 94233->94237 94235 529c703 94235->94189 94236->94235 94237->94235 94239 529c6d0 94238->94239 94241 8db72b0 36 API calls 94239->94241 94242 8db72a0 36 API calls 94239->94242 94240 529c703 94240->94189 94241->94240 94242->94240 94244 8db72d8 94243->94244 94251 8db6090 94244->94251 94246 8db72ed 94248 8db72d8 94247->94248 94249 8db6090 36 API calls 94248->94249 94250 8db72ed 94249->94250 94252 8db609b 94251->94252 94256 8db77ab 94252->94256 94257 8db7616 94252->94257 94260 8db630c 94252->94260 94253 8db630c 28 API calls 94254 8db7771 94253->94254 94254->94256 94265 adb5100 94254->94265 94275 adb50f0 94254->94275 94256->94246 94257->94253 94257->94254 94261 8db6317 94260->94261 94262 8db79ac 94261->94262 94263 8db7db9 28 API calls 94261->94263 94264 8db7dc8 28 API calls 94261->94264 94262->94257 94263->94262 94264->94262 94269 adb5165 94265->94269 94267 adb55c8 WaitMessage 94267->94269 94269->94267 94270 adb51b2 94269->94270 94285 adb56c8 PeekMessageW 94269->94285 94287 adb56c3 PeekMessageW 94269->94287 94289 adb5780 94269->94289 94293 adb5773 94269->94293 94297 adb4be0 94269->94297 94300 adb4c14 94269->94300 94270->94256 94279 adb5100 94275->94279 94276 adb4be0 KiUserCallbackDispatcher 94276->94279 94277 adb55c8 WaitMessage 94277->94279 94278 adb51b2 94278->94256 94279->94276 94279->94277 94279->94278 94280 adb4c14 DispatchMessageW 94279->94280 94281 adb56c8 PeekMessageW 94279->94281 94282 adb56c3 PeekMessageW 94279->94282 94283 adb5773 GetActiveWindow 94279->94283 94284 adb5780 GetActiveWindow 94279->94284 94280->94279 94281->94279 94282->94279 94283->94279 94284->94279 94286 adb573f 94285->94286 94286->94269 94288 adb573f 94287->94288 94288->94269 94290 adb5785 94289->94290 94291 adb57e6 GetActiveWindow 94290->94291 94292 adb57cd 94290->94292 94291->94292 94292->94269 94294 adb5780 94293->94294 94295 adb57e6 GetActiveWindow 94294->94295 94296 adb57cd 94294->94296 94295->94296 94296->94269 94298 adb5a68 KiUserCallbackDispatcher 94297->94298 94299 adb5adc 94298->94299 94299->94269 94301 adb5f40 DispatchMessageW 94300->94301 94302 adb5fac 94301->94302 94302->94269 94397 52927e0 94401 5292808 94397->94401 94406 52927f9 94397->94406 94403 5292836 94401->94403 94402 52928c1 94402->94402 94403->94402 94411 5292970 94403->94411 94418 5292961 94403->94418 94407 5292808 94406->94407 94408 52928c1 94407->94408 94409 5292961 4 API calls 94407->94409 94410 5292970 4 API calls 94407->94410 94409->94408 94410->94408 94412 52929c8 94411->94412 94413 5292982 94411->94413 94412->94402 94413->94412 94414 8e99a79 SetTimer 94413->94414 94415 8e99a51 SetTimer 94413->94415 94416 8e99a80 SetTimer 94413->94416 94417 8e99a30 SetTimer 94413->94417 94414->94412 94415->94412 94416->94412 94417->94412 94420 5292970 94418->94420 94419 52929c8 94419->94402 94420->94419 94421 8e99a79 SetTimer 94420->94421 94422 8e99a51 SetTimer 94420->94422 94423 8e99a80 SetTimer 94420->94423 94424 8e99a30 SetTimer 94420->94424 94421->94419 94422->94419 94423->94419 94424->94419 94336 8db2350 94337 8db2355 94336->94337 94338 8db234b 94337->94338 94340 8db24f8 2 API calls 94337->94340 94339 8db23d4 94340->94339 94341 79b1910 94342 79b1932 94341->94342 94343 169726c LoadLibraryExW 94341->94343 94344 1698cd1 LoadLibraryExW 94341->94344 94343->94342 94344->94342 94425 8db4410 94426 8db445b GetTextExtentPoint32W 94425->94426 94428 8db44a5 94426->94428 93398 5296d38 93400 5296d4b 93398->93400 93399 5296d4f 93400->93399 93401 5296da2 KiUserCallbackDispatcher 93400->93401 93401->93399 93402 169fd78 SetWindowLongW 93403 169fde4 93402->93403 94429 8dbbc08 94430 8dbbc2f 94429->94430 94431 8dbbc90 94430->94431 94432 169729c 28 API calls 94430->94432 94434 169cf77 94430->94434 94432->94431 94435 169cf88 94434->94435 94436 169c2fc 28 API calls 94435->94436 94437 169cfaf 94436->94437 94437->94431 94345 52942b1 94346 52942b6 94345->94346 94350 5296390 94346->94350 94354 5296381 94346->94354 94347 529456d 94351 52963d6 94350->94351 94352 52963e4 GetForegroundWindow 94351->94352 94353 529640c 94352->94353 94353->94347 94355 5296390 94354->94355 94356 52963e4 GetForegroundWindow 94355->94356 94357 529640c 94356->94357 94357->94347 94303 169fb30 94304 169fb98 CreateWindowExW 94303->94304 94306 169fc54 94304->94306 94307 8db2380 94309 8db2385 94307->94309 94308 8db23b0 94309->94308 94312 8db24f8 94309->94312 94310 8db23d4 94313 8db2508 94312->94313 94314 8db255e 94313->94314 94318 8db8d31 94313->94318 94322 8db8d38 94313->94322 94314->94310 94315 8db2559 94315->94310 94319 8db8d7a 94318->94319 94320 8db8d80 SetWindowTextW 94318->94320 94319->94320 94321 8db8db1 94320->94321 94321->94315 94323 8db8d7a 94322->94323 94324 8db8d80 SetWindowTextW 94322->94324 94323->94324 94325 8db8db1 94324->94325 94325->94315 94358 8dbbe40 94359 8dbbe85 GetClassInfoW 94358->94359 94361 8dbbecb 94359->94361 94438 79b0040 94439 79b006d 94438->94439 94446 79bb4f0 3 API calls 94439->94446 94440 79b04bc 94449 79bd368 94440->94449 94441 79b0522 94444 8db0850 GetCurrentThreadId 94441->94444 94445 8db0840 GetCurrentThreadId 94441->94445 94442 79b0fdf 94452 8db1de8 94442->94452 94443 79b11ab 94444->94442 94445->94442 94446->94440 94450 79b9250 3 API calls 94449->94450 94451 79bd37f 94450->94451 94451->94441 94453 8db1dfd 94452->94453 94454 8db1e7e 94453->94454 94459 79bdb88 94453->94459 94463 79bfd30 94453->94463 94467 79bfe58 94453->94467 94470 79bfe48 94453->94470 94454->94443 94460 79bdb93 94459->94460 94474 79bfe80 94460->94474 94464 79bfd77 94463->94464 94466 79bfe80 3 API calls 94464->94466 94465 79bfe6c 94465->94454 94466->94465 94469 79bfe80 3 API calls 94467->94469 94468 79bfe6c 94468->94454 94469->94468 94471 79bfded 94470->94471 94471->94470 94473 79bfe80 3 API calls 94471->94473 94472 79bfe6c 94472->94454 94473->94472 94475 79bfe85 94474->94475 94478 79bff63 94475->94478 94479 79bff84 94478->94479 94481 79bd368 3 API calls 94479->94481 94480 79bfe6c 94480->94454 94481->94480 93404 8dbdef8 93405 8dbdefd 93404->93405 93414 8dbc9e0 93405->93414 93407 8dbdf0f 93408 8dbdf68 93407->93408 93409 8dbdf1d 93407->93409 93410 8dbdf42 93407->93410 93412 8db94f8 SendMessageW 93409->93412 93410->93408 93411 8db94f8 SendMessageW 93410->93411 93411->93408 93413 8dbdf39 93412->93413 93415 8dbc9e5 93414->93415 93416 8dbc9f2 93415->93416 93421 8dbcb6e 93415->93421 93425 8dbcbc1 93415->93425 93430 8dbcbe8 93415->93430 93416->93407 93417 8dbca0c 93417->93407 93422 8dbcb72 93421->93422 93422->93417 93423 8db94f8 SendMessageW 93422->93423 93424 8dbcc09 93423->93424 93424->93417 93426 8dbcbd0 93425->93426 93427 8dbcbd5 93425->93427 93426->93417 93428 8db94f8 SendMessageW 93427->93428 93429 8dbcc09 93428->93429 93429->93417 93431 8dbcbf8 93430->93431 93432 8db94f8 SendMessageW 93431->93432 93433 8dbcc09 93432->93433 93433->93417 93434 adbc4f8 93435 adbc546 DrawTextExW 93434->93435 93437 adbc59e 93435->93437 93438 169d14d 93439 169d158 93438->93439 93442 8dbef60 93438->93442 93447 8dbef50 93438->93447 93444 8dbef65 93442->93444 93443 8dbefaf 93443->93439 93444->93443 93452 8dbf280 93444->93452 93457 8dbf270 93444->93457 93449 8dbef60 93447->93449 93448 8dbefaf 93448->93439 93449->93448 93450 8dbf280 28 API calls 93449->93450 93451 8dbf270 28 API calls 93449->93451 93450->93448 93451->93448 93453 8dbf285 93452->93453 93454 8dbf3d8 93453->93454 93462 14cd61b 93453->93462 93467 14cd60c 93453->93467 93454->93443 93458 8dbf280 93457->93458 93459 8dbf3d8 93458->93459 93460 14cd60c 28 API calls 93458->93460 93461 14cd61b 28 API calls 93458->93461 93459->93443 93460->93459 93461->93459 93463 14cd644 93462->93463 93464 14cd662 93463->93464 93472 8e90448 93463->93472 93500 8e90438 93463->93500 93464->93454 93471 14cd61b 93467->93471 93468 14cd662 93468->93454 93469 8e90448 28 API calls 93469->93471 93470 8e90438 28 API calls 93470->93471 93471->93468 93471->93469 93471->93470 93473 8e90478 93472->93473 93486 8e907a9 93473->93486 93528 8e9014c 93473->93528 93481 8e90808 93546 8f9812f 93481->93546 93550 8f98140 93481->93550 93482 8e90bcc 93554 8f988a8 93482->93554 93558 8f988b8 93482->93558 93483 8e90bef 93562 8f98a38 93483->93562 93566 8f98a28 93483->93566 93484 8e90bfc 93485 8e90e30 93484->93485 93570 5290190 93484->93570 93574 52901c0 93484->93574 93578 5291ec1 93485->93578 93583 5292202 93485->93583 93587 5292248 93485->93587 93593 5291e86 93485->93593 93599 5291ee0 93485->93599 93486->93463 93501 8e90478 93500->93501 93502 8e9014c MoveFileExW 93501->93502 93514 8e907a9 93501->93514 93503 8e907c5 93502->93503 93504 8e9015c 28 API calls 93503->93504 93505 8e907de 93504->93505 93506 8e9016c 28 API calls 93505->93506 93507 8e907f8 93506->93507 93508 8e9017c 28 API calls 93507->93508 93509 8e90808 93508->93509 93515 8f9812f LdrInitializeThunk 93509->93515 93516 8f98140 LdrInitializeThunk 93509->93516 93510 8e90bcc 93517 8f988b8 LdrInitializeThunk 93510->93517 93518 8f988a8 LdrInitializeThunk 93510->93518 93511 8e90bef 93519 8f98a38 LdrInitializeThunk 93511->93519 93520 8f98a28 LdrInitializeThunk 93511->93520 93512 8e90bfc 93513 8e90e30 93512->93513 93521 5290190 2 API calls 93512->93521 93522 52901c0 2 API calls 93512->93522 93523 5292248 MoveFileExW 93513->93523 93524 5291ec1 MoveFileExW 93513->93524 93525 5291ee0 MoveFileExW 93513->93525 93526 5292202 MoveFileExW 93513->93526 93527 5291e86 MoveFileExW 93513->93527 93514->93463 93515->93510 93516->93510 93517->93511 93518->93511 93519->93512 93520->93512 93521->93513 93522->93513 93523->93514 93524->93514 93525->93514 93526->93514 93527->93514 93529 8e90157 93528->93529 93604 8e95ac9 93529->93604 93532 8e9015c 93533 8e90167 93532->93533 93627 8db7dc8 93533->93627 93635 8db7db9 93533->93635 93534 8e907de 93537 8e9016c 93534->93537 93538 8e90177 93537->93538 93539 8e907f8 93538->93539 93731 8e95d34 93538->93731 93541 8e9017c 93539->93541 93542 8e90187 93541->93542 93543 8e97324 93542->93543 93759 8e97397 93542->93759 93773 8e973a8 93542->93773 93543->93481 93547 8f98140 LdrInitializeThunk 93546->93547 93549 8f981b2 93547->93549 93549->93482 93551 8f9815c LdrInitializeThunk 93550->93551 93553 8f981b2 93551->93553 93553->93482 93555 8f988d4 LdrInitializeThunk 93554->93555 93557 8f9892a 93555->93557 93557->93483 93559 8f988d4 LdrInitializeThunk 93558->93559 93561 8f9892a 93559->93561 93561->93483 93563 8f98a5f LdrInitializeThunk 93562->93563 93565 8f98ab3 93563->93565 93565->93484 93567 8f98a38 LdrInitializeThunk 93566->93567 93569 8f98ab3 93567->93569 93569->93484 93571 5290196 93570->93571 93571->93485 93934 5290ba0 93571->93934 93572 5290222 93572->93485 93575 52901c5 93574->93575 93577 5290ba0 2 API calls 93575->93577 93576 5290222 93576->93485 93577->93576 93580 5291ee0 93578->93580 93579 529212b 93580->93579 93957 5292628 93580->93957 93963 5292618 93580->93963 93969 5292228 93583->93969 93973 5292218 93583->93973 93584 5292216 93584->93486 93589 5292271 93587->93589 93588 5292275 93588->93486 93589->93588 93977 5292308 93589->93977 93981 5292318 93589->93981 93590 5292300 93590->93486 93594 5291e8a 93593->93594 93596 5291ef7 93593->93596 93594->93486 93595 529212b 93596->93595 93597 5292628 MoveFileExW 93596->93597 93598 5292618 MoveFileExW 93596->93598 93597->93596 93598->93596 93600 5291f0b 93599->93600 93601 529212b 93600->93601 93602 5292628 MoveFileExW 93600->93602 93603 5292618 MoveFileExW 93600->93603 93602->93600 93603->93600 93605 8e95ad0 93604->93605 93609 8e95f00 93605->93609 93616 8e95f10 93605->93616 93606 8e907c5 93606->93532 93610 8e95f3b 93609->93610 93614 8e95f00 MoveFileExW 93610->93614 93615 8e95f10 MoveFileExW 93610->93615 93611 8e95f59 93613 8e9600a 93611->93613 93623 8e95c04 93611->93623 93613->93606 93614->93611 93615->93611 93617 8e95f3b 93616->93617 93621 8e95f00 MoveFileExW 93617->93621 93622 8e95f10 MoveFileExW 93617->93622 93618 8e95f59 93619 8e95c04 MoveFileExW 93618->93619 93620 8e9600a 93618->93620 93619->93620 93620->93606 93621->93618 93622->93618 93625 8e96710 MoveFileExW 93623->93625 93626 8e967ac 93625->93626 93626->93613 93630 8db7dee 93627->93630 93628 8db7e02 93628->93534 93629 8db7eed 93629->93628 93631 8db79d4 SendMessageW 93629->93631 93630->93628 93643 169af58 93630->93643 93658 169af68 93630->93658 93673 169b3a0 93630->93673 93631->93628 93636 8db7dc8 93635->93636 93637 8db7e02 93636->93637 93640 169af68 28 API calls 93636->93640 93641 169af58 28 API calls 93636->93641 93642 169b3a0 28 API calls 93636->93642 93637->93534 93638 8db7eed 93638->93637 93639 8db79d4 SendMessageW 93638->93639 93639->93637 93640->93638 93641->93638 93642->93638 93644 169af5c 93643->93644 93645 169af68 27 API calls 93644->93645 93646 169aff0 93644->93646 93647 169b1f7 93645->93647 93646->93629 93648 169b3f7 93647->93648 93654 169b34a 93647->93654 93693 169a0fc GetFocus 93647->93693 93650 169b49f 93648->93650 93652 169b40f 93648->93652 93655 169b50b 93650->93655 93694 169729c 93650->93694 93653 169b49a KiUserCallbackDispatcher 93652->93653 93652->93655 93653->93655 93654->93629 93655->93654 93685 169c048 93655->93685 93689 169c058 93655->93689 93659 169af69 93658->93659 93660 169af68 27 API calls 93659->93660 93661 169aff0 93659->93661 93662 169b1f7 93660->93662 93661->93629 93663 169b3f7 93662->93663 93669 169b34a 93662->93669 93729 169a0fc GetFocus 93662->93729 93665 169b49f 93663->93665 93667 169b40f 93663->93667 93666 169729c 27 API calls 93665->93666 93670 169b50b 93665->93670 93666->93670 93668 169b49a KiUserCallbackDispatcher 93667->93668 93667->93670 93668->93670 93669->93629 93670->93669 93671 169c048 27 API calls 93670->93671 93672 169c058 27 API calls 93670->93672 93671->93669 93672->93669 93674 169b3a5 93673->93674 93675 169b3f7 93674->93675 93681 169b6aa 93674->93681 93730 169a0fc GetFocus 93674->93730 93677 169b49f 93675->93677 93679 169b40f 93675->93679 93678 169729c 27 API calls 93677->93678 93682 169b50b 93677->93682 93678->93682 93680 169b49a KiUserCallbackDispatcher 93679->93680 93679->93682 93680->93682 93682->93681 93683 169c048 27 API calls 93682->93683 93684 169c058 27 API calls 93682->93684 93683->93681 93684->93681 93686 169c04c 93685->93686 93687 169729c 28 API calls 93686->93687 93688 169c0b9 93686->93688 93687->93688 93688->93654 93690 169c059 93689->93690 93691 169c0b9 93690->93691 93692 169729c 28 API calls 93690->93692 93691->93654 93692->93691 93693->93648 93695 16972a7 93694->93695 93698 169c2fc 93695->93698 93697 169cfaf 93697->93655 93700 169c307 93698->93700 93699 169d158 93699->93697 93700->93699 93703 169d082 93700->93703 93710 8dbbd58 93700->93710 93714 8dbbd57 93700->93714 93719 169d180 93700->93719 93724 169d168 93700->93724 93701 169d121 93708 8dbef50 28 API calls 93701->93708 93709 8dbef60 28 API calls 93701->93709 93702 169c2fc 28 API calls 93702->93703 93703->93701 93703->93702 93708->93699 93709->93699 93712 169d168 LoadLibraryExW GetModuleHandleW 93710->93712 93713 169d180 LoadLibraryExW GetModuleHandleW 93710->93713 93711 8dbbd85 93712->93711 93713->93711 93715 8dbbd58 93714->93715 93717 169d168 LoadLibraryExW GetModuleHandleW 93715->93717 93718 169d180 LoadLibraryExW GetModuleHandleW 93715->93718 93716 8dbbd85 93717->93716 93718->93716 93721 169d181 93719->93721 93720 169d1bd 93720->93703 93721->93720 93722 169d4e8 LoadLibraryExW GetModuleHandleW 93721->93722 93723 169d4d8 LoadLibraryExW GetModuleHandleW 93721->93723 93722->93720 93723->93720 93725 169d174 93724->93725 93726 169d1bd 93725->93726 93727 169d4e8 LoadLibraryExW GetModuleHandleW 93725->93727 93728 169d4d8 LoadLibraryExW GetModuleHandleW 93725->93728 93726->93703 93727->93726 93728->93726 93729->93663 93730->93675 93732 8e95d3f 93731->93732 93733 8e97105 93732->93733 93734 8e97118 93732->93734 93739 169c1f8 93732->93739 93743 169ca30 93732->93743 93747 8db20e8 93733->93747 93751 8db20f8 93733->93751 93734->93539 93740 169c203 93739->93740 93741 169729c 28 API calls 93740->93741 93742 169cad5 93740->93742 93741->93742 93742->93733 93744 169ca3c 93743->93744 93745 169729c 28 API calls 93744->93745 93746 169cad5 93744->93746 93745->93746 93746->93733 93748 8db20f8 93747->93748 93755 8db056c 93748->93755 93750 8db210c 93750->93734 93752 8db2105 93751->93752 93753 8db056c KiUserCallbackDispatcher 93752->93753 93754 8db210c 93753->93754 93754->93734 93757 8db0577 93755->93757 93756 8db2150 93756->93750 93757->93756 93758 8db213c KiUserCallbackDispatcher 93757->93758 93758->93756 93762 8e973a8 93759->93762 93761 8e97539 93791 79ba488 93761->93791 93807 79ba6ba 93761->93807 93812 79ba477 93761->93812 93763 8e9746c 93762->93763 93828 8e95dec 93762->93828 93763->93761 93767 8e974cc GetCurrentThreadId 93763->93767 93768 8e974f7 93767->93768 93787 8e95dfc 93768->93787 93775 8e973ad 93773->93775 93774 8e9746c 93780 8e974cc GetCurrentThreadId 93774->93780 93783 8e97539 93774->93783 93775->93774 93776 8e95dec EnumThreadWindows 93775->93776 93776->93774 93777 8e95dec EnumThreadWindows 93778 8e97576 93777->93778 93778->93543 93779 8e9754a 93779->93777 93779->93778 93781 8e974f7 93780->93781 93782 8e95dfc EnumThreadWindows 93781->93782 93782->93783 93784 79ba6ba 27 API calls 93783->93784 93785 79ba488 27 API calls 93783->93785 93786 79ba477 27 API calls 93783->93786 93784->93779 93785->93779 93786->93779 93788 8e97690 EnumThreadWindows 93787->93788 93790 8e97710 93788->93790 93790->93761 93796 79ba48d 93791->93796 93792 79ba712 93792->93792 93793 79ba618 93797 169d168 2 API calls 93793->93797 93800 8dbbd58 2 API calls 93793->93800 93801 169d180 2 API calls 93793->93801 93802 8dbbd57 2 API calls 93793->93802 93843 8db8168 93793->93843 93863 8db8159 93793->93863 93794 79ba62e 93795 79ba6be 93794->93795 93883 8e99b10 93794->93883 93891 8e99b20 93794->93891 93796->93792 93796->93793 93796->93794 93833 8e97d38 93796->93833 93838 8e97d27 93796->93838 93797->93794 93800->93794 93801->93794 93802->93794 93808 79ba663 93807->93808 93809 79ba6be 93807->93809 93808->93807 93810 8e99b20 28 API calls 93808->93810 93811 8e99b10 28 API calls 93808->93811 93810->93808 93811->93808 93813 79ba488 93812->93813 93814 79ba712 93813->93814 93816 79ba62e 93813->93816 93817 8e97d38 2 API calls 93813->93817 93818 8e97d27 2 API calls 93813->93818 93821 79ba618 93813->93821 93814->93814 93815 79ba6be 93816->93815 93819 8e99b20 28 API calls 93816->93819 93820 8e99b10 28 API calls 93816->93820 93817->93813 93818->93813 93819->93816 93820->93816 93822 169d168 2 API calls 93821->93822 93823 8db8159 28 API calls 93821->93823 93824 8db8168 28 API calls 93821->93824 93825 8dbbd58 2 API calls 93821->93825 93826 169d180 2 API calls 93821->93826 93827 8dbbd57 2 API calls 93821->93827 93822->93816 93823->93816 93824->93816 93825->93816 93826->93816 93827->93816 93831 8e95df7 93828->93831 93829 8e9761f 93829->93763 93830 8e976de EnumThreadWindows 93832 8e97710 93830->93832 93831->93829 93831->93830 93832->93763 93835 8e97d3d 93833->93835 93834 8e97daa 93834->93796 93835->93834 93899 8e98290 93835->93899 93904 8e98280 93835->93904 93840 8e97d38 93838->93840 93839 8e97daa 93839->93796 93840->93839 93841 8e98280 2 API calls 93840->93841 93842 8e98290 2 API calls 93840->93842 93841->93839 93842->93839 93844 8db81a1 93843->93844 93846 8db823f 93844->93846 93852 169d168 2 API calls 93844->93852 93853 169d180 2 API calls 93844->93853 93845 8db056c KiUserCallbackDispatcher 93847 8db82bd 93845->93847 93846->93845 93848 8db83d5 93847->93848 93850 8db05ac SendMessageW 93847->93850 93854 169c1f8 28 API calls 93848->93854 93855 8db8428 93848->93855 93856 169ca30 28 API calls 93848->93856 93849 8db843c 93851 8db83c7 93850->93851 93909 8e99a80 SetTimer 93851->93909 93911 8e99a30 93851->93911 93917 8e99a51 93851->93917 93922 8e99a79 93851->93922 93852->93846 93853->93846 93854->93855 93857 8db20f8 KiUserCallbackDispatcher 93855->93857 93858 8db20e8 KiUserCallbackDispatcher 93855->93858 93856->93855 93857->93849 93858->93849 93864 8db81a1 93863->93864 93866 8db823f 93864->93866 93873 169d168 2 API calls 93864->93873 93874 169d180 2 API calls 93864->93874 93865 8db056c KiUserCallbackDispatcher 93870 8db82bd 93865->93870 93866->93865 93867 8db83d5 93868 8db8428 93867->93868 93875 169c1f8 28 API calls 93867->93875 93876 169ca30 28 API calls 93867->93876 93877 8db20f8 KiUserCallbackDispatcher 93868->93877 93878 8db20e8 KiUserCallbackDispatcher 93868->93878 93869 8db843c 93870->93867 93871 8db05ac SendMessageW 93870->93871 93872 8db83c7 93871->93872 93879 8e99a79 SetTimer 93872->93879 93880 8e99a51 SetTimer 93872->93880 93881 8e99a80 SetTimer 93872->93881 93882 8e99a30 SetTimer 93872->93882 93873->93866 93874->93866 93875->93868 93876->93868 93877->93869 93878->93869 93879->93867 93880->93867 93881->93867 93882->93867 93886 8e99b20 93883->93886 93884 8e99baf 93884->93794 93885 8e99b83 93885->93884 93887 79ba488 28 API calls 93885->93887 93888 79ba477 28 API calls 93885->93888 93886->93885 93925 8dbc061 93886->93925 93930 8dbc070 93886->93930 93887->93884 93888->93884 93894 8e99b25 93891->93894 93892 8e99baf 93892->93794 93893 8e99b83 93893->93892 93895 79ba488 28 API calls 93893->93895 93896 79ba477 28 API calls 93893->93896 93894->93893 93897 8dbc061 KiUserCallbackDispatcher 93894->93897 93898 8dbc070 KiUserCallbackDispatcher 93894->93898 93895->93892 93896->93892 93897->93893 93898->93893 93900 8e982a1 93899->93900 93901 8e982af 93900->93901 93902 169d168 2 API calls 93900->93902 93903 169d180 2 API calls 93900->93903 93901->93834 93902->93901 93903->93901 93905 8e982a1 93904->93905 93906 8e982af 93905->93906 93907 169d168 2 API calls 93905->93907 93908 169d180 2 API calls 93905->93908 93906->93834 93907->93906 93908->93906 93910 8e99aec 93909->93910 93910->93848 93912 8e99a40 93911->93912 93913 8e99a45 93911->93913 93912->93848 93914 8e99a5f 93913->93914 93915 8e99ad9 SetTimer 93913->93915 93914->93848 93916 8e99aec 93915->93916 93916->93848 93918 8e99a5f 93917->93918 93919 8e99ad0 SetTimer 93917->93919 93918->93848 93921 8e99aec 93919->93921 93921->93848 93923 8e99a80 SetTimer 93922->93923 93924 8e99aec 93923->93924 93924->93848 93927 8dbc09a 93925->93927 93926 8dbc0bc 93926->93885 93927->93926 93928 8dbc1aa 93927->93928 93929 8dbc17f KiUserCallbackDispatcher 93927->93929 93928->93885 93929->93928 93931 8dbc09a 93930->93931 93932 8dbc17f KiUserCallbackDispatcher 93931->93932 93933 8dbc0bc 93931->93933 93932->93933 93933->93885 93935 5290bad 93934->93935 93939 5290c19 93935->93939 93942 5290c28 93935->93942 93936 5290be8 93936->93572 93940 5290c36 93939->93940 93945 5290c51 93939->93945 93940->93936 93944 5290c51 2 API calls 93942->93944 93943 5290c36 93943->93936 93944->93943 93946 5290c6d 93945->93946 93947 5290c95 93945->93947 93946->93940 93953 5290c51 GlobalMemoryStatusEx 93947->93953 93954 5290d38 93947->93954 93948 5290cb6 93948->93940 93949 5290cb2 93949->93948 93950 5290d7e GlobalMemoryStatusEx 93949->93950 93951 5290dae 93950->93951 93951->93940 93953->93949 93955 5290d7e GlobalMemoryStatusEx 93954->93955 93956 5290dae 93955->93956 93956->93949 93958 529263a 93957->93958 93959 5292670 93957->93959 93958->93959 93961 8e95f00 MoveFileExW 93958->93961 93962 8e95f10 MoveFileExW 93958->93962 93959->93580 93960 52926a6 93960->93580 93961->93960 93962->93960 93964 5292670 93963->93964 93965 529263a 93963->93965 93964->93580 93965->93964 93967 8e95f00 MoveFileExW 93965->93967 93968 8e95f10 MoveFileExW 93965->93968 93966 52926a6 93966->93580 93967->93966 93968->93966 93970 5292232 93969->93970 93972 5292248 MoveFileExW 93970->93972 93971 5292240 93971->93584 93972->93971 93974 5292232 93973->93974 93976 5292248 MoveFileExW 93974->93976 93975 5292240 93975->93584 93976->93975 93978 5292318 93977->93978 93985 5292380 93978->93985 93982 529232c 93981->93982 93984 5292380 MoveFileExW 93982->93984 93983 5292360 93983->93590 93984->93983 93987 52923b0 93985->93987 93986 529243b 93988 5292360 93986->93988 93990 5292380 MoveFileExW 93986->93990 93987->93986 93987->93988 93989 5292380 MoveFileExW 93987->93989 93991 5292628 MoveFileExW 93987->93991 93992 5292618 MoveFileExW 93987->93992 93988->93590 93989->93987 93990->93986 93991->93987 93992->93987 93993 5298300 93994 5298316 93993->93994 93995 529836d 93994->93995 93999 5298380 93994->93999 94005 5298390 93994->94005 93996 5298337 94001 5298390 93999->94001 94000 529840a 94000->93996 94011 79bb520 94001->94011 94015 79bb4f0 94001->94015 94021 79bb510 94001->94021 94007 52983b0 94005->94007 94006 529840a 94006->93996 94008 79bb510 KiUserCallbackDispatcher 94007->94008 94009 79bb520 KiUserCallbackDispatcher 94007->94009 94010 79bb4f0 3 API calls 94007->94010 94008->94006 94009->94006 94010->94006 94012 79bb525 94011->94012 94013 79bb661 KiUserCallbackDispatcher 94012->94013 94014 79bb5d6 94012->94014 94013->94014 94016 79bb4f5 94015->94016 94019 79bb506 94016->94019 94026 79b9250 94016->94026 94018 79bb5d6 94019->94000 94019->94018 94020 79bb661 KiUserCallbackDispatcher 94019->94020 94020->94018 94022 79bb4ce 94021->94022 94023 79bb51e 94021->94023 94022->94000 94024 79bb5d6 94023->94024 94025 79bb661 KiUserCallbackDispatcher 94023->94025 94025->94024 94027 79b925b 94026->94027 94028 79bad00 94027->94028 94030 79bb510 KiUserCallbackDispatcher 94027->94030 94031 79bb520 KiUserCallbackDispatcher 94027->94031 94032 79bb4f0 3 API calls 94027->94032 94028->94019 94029 79bacca 94029->94019 94030->94029 94031->94029 94032->94029 94326 8db22b1 94327 8db22b6 94326->94327 94328 8db22da 94327->94328 94329 8db05ac SendMessageW 94327->94329 94330 8db05ac SendMessageW 94328->94330 94331 8db22cc 94329->94331 94332 8db22e6 94330->94332 94333 8db05bc SendMessageW 94331->94333 94334 8db05bc SendMessageW 94332->94334 94333->94328 94335 8db22f4 94334->94335 94362 529c786 94365 529abb4 94362->94365 94366 529abbf 94365->94366 94369 529cfa7 94366->94369 94370 529cff7 GetCurrentThreadId 94369->94370 94372 529d03d 94370->94372 94374 8e95dec EnumThreadWindows 94372->94374 94375 8e95dfc EnumThreadWindows 94372->94375 94377 8e975df 94372->94377 94373 529c793 94374->94373 94375->94373 94380 8e975f0 94377->94380 94378 8e9761f 94378->94373 94379 8e976de EnumThreadWindows 94381 8e97710 94379->94381 94380->94378 94380->94379 94381->94373 94033 5294618 94034 529462b 94033->94034 94042 8db0840 94034->94042 94053 8db0850 94034->94053 94035 529494d 94036 5294cda 94035->94036 94064 1698cd1 94035->94064 94069 169726c 94035->94069 94037 5294e7b 94044 8db0850 94042->94044 94043 8db08eb 94045 8db08f5 94043->94045 94051 8db0850 GetCurrentThreadId 94043->94051 94052 8db0840 GetCurrentThreadId 94043->94052 94044->94043 94046 8db0920 94044->94046 94045->94035 94050 8db0a24 94046->94050 94074 8db0464 94046->94074 94049 8db0464 GetCurrentThreadId 94049->94050 94050->94035 94051->94045 94052->94045 94055 8db0865 94053->94055 94054 8db08eb 94056 8db08f5 94054->94056 94062 8db0850 GetCurrentThreadId 94054->94062 94063 8db0840 GetCurrentThreadId 94054->94063 94055->94054 94057 8db0920 94055->94057 94056->94035 94058 8db0464 GetCurrentThreadId 94057->94058 94061 8db0a24 94057->94061 94059 8db0a48 94058->94059 94060 8db0464 GetCurrentThreadId 94059->94060 94060->94061 94061->94035 94062->94056 94063->94056 94065 1698ce0 94064->94065 94066 1698f93 94065->94066 94078 79b8b30 94065->94078 94083 79b8b20 94065->94083 94066->94037 94070 1697277 94069->94070 94071 1698f93 94070->94071 94072 79b8b30 LoadLibraryExW 94070->94072 94073 79b8b20 LoadLibraryExW 94070->94073 94071->94037 94072->94071 94073->94071 94075 8db046f 94074->94075 94076 8db0d6f GetCurrentThreadId 94075->94076 94077 8db0a48 94075->94077 94076->94077 94077->94049 94079 79b8b58 94078->94079 94080 79b8b9b 94079->94080 94088 169d7c9 94079->94088 94092 169d7d0 94079->94092 94080->94066 94084 79b8b30 94083->94084 94085 79b8b9b 94084->94085 94086 169d7c9 LoadLibraryExW 94084->94086 94087 169d7d0 LoadLibraryExW 94084->94087 94085->94066 94086->94085 94087->94085 94090 169d7d0 94088->94090 94089 169d809 94089->94080 94090->94089 94096 169c428 94090->94096 94093 169d7d5 94092->94093 94094 169c428 LoadLibraryExW 94093->94094 94095 169d809 94093->94095 94094->94095 94095->94080 94097 169d9b0 LoadLibraryExW 94096->94097 94099 169da29 94097->94099 94099->94089 94482 1697598 94483 1697599 GetCurrentProcess 94482->94483 94485 1697629 94483->94485 94486 1697630 GetCurrentThread 94483->94486 94485->94486 94487 169766d GetCurrentProcess 94486->94487 94488 1697666 94486->94488 94489 16976a3 94487->94489 94488->94487 94493 1697768 94489->94493 94490 16976cb GetCurrentThreadId 94491 16976fc 94490->94491 94494 169776c 94493->94494 94495 16977e7 DuplicateHandle 94494->94495 94497 1697773 94494->94497 94496 1697876 94495->94496 94496->94490 94497->94490 94498 1696d98 94499 1696d99 94498->94499 94500 1696db9 94499->94500 94503 1696e08 94499->94503 94509 1696ecf 94499->94509 94504 1696e0c 94503->94504 94515 169706b 94504->94515 94519 16970d0 94504->94519 94523 1697078 94504->94523 94505 1696f39 94505->94500 94510 1696ed4 94509->94510 94512 1697078 28 API calls 94510->94512 94513 169706b 28 API calls 94510->94513 94514 16970d0 28 API calls 94510->94514 94511 1696f39 94511->94500 94512->94511 94513->94511 94514->94511 94516 1697072 94515->94516 94518 16970bf 94516->94518 94527 1696ad0 94516->94527 94518->94505 94520 1697089 94519->94520 94521 16970bf 94520->94521 94522 1696ad0 28 API calls 94520->94522 94521->94505 94522->94521 94524 1697079 94523->94524 94525 1696ad0 28 API calls 94524->94525 94526 16970bf 94524->94526 94525->94526 94526->94505 94528 1696ad5 94527->94528 94530 1697dd8 94528->94530 94531 169725c 94528->94531 94530->94530 94532 1697267 94531->94532 94533 169726c LoadLibraryExW 94532->94533 94534 1697e47 94533->94534 94543 169af68 28 API calls 94534->94543 94544 169af58 28 API calls 94534->94544 94545 169b3a0 28 API calls 94534->94545 94547 169b5a4 94534->94547 94535 1697e56 94552 169728c 94535->94552 94537 1697e70 94538 169729c 28 API calls 94537->94538 94539 1697e77 94538->94539 94541 169d168 2 API calls 94539->94541 94542 169d180 2 API calls 94539->94542 94540 1697e81 94540->94530 94541->94540 94542->94540 94543->94535 94544->94535 94545->94535 94549 169b5c1 94547->94549 94548 169b6aa 94549->94548 94550 169c048 28 API calls 94549->94550 94551 169c058 28 API calls 94549->94551 94550->94548 94551->94548 94555 1697297 94552->94555 94553 169c1f8 28 API calls 94554 169c8ec 94553->94554 94554->94537 94555->94553 94556 169c8f1 94555->94556 94556->94537 94557 d926468 94558 d925c60 5 API calls 94557->94558 94559 d926477 94557->94559 94558->94559 94562 d9264ab 94559->94562 94566 d925c60 94559->94566 94563 d9264dd 94564 d925c60 5 API calls 94565 d9264fe 94564->94565 94567 d925c65 GetKeyState 94566->94567 94569 d925cc0 GetKeyState 94567->94569 94571 d925d05 GetKeyState 94569->94571 94572 d925d4a GetKeyState 94571->94572 94574 d925d8f GetKeyState 94572->94574 94576 d925dd4 94574->94576 94576->94563 94576->94564 94382 8db8460 94383 8db8465 94382->94383 94384 8db847e 94383->94384 94385 8db84c0 94383->94385 94388 8db8483 94383->94388 94384->94388 94389 8db7b88 94384->94389 94385->94388 94393 8db7c28 94385->94393 94391 8db7b93 94389->94391 94390 8dbab4f 94390->94388 94391->94390 94392 8db056c KiUserCallbackDispatcher 94391->94392 94392->94390 94394 8db7c33 94393->94394 94395 8db7b88 KiUserCallbackDispatcher 94394->94395 94396 8dbb5a0 94395->94396 94396->94388

                                                                                        Executed Functions

                                                                                        Function 0529AB00 Relevance: 3.6, APIs: 2, Instructions: 559COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 65 529ab00-529bfad 69 529bfb3-529bfc0 65->69 70 529c495-529c4fe call 5295820 65->70 73 529c505-529c55c call 5295820 69->73 74 529bfc6-529bfd0 69->74 70->73 78 529c563-529c5ba call 5295820 73->78 74->78 79 529bfd6-529bfe0 74->79 81 529c5c1-529c618 call 5295820 78->81 79->81 82 529bfe6-529bff0 79->82 84 529c61f-529c67c call 5295820 81->84 82->84 85 529bff6-529bffd call 5293198 82->85 97 529c683-529c6ce call 52959b0 84->97 85->97 98 529c003-529c007 85->98 154 529c6d0-529c6d4 97->154 155 529c6d5-529c6fc 97->155 101 529c009-529c03e 98->101 102 529c05e-529c0b2 GetCapture 98->102 101->102 129 529c040-529c04f 101->129 126 529c0bb-529c0c9 102->126 127 529c0b4-529c0ba 102->127 133 529c0cb-529c0f0 call 529ab20 126->133 134 529c0f5-529c12a GetActiveWindow 126->134 127->126 129->102 143 529c051-529c05b call 529ab10 129->143 133->134 138 529c12c-529c132 134->138 139 529c133-529c144 134->139 138->139 146 529c153 139->146 147 529c146-529c151 139->147 143->102 153 529c156-529c188 146->153 147->153 164 529c18a-529c190 153->164 165 529c19d-529c1c0 153->165 154->155 242 529c6fe call 8db72b0 155->242 243 529c6fe call 8db72a0 155->243 164->165 167 529c192-529c198 call 529ab2c 164->167 172 529c288-529c292 165->172 173 529c1c6-529c1d0 165->173 167->165 170 529c703-529c707 174 529c29d-529c2c0 172->174 175 529c294 172->175 173->172 178 529c1d6-529c209 173->178 180 529c2c8-529c2d6 174->180 181 529c2c2-529c2c5 174->181 234 529c297 call 529bf38 175->234 235 529c297 call 529c708 175->235 236 529c297 call 529c718 175->236 237 529c297 call 529c3bf 175->237 238 529c297 call 529ab00 175->238 239 529c297 call 529c6c0 175->239 185 529c3db-529c46a call 5295820 call 529ab2c 178->185 186 529c20f-529c27e 178->186 187 529c2d8-529c2e6 180->187 188 529c30c-529c31a 180->188 181->180 185->70 186->172 187->188 193 529c2e8-529c30a call 529ab3c 187->193 194 529c338-529c33f 188->194 195 529c31c-529c32a 188->195 193->194 240 529c345 call 8db7db9 194->240 241 529c345 call 8db7dc8 194->241 195->194 202 529c32c-529c333 call 529ab3c 195->202 200 529c348-529c358 208 529c35a-529c364 200->208 209 529c3ad-529c3bc 200->209 202->194 214 529c3a2-529c3a7 208->214 215 529c366-529c379 call 529ab48 208->215 209->185 231 529c3aa call 8e98448 214->231 232 529c3aa call 8e98438 214->232 233 529c3aa call 8e986c5 214->233 215->214 221 529c37b-529c39d call 529ab58 215->221 221->214 231->209 232->209 233->209 234->174 235->174 236->174 237->174 238->174 239->174 240->200 241->200 242->170 243->170
                                                                                        APIs
                                                                                          • Part of subcall function 05293198: GetProcessWindowStation.USER32(?,?,?,?,00000E20,?,?,0529BFFB), ref: 052931F5
                                                                                        • GetCapture.USER32 ref: 0529C09E
                                                                                        • GetActiveWindow.USER32 ref: 0529C116
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveCaptureProcessStation
                                                                                        • String ID:
                                                                                        • API String ID: 2779997428-0
                                                                                        • Opcode ID: 759400e2ef6377277ad269033290a84241205787cb14474204ca7f5b33619ab2
                                                                                        • Instruction ID: 08c4034d99eba15e993dcb3888c789951e1894a7e68d34819adb1d971aa0354b
                                                                                        • Opcode Fuzzy Hash: 759400e2ef6377277ad269033290a84241205787cb14474204ca7f5b33619ab2
                                                                                        • Instruction Fuzzy Hash: 90225B70B102058FDB18EBB9C9547AEBBF6BFC8200F64816DD409AB395DF349D819B51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0529BF38 Relevance: 3.3, APIs: 2, Instructions: 317COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 244 529bf38-529bf46 245 529bf48-529bf4c 244->245 246 529bf4d-529bfad 244->246 245->246 247 529bfb3-529bfc0 246->247 248 529c495-529c4fe call 5295820 246->248 251 529c505-529c55c call 5295820 247->251 252 529bfc6-529bfd0 247->252 248->251 256 529c563-529c5ba call 5295820 251->256 252->256 257 529bfd6-529bfe0 252->257 259 529c5c1-529c618 call 5295820 256->259 257->259 260 529bfe6-529bff0 257->260 262 529c61f-529c67c call 5295820 259->262 260->262 263 529bff6-529bffd call 5293198 260->263 275 529c683-529c6ce call 52959b0 262->275 263->275 276 529c003-529c007 263->276 332 529c6d0-529c6d4 275->332 333 529c6d5-529c6fc 275->333 279 529c009-529c03e 276->279 280 529c05e-529c0b2 GetCapture 276->280 279->280 307 529c040-529c04f 279->307 304 529c0bb-529c0c9 280->304 305 529c0b4-529c0ba 280->305 311 529c0cb-529c0f0 call 529ab20 304->311 312 529c0f5-529c12a GetActiveWindow 304->312 305->304 307->280 321 529c051-529c05b call 529ab10 307->321 311->312 316 529c12c-529c132 312->316 317 529c133-529c144 312->317 316->317 324 529c153 317->324 325 529c146-529c151 317->325 321->280 331 529c156-529c188 324->331 325->331 342 529c18a-529c190 331->342 343 529c19d-529c1c0 331->343 332->333 420 529c6fe call 8db72b0 333->420 421 529c6fe call 8db72a0 333->421 342->343 345 529c192-529c198 call 529ab2c 342->345 350 529c288-529c292 343->350 351 529c1c6-529c1d0 343->351 345->343 348 529c703-529c707 352 529c29d-529c2c0 350->352 353 529c294 350->353 351->350 356 529c1d6-529c209 351->356 358 529c2c8-529c2d6 352->358 359 529c2c2-529c2c5 352->359 412 529c297 call 529bf38 353->412 413 529c297 call 529c708 353->413 414 529c297 call 529c718 353->414 415 529c297 call 529c3bf 353->415 416 529c297 call 529ab00 353->416 417 529c297 call 529c6c0 353->417 363 529c3db-529c46a call 5295820 call 529ab2c 356->363 364 529c20f-529c27e 356->364 365 529c2d8-529c2e6 358->365 366 529c30c-529c31a 358->366 359->358 363->248 364->350 365->366 371 529c2e8-529c30a call 529ab3c 365->371 372 529c338-529c33f 366->372 373 529c31c-529c32a 366->373 371->372 418 529c345 call 8db7db9 372->418 419 529c345 call 8db7dc8 372->419 373->372 380 529c32c-529c333 call 529ab3c 373->380 378 529c348-529c358 386 529c35a-529c364 378->386 387 529c3ad-529c3bc 378->387 380->372 392 529c3a2-529c3a7 386->392 393 529c366-529c379 call 529ab48 386->393 387->363 409 529c3aa call 8e98448 392->409 410 529c3aa call 8e98438 392->410 411 529c3aa call 8e986c5 392->411 393->392 399 529c37b-529c39d call 529ab58 393->399 399->392 409->387 410->387 411->387 412->352 413->352 414->352 415->352 416->352 417->352 418->378 419->378 420->348 421->348
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveCaptureWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2424615356-0
                                                                                        • Opcode ID: 070eb5364f8d7da5a486a623f9d167aa36b7f611a39ade2bcbec6edfaa76fff7
                                                                                        • Instruction ID: 67280a84155a6bc885b13f2f8b7b9955472bd858d7a2a79b2d7a9ed0c074fe11
                                                                                        • Opcode Fuzzy Hash: 070eb5364f8d7da5a486a623f9d167aa36b7f611a39ade2bcbec6edfaa76fff7
                                                                                        • Instruction Fuzzy Hash: 60D1F874A14209CFDF28DFB5C984A9DBBB6BF88300F248269E409AB351DB719D81DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09200040 Relevance: 3.0, Instructions: 3003COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 919ebb7c97259631992e9f84df2bc556bc79962fb6c2db4af1def7d84bcf9ae5
                                                                                        • Instruction ID: d178da9153d88c58d1a74f5fd0c05b907409c105ede90afcdf5e4845aa3233b4
                                                                                        • Opcode Fuzzy Hash: 919ebb7c97259631992e9f84df2bc556bc79962fb6c2db4af1def7d84bcf9ae5
                                                                                        • Instruction Fuzzy Hash: 2463C731C10619CEDB11EF68C954A99BBB1FF95301F11D6DAE48877262EB30AAD4CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB5100 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1299 adb5100-adb5163 1300 adb5192-adb51b0 1299->1300 1301 adb5165-adb518f 1299->1301 1306 adb51b9-adb51f0 1300->1306 1307 adb51b2-adb51b4 1300->1307 1301->1300 1311 adb5621 1306->1311 1312 adb51f6-adb520a 1306->1312 1309 adb5672-adb5687 1307->1309 1315 adb5626-adb563c 1311->1315 1313 adb5239-adb5258 1312->1313 1314 adb520c-adb5236 1312->1314 1321 adb525a-adb5260 1313->1321 1322 adb5270-adb5272 1313->1322 1314->1313 1315->1309 1323 adb5262 1321->1323 1324 adb5264-adb5266 1321->1324 1325 adb5291-adb529a 1322->1325 1326 adb5274-adb528c 1322->1326 1323->1322 1324->1322 1328 adb52a2-adb52a9 1325->1328 1326->1315 1329 adb52ab-adb52b1 1328->1329 1330 adb52b3-adb52ba 1328->1330 1331 adb52c7-adb52db 1329->1331 1332 adb52bc-adb52c2 1330->1332 1333 adb52c4 1330->1333 1411 adb52dd call adb56c8 1331->1411 1412 adb52dd call adb56c3 1331->1412 1332->1331 1333->1331 1334 adb52e2-adb52e4 1335 adb52ea-adb52f1 1334->1335 1336 adb5439-adb543d 1334->1336 1335->1311 1337 adb52f7-adb5326 1335->1337 1338 adb560c-adb561f 1336->1338 1339 adb5443-adb5447 1336->1339 1409 adb5329 call adb5773 1337->1409 1410 adb5329 call adb5780 1337->1410 1338->1315 1340 adb5449-adb545c 1339->1340 1341 adb5461-adb546a 1339->1341 1340->1315 1343 adb5499-adb54a0 1341->1343 1344 adb546c-adb5496 1341->1344 1342 adb532f-adb5334 1347 adb533a-adb533f 1342->1347 1348 adb5602-adb5606 1342->1348 1345 adb553f-adb5554 1343->1345 1346 adb54a6-adb54ad 1343->1346 1344->1343 1345->1348 1358 adb555a-adb555c 1345->1358 1349 adb54af-adb54d9 1346->1349 1350 adb54dc-adb54fe 1346->1350 1351 adb5371-adb5386 call adb4bec 1347->1351 1352 adb5341-adb534f call adb4bd4 1347->1352 1348->1328 1348->1338 1349->1350 1350->1345 1385 adb5500-adb550a 1350->1385 1362 adb538b-adb538f 1351->1362 1352->1351 1367 adb5351-adb536a call adb4be0 1352->1367 1365 adb55a9-adb55c6 1358->1365 1366 adb555e-adb5597 1358->1366 1363 adb5391-adb53a3 call adb4bf8 1362->1363 1364 adb5400-adb540d 1362->1364 1390 adb53e3-adb53fb 1363->1390 1391 adb53a5-adb53d5 1363->1391 1364->1348 1383 adb5413-adb541d call adb4c08 1364->1383 1365->1348 1382 adb55c8-adb55f4 WaitMessage 1365->1382 1379 adb5599-adb559f 1366->1379 1380 adb55a0-adb55a7 1366->1380 1375 adb536f 1367->1375 1375->1362 1379->1380 1380->1348 1387 adb55fb 1382->1387 1388 adb55f6 1382->1388 1393 adb541f-adb5422 call adb4c14 1383->1393 1394 adb542c-adb5434 call adb4c20 1383->1394 1398 adb550c-adb5512 1385->1398 1399 adb5522-adb553d 1385->1399 1387->1348 1388->1387 1390->1315 1405 adb53dc 1391->1405 1406 adb53d7 1391->1406 1401 adb5427 1393->1401 1394->1348 1403 adb5516-adb5518 1398->1403 1404 adb5514 1398->1404 1399->1345 1399->1385 1401->1348 1403->1399 1404->1399 1405->1390 1406->1405 1409->1342 1410->1342 1411->1334 1412->1334
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID:
                                                                                        • API String ID: 2061451462-0
                                                                                        • Opcode ID: 61965245e3e1bea268f6c4e5a3ccb8b1a4314ec80dde6efafc015d7bbd0097f6
                                                                                        • Instruction ID: cc0e68fe7dcca75744e3c47d5931c7f64826d4b6750ed81f92feb323854c0f7f
                                                                                        • Opcode Fuzzy Hash: 61965245e3e1bea268f6c4e5a3ccb8b1a4314ec80dde6efafc015d7bbd0097f6
                                                                                        • Instruction Fuzzy Hash: 67F16B30A10209CFDB14DFA9D944B9DBBF1BF88304F5A8169E416AB3A1DB71E945CF80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08F988B8 Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3997379079.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8f90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f074e043da4ea78ce220792f5dcd733f551955df82b692b0f1cd2b1449a0ea49
                                                                                        • Instruction ID: 51779f627f0b1f20fd79e367b50454861bd51fd5d71027802851cb55f930b3f5
                                                                                        • Opcode Fuzzy Hash: f074e043da4ea78ce220792f5dcd733f551955df82b692b0f1cd2b1449a0ea49
                                                                                        • Instruction Fuzzy Hash: 244105B4E00208DFDB58DFA5E494A9DBBB2FF89301F208429D415AB354DB39AD82CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920ED28 Relevance: .7, Instructions: 725COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33b0f886a66116c195d11f437c4c9ccfea6db781834a397314e260837fde348f
                                                                                        • Instruction ID: 269818b9028964004582da46cafbffccf6a0d869b7f1854b7978ec6939079128
                                                                                        • Opcode Fuzzy Hash: 33b0f886a66116c195d11f437c4c9ccfea6db781834a397314e260837fde348f
                                                                                        • Instruction Fuzzy Hash: 84428D74B107058FDB24DF69C6A066EB7F2FFC8700B25886AE446D7692DB70EC818B51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09206328 Relevance: .5, Instructions: 518COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1fd8e9e8839e1f44ca860bcef2657dadd83455b8d3dabb6fe3cb49a7d934f851
                                                                                        • Instruction ID: 759d679d166cfe71b2178a008efda3054e288e8cf71001375f095131101df674
                                                                                        • Opcode Fuzzy Hash: 1fd8e9e8839e1f44ca860bcef2657dadd83455b8d3dabb6fe3cb49a7d934f851
                                                                                        • Instruction Fuzzy Hash: 3932A274E01218CFEB68CFA9D994B9DBBB2FF89300F1481AAD809A7355DB345981CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092038F8 Relevance: .4, Instructions: 358COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2ce10cb2136114da0f071682f2c73286d97628992e312dc52a20f4011f9cca82
                                                                                        • Instruction ID: 1f509f8a63a58358ef924a60e6970e06e5dba3d588292b489f8781220c288407
                                                                                        • Opcode Fuzzy Hash: 2ce10cb2136114da0f071682f2c73286d97628992e312dc52a20f4011f9cca82
                                                                                        • Instruction Fuzzy Hash: 2DF1C774E00219CFDB14DFA9D584A9EBBF2BF88311F248169E448AB395D7319D81CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920C270 Relevance: .3, Instructions: 333COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f6cde4746f1b9b03ae857efd11630307465754ce81ef379d93dd23b48b97df85
                                                                                        • Instruction ID: 66b5668e6965d024ea2e9f409ef6b4c0c6c9454a551727d6fb10f03a615ad356
                                                                                        • Opcode Fuzzy Hash: f6cde4746f1b9b03ae857efd11630307465754ce81ef379d93dd23b48b97df85
                                                                                        • Instruction Fuzzy Hash: 01F18078E01218CFDB68DFA9D954B9DBBB2FF89300F2081AAD809A7355DB355985CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092091B8 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4faa8a3b191068c25447ff143105d8b3cd95870afd68bc50885a4045dec8148c
                                                                                        • Instruction ID: cc3f38cff80c05bf35c4aca75f6c2293213e3c50597c246afa99d95d6d5e52ef
                                                                                        • Opcode Fuzzy Hash: 4faa8a3b191068c25447ff143105d8b3cd95870afd68bc50885a4045dec8148c
                                                                                        • Instruction Fuzzy Hash: 50E1B078E01218CFDB64DFA6D894A9DBBB2FF89300F2085AAD409A7355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920A5D8 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 55e5691958db9b945db365db50734f5b6fd0f056e68178c102be7bbfe387e14c
                                                                                        • Instruction ID: f1504d2091e2ab9ee0f8b835a5559a5f8bae010055ca461b6958de26033c607d
                                                                                        • Opcode Fuzzy Hash: 55e5691958db9b945db365db50734f5b6fd0f056e68178c102be7bbfe387e14c
                                                                                        • Instruction Fuzzy Hash: C5E1C178E01218CFDB64CFA5D884A9DBBB2FF89300F2085AAD409A7355DB359D82CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09208CB0 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2620ee001a585ff3c0a1354d7df7fb191e76313a0599c7efbbdadb0cbfdf22a2
                                                                                        • Instruction ID: a167965ce91e1bc410807659ce1a63978ab45d94ad6131acf58442b2310b0989
                                                                                        • Opcode Fuzzy Hash: 2620ee001a585ff3c0a1354d7df7fb191e76313a0599c7efbbdadb0cbfdf22a2
                                                                                        • Instruction Fuzzy Hash: 65E1CF78E01218CFDB64DFA5D894A9DBBB2FF89300F2085AAD409AB355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920A0D0 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fa72dee38d002355afaaa231ae0920e33b7a8d44642e3b5eeb7e37a7bb6b51ad
                                                                                        • Instruction ID: 442b88c3b2a93ae4d2274056fb11d2abc7e31ff852ce7a5cee9d0a78e73ff380
                                                                                        • Opcode Fuzzy Hash: fa72dee38d002355afaaa231ae0920e33b7a8d44642e3b5eeb7e37a7bb6b51ad
                                                                                        • Instruction Fuzzy Hash: B9E1BF78E01218CFDB64CFA5D894A9DBBB2FF89300F6085AAD409AB355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092087A8 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ab5f9a5bc37afd2dc0e119614248224b7e75a7fbcdbddc6f4fd57536ab0409db
                                                                                        • Instruction ID: 75384b60421d7500de63d97c72da4abb317ff8086f030101078ec0c2a4c39f9c
                                                                                        • Opcode Fuzzy Hash: ab5f9a5bc37afd2dc0e119614248224b7e75a7fbcdbddc6f4fd57536ab0409db
                                                                                        • Instruction Fuzzy Hash: 1EE1B078E01218CFDB64DFA5D894A9DBBB2FF89300F2085AAD409AB355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09209BC8 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4df0e463cd608e12569b2210962a7b847215140b4b91b9425df0b73f00e8dabb
                                                                                        • Instruction ID: 0ab13b6bfa8a156215369210d9c8bdd2e60d2c79eb95356546ce5e3891d1f1b0
                                                                                        • Opcode Fuzzy Hash: 4df0e463cd608e12569b2210962a7b847215140b4b91b9425df0b73f00e8dabb
                                                                                        • Instruction Fuzzy Hash: 61E1CE78E01218CFDB64DFA5D894A9DBBB2FF89300F2085AAD409AB355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092096C0 Relevance: .3, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 353c97145a71731da8125ae2473ff3f1725b65afd65efbb41a3eeb67fc9379da
                                                                                        • Instruction ID: 62b901aea906a1ab4f26b08652740df5f4b6e64e53c10e0bcb59186515555688
                                                                                        • Opcode Fuzzy Hash: 353c97145a71731da8125ae2473ff3f1725b65afd65efbb41a3eeb67fc9379da
                                                                                        • Instruction Fuzzy Hash: F3E1B078E01218CFDB64DFA5D894A9DBBB2FF89300F2085AAD409A7355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092081F8 Relevance: .3, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bdca55d4d50bc73b03714e78ec206bb228bd7e63a3685e1e8c1ab83f0ecc0f7c
                                                                                        • Instruction ID: 9c613399e92e16bf7478bfbabcecb1e4d3ffbb6a2ab61355c19de24b01add851
                                                                                        • Opcode Fuzzy Hash: bdca55d4d50bc73b03714e78ec206bb228bd7e63a3685e1e8c1ab83f0ecc0f7c
                                                                                        • Instruction Fuzzy Hash: 3AE1A078E01219CFDB64CFA9D894A9DBBB2FF89300F2085AAD409A7355DB359D81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E9F020 Relevance: .3, Instructions: 309COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c4e2e6c5b03258cf0b82c0b2471b00202c4812981d23ea68aa730277c16ac74c
                                                                                        • Instruction ID: c0bcb854f36a436daa675b5f50176c03c36582ba0403abc8adc44225c3dcf886
                                                                                        • Opcode Fuzzy Hash: c4e2e6c5b03258cf0b82c0b2471b00202c4812981d23ea68aa730277c16ac74c
                                                                                        • Instruction Fuzzy Hash: B2D12674A00208CFEB24DFA8C444B9DBBF1FF45306F1481ADE449AB3A2DBB49885CB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09203489 Relevance: .3, Instructions: 309COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c6176cea50bb2df88a8428fdc08531056dcc8a5aa94378b0835a4cb55e11203a
                                                                                        • Instruction ID: 64f546d4927450264153b009a3e5a1b7c7ccc6bb080e309f4b5823122fe0d3f3
                                                                                        • Opcode Fuzzy Hash: c6176cea50bb2df88a8428fdc08531056dcc8a5aa94378b0835a4cb55e11203a
                                                                                        • Instruction Fuzzy Hash: F1C14971E102098FDB18CFA9D4947AEFFB2BF88311F18C129E444AB396D7349985CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920ADC8 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bed42a1ddd8aa77272e56a9cb04731583b7897cf9b5bf89a00c980f94947e304
                                                                                        • Instruction ID: 06c9b85412624d39aeaac831998ba42552923e81c909405a3e66819e848ef0ef
                                                                                        • Opcode Fuzzy Hash: bed42a1ddd8aa77272e56a9cb04731583b7897cf9b5bf89a00c980f94947e304
                                                                                        • Instruction Fuzzy Hash: 5D81B374E01218CFDB58DFBAD894A9DBBB2FF89300F60816AD409A7355DB359982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920B0B0 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 879818b10a4dfc5ca18aeb77c57673799cc012b87681ebd3da65c0a79b7b86b6
                                                                                        • Instruction ID: 93f7210b61ea41a54dc04eb542643d1e5de69c87b160b1c4296a421aad70b1b3
                                                                                        • Opcode Fuzzy Hash: 879818b10a4dfc5ca18aeb77c57673799cc012b87681ebd3da65c0a79b7b86b6
                                                                                        • Instruction Fuzzy Hash: 4A81B374E01218CFDB58DFAAD890A9DBBB2FF89300F60816AD419A7355DB359D82CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920B398 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aad5b8642133ec52b74eb9dfbeac6eb661b70733e9ebb0a92336fc1dc5f38b6b
                                                                                        • Instruction ID: 70656c0ad71d7970006a21a85cbd49cbc3b8a0d46c9545388c531d375a54d8c4
                                                                                        • Opcode Fuzzy Hash: aad5b8642133ec52b74eb9dfbeac6eb661b70733e9ebb0a92336fc1dc5f38b6b
                                                                                        • Instruction Fuzzy Hash: A781B274E01218CFDB58DFAAD890A9DBBB2FF89300F60816AD409A7355DB359D82CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920AAE0 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ad7d3a3606f8e54e82d39332c1750ec7200f87dbaa7c63560d6ffd0176adf5f2
                                                                                        • Instruction ID: 49ec84a512ff0d685a06c997b8f89410e59043a8e881f26c2ff4535f8c2b099e
                                                                                        • Opcode Fuzzy Hash: ad7d3a3606f8e54e82d39332c1750ec7200f87dbaa7c63560d6ffd0176adf5f2
                                                                                        • Instruction Fuzzy Hash: D581A374E01218CFDB58DFAAD890A9DBBB2FF89300F608169D419AB355DB359982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920C262 Relevance: .1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c047dab01746cdbfa777c177856b03db1b196348937ce294cdb975789d65c61
                                                                                        • Instruction ID: 1a88523a6b1d284abbd8a6f7274810aee8da03c9727cfacf7df3281f41645851
                                                                                        • Opcode Fuzzy Hash: 2c047dab01746cdbfa777c177856b03db1b196348937ce294cdb975789d65c61
                                                                                        • Instruction Fuzzy Hash: A551E675E012588FDB58CFAAD95069DBBF2BFC9300F24C1AAC409BB254EB345986CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920B388 Relevance: .1, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9b2c74bd1069c3f3f695b91dd8446142c2e9ab15193656b5e656902e6233e48d
                                                                                        • Instruction ID: 6a2549e0e0eafe2e6b695559240c5ac673000a1341004cd8bea9fa99f44f441c
                                                                                        • Opcode Fuzzy Hash: 9b2c74bd1069c3f3f695b91dd8446142c2e9ab15193656b5e656902e6233e48d
                                                                                        • Instruction Fuzzy Hash: E651CF74E01258DFDB18DFAAD890A9DBBB2BFCA300F14806AD419AB365DB355942CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920ADB8 Relevance: .1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b5d9371dc02b4ff19fa0c97f08b61bcb47661a5a5bdeb62116b716b55f0588d4
                                                                                        • Instruction ID: 9dd87ca43f0a901712c6687698788adf4389e66a239f2f81a39a7322859f4dd0
                                                                                        • Opcode Fuzzy Hash: b5d9371dc02b4ff19fa0c97f08b61bcb47661a5a5bdeb62116b716b55f0588d4
                                                                                        • Instruction Fuzzy Hash: 7251F175E00218DFDB18DFAAD890A9EBBB2BFC9300F10C16AD419AB365DB355942CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09209BB9 Relevance: .1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 36e26a0e8ab6669a2a2785814f2ee53df078358282d7b23ad902951f8f0fb12e
                                                                                        • Instruction ID: c0600dfed22a154c4323552e7f41d8ceed189af27d35d28944961f53281c53af
                                                                                        • Opcode Fuzzy Hash: 36e26a0e8ab6669a2a2785814f2ee53df078358282d7b23ad902951f8f0fb12e
                                                                                        • Instruction Fuzzy Hash: A751E275E01219CFDB58DFAAD88469DBBF2BF89300F20C16AD419AB255EB715982CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09208798 Relevance: .1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3984d034006aebafab58fd9813d98df1567fa1dfa029f55d2b90924f77f8f985
                                                                                        • Instruction ID: 52af52e1383586832c2ba8b7f7cc96e032ad435cc02f28e586667cb31b9efb86
                                                                                        • Opcode Fuzzy Hash: 3984d034006aebafab58fd9813d98df1567fa1dfa029f55d2b90924f77f8f985
                                                                                        • Instruction Fuzzy Hash: FA51E374E01209CFDB58DFAAD89069DBBF2BF89300F24C17AD419AB265EB715942CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920AAD1 Relevance: .1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02ce6aa6b7ba896f1212160e851e25fd2fb1731cb4f3ac0a24c00b4cdf90c27d
                                                                                        • Instruction ID: ca3b47752557dc86d239bed8331046c2c5dcb50dc30c2e14765ee18f351f4708
                                                                                        • Opcode Fuzzy Hash: 02ce6aa6b7ba896f1212160e851e25fd2fb1731cb4f3ac0a24c00b4cdf90c27d
                                                                                        • Instruction Fuzzy Hash: 7451E274E00218DFDB18DFAAD890A9DBBB2BFCA300F10C06AD419AB354DB355982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920A0C0 Relevance: .1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e31474867c3ce9ec337eb30da111e8750a3b660fd06d7b4e8b32f4e7d82e74d4
                                                                                        • Instruction ID: 23175ce7d03a124083219beb39b64c140177039945b8a3cac1d55206f8943dd6
                                                                                        • Opcode Fuzzy Hash: e31474867c3ce9ec337eb30da111e8750a3b660fd06d7b4e8b32f4e7d82e74d4
                                                                                        • Instruction Fuzzy Hash: 2451E375E01209CFDB58DFAAD88469DBBF2BF89300F20C06AD409AB255EB715982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092096B0 Relevance: .1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b02ffc3f70bb4c1bb27f7bb2a9caaaad59e295e9ac3334443832e8fec63ac11
                                                                                        • Instruction ID: c4c41d83ea1cd3408d07c613c152376f4c91a976be01421180441e443577039e
                                                                                        • Opcode Fuzzy Hash: 0b02ffc3f70bb4c1bb27f7bb2a9caaaad59e295e9ac3334443832e8fec63ac11
                                                                                        • Instruction Fuzzy Hash: D551E374E01209CFDB58DFAAD840A9DBBF2BF89300F20C06AD409AB255EB715982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092091A9 Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0bd6982b49e0841978ef3fa6a743f4c80cfcaf7acf2b02ffe6ebef542b6856bb
                                                                                        • Instruction ID: 6f6fdce0639becf5d017a868d572a7a25f3ca5fbdd1beb646b01042f7f8ef01d
                                                                                        • Opcode Fuzzy Hash: 0bd6982b49e0841978ef3fa6a743f4c80cfcaf7acf2b02ffe6ebef542b6856bb
                                                                                        • Instruction Fuzzy Hash: BC51D474E01219CFDB58DFAAD88069DBBF2BF89300F24C16AD419AB255EB755981CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920B0A0 Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5b609b27a943a5f3248f1763261ef11b7c03b4f7f7169912a3a9aa509fb2abc1
                                                                                        • Instruction ID: 6d139d0ed8ff55031efd2cf51444894b39749dccf1c459c88743476e485d8b5a
                                                                                        • Opcode Fuzzy Hash: 5b609b27a943a5f3248f1763261ef11b7c03b4f7f7169912a3a9aa509fb2abc1
                                                                                        • Instruction Fuzzy Hash: 6251C075E00218CFDB18DFAAD890A9DBBB2BFC9300F10C16AD419AB365DB355986CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09208CA0 Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 73143050e3d0ab795ea2fddde6e54e75619808877aef7542bbfa02b26ea25a97
                                                                                        • Instruction ID: 937be70c0ae4ebba64bb4550d1d643cc14c061e3022c522c9e968058f43b4a3d
                                                                                        • Opcode Fuzzy Hash: 73143050e3d0ab795ea2fddde6e54e75619808877aef7542bbfa02b26ea25a97
                                                                                        • Instruction Fuzzy Hash: 2F51D474E01209CFDB58DFAAD89069DBBF2BF89300F24C16AD409AB255EB755982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092081E9 Relevance: .1, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 21920484c2aafa307163b3022e09d34c7746594f9b749ceb8f6b4cbb2d243bf6
                                                                                        • Instruction ID: 718615ff52a940048e0a4aba3a9b34f883deb8013a62575be01b3759947f85d2
                                                                                        • Opcode Fuzzy Hash: 21920484c2aafa307163b3022e09d34c7746594f9b749ceb8f6b4cbb2d243bf6
                                                                                        • Instruction Fuzzy Hash: 5251E374E01209CFDB58DFAAD85069DBBB2BF89300F20C17AD419AB365EB355982CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920A5C8 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 85aa4394cc81217101295a635eeccc7fee9f28346f7aead827193e80ff2e9b75
                                                                                        • Instruction ID: f3315d4d8193f60d1b94c7fd32784141bdf0252e6b818798a5515b70af438604
                                                                                        • Opcode Fuzzy Hash: 85aa4394cc81217101295a635eeccc7fee9f28346f7aead827193e80ff2e9b75
                                                                                        • Instruction Fuzzy Hash: 5651D675E01209CFDB58DFAAD88469DBBF2BF89300F24C179D419AB255EB355941CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09206319 Relevance: .1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b0fd3866032bd45cff1ba8f1d407a1449e55341fd14a8d64555081d861ae89c5
                                                                                        • Instruction ID: 1c2a1da7735ff6d3da5335e0b9cb3a8c81a7dafeeadd22ee3c6f6f09f49f504d
                                                                                        • Opcode Fuzzy Hash: b0fd3866032bd45cff1ba8f1d407a1449e55341fd14a8d64555081d861ae89c5
                                                                                        • Instruction Fuzzy Hash: 36515B71E016588BEB58CF6B894479EFBF3AFC9300F14C1BA8418AB265DB7409458F51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01697547 Relevance: 6.2, APIs: 4, Instructions: 166threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 01697616
                                                                                        • GetCurrentThread.KERNEL32 ref: 01697653
                                                                                        • GetCurrentProcess.KERNEL32 ref: 01697690
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 016976E9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: 88e49701e91e08c25382c03b75be5d51654298d82a4d20a7163aebf0965ddc9c
                                                                                        • Instruction ID: c9ad9491b447a88f6ed494e713c42daabfe3bc29cb1265f1cf133d5bdcb1be5b
                                                                                        • Opcode Fuzzy Hash: 88e49701e91e08c25382c03b75be5d51654298d82a4d20a7163aebf0965ddc9c
                                                                                        • Instruction Fuzzy Hash: 8D618BB0815749CFEB04CFAAD94879EBFF1EB89310F24849AD049A7352D7349944CF66
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01697598 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 01697616
                                                                                        • GetCurrentThread.KERNEL32 ref: 01697653
                                                                                        • GetCurrentProcess.KERNEL32 ref: 01697690
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 016976E9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: 2f8f024bcc00c2ba90905fe55dc6e57f6594a48065ac95bb435ab4173bb943d4
                                                                                        • Instruction ID: 153a5ee1ff73f8ff34c12b397a32a714276cefab632aafec39f727781195c96c
                                                                                        • Opcode Fuzzy Hash: 2f8f024bcc00c2ba90905fe55dc6e57f6594a48065ac95bb435ab4173bb943d4
                                                                                        • Instruction Fuzzy Hash: D35165B0910709CFEB14CFAAD948BAEBBF5BF88310F248459E009A7351D7346944CF66
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 016977D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 58 16977d8-16977da 59 16977dc-16977dd 58->59 60 16977e1-1697874 DuplicateHandle 58->60 59->60 61 169787d-169789a 60->61 62 1697876-169787c 60->62 62->61
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01697867
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID: U
                                                                                        • API String ID: 3793708945-3372436214
                                                                                        • Opcode ID: d1e9988af7db5f1439d633fb78226fee779f3082892aab4b72604481bb218915
                                                                                        • Instruction ID: 2ad1b852af8e4e3af2964996d8df046e859f9f3354383b39202ef81e7c15e7ed
                                                                                        • Opcode Fuzzy Hash: d1e9988af7db5f1439d633fb78226fee779f3082892aab4b72604481bb218915
                                                                                        • Instruction Fuzzy Hash: FC21F6B59002499FDB10CFAAD884ADEBFF8EB48310F14801AE914A7350C3749944CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169D528 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1558 169d528-169d532 1559 169d539-169d53c 1558->1559 1560 169d534-169d536 1558->1560 1562 169d53d-169d547 1559->1562 1561 169d538 1560->1561 1560->1562 1561->1559 1563 169d549-169d556 call 169c3d4 1562->1563 1564 169d573-169d577 1562->1564 1570 169d558 1563->1570 1571 169d56c 1563->1571 1566 169d579-169d583 1564->1566 1567 169d58b-169d5cc 1564->1567 1566->1567 1573 169d5d9-169d5e7 1567->1573 1574 169d5ce-169d5d6 1567->1574 1621 169d55e call 169d7c9 1570->1621 1622 169d55e call 169d7d0 1570->1622 1571->1564 1575 169d5e9-169d5ee 1573->1575 1576 169d60b-169d60d 1573->1576 1574->1573 1578 169d5f9 1575->1578 1579 169d5f0-169d5f7 call 169c3e0 1575->1579 1581 169d610-169d617 1576->1581 1577 169d564-169d566 1577->1571 1580 169d6a8-169d722 1577->1580 1583 169d5fb-169d609 1578->1583 1579->1583 1612 169d729-169d72c 1580->1612 1613 169d724-169d726 1580->1613 1584 169d619-169d621 1581->1584 1585 169d624-169d62b 1581->1585 1583->1581 1584->1585 1588 169d638-169d641 call 169c3f0 1585->1588 1589 169d62d-169d635 1585->1589 1593 169d64e-169d653 1588->1593 1594 169d643-169d64b 1588->1594 1589->1588 1595 169d671-169d675 1593->1595 1596 169d655-169d65c 1593->1596 1594->1593 1623 169d678 call 169daa0 1595->1623 1624 169d678 call 169dab0 1595->1624 1596->1595 1598 169d65e-169d66e call 169c1a8 call 169c400 1596->1598 1598->1595 1601 169d67b-169d67e 1603 169d6a1-169d6a7 1601->1603 1604 169d680-169d69e 1601->1604 1604->1603 1615 169d72d-169d768 1612->1615 1614 169d728 1613->1614 1613->1615 1614->1612 1616 169d76a-169d76d 1615->1616 1617 169d770-169d79b GetModuleHandleW 1615->1617 1616->1617 1618 169d79d-169d7a3 1617->1618 1619 169d7a4-169d7b8 1617->1619 1618->1619 1621->1577 1622->1577 1623->1601 1624->1601
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0169D78E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: a8bcee529cbfd87c4559507e897865cf6df8b29d7e9aff2e29bd9b4d5809fe1c
                                                                                        • Instruction ID: 4343bbd9f6f77e69b68ae4a5e4dfd90eec1577b3c35277188ade9a8306579166
                                                                                        • Opcode Fuzzy Hash: a8bcee529cbfd87c4559507e897865cf6df8b29d7e9aff2e29bd9b4d5809fe1c
                                                                                        • Instruction Fuzzy Hash: 4F816AB0A00B059FEB24DF6AD84476ABBF5FF88214F00892DD44ADBB50D774E845CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB520 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1745 79bb520-79bb551 1749 79bb553-79bb560 1745->1749 1750 79bb567-79bb56d 1745->1750 1749->1750 1751 79bb56f-79bb575 1750->1751 1752 79bb58e-79bb5d4 1750->1752 1751->1752 1754 79bb577-79bb580 1751->1754 1763 79bb5fd-79bb607 1752->1763 1764 79bb5d6-79bb5e0 call 79b92e4 1752->1764 1754->1752 1756 79bb582-79bb588 1754->1756 1756->1752 1757 79bb683-79bb696 1756->1757 1759 79bb698-79bb6b0 call 79b9260 1757->1759 1771 79bb6b2-79bb6fa 1759->1771 1772 79bb701 1759->1772 1763->1757 1766 79bb609-79bb616 1763->1766 1768 79bb5e5-79bb5f8 1764->1768 1769 79bb618-79bb61e 1766->1769 1770 79bb624-79bb62d 1766->1770 1768->1759 1769->1770 1773 79bb620 1769->1773 1774 79bb63b-79bb67e KiUserCallbackDispatcher 1770->1774 1775 79bb62f-79bb635 1770->1775 1771->1772 1778 79bb702 1772->1778 1773->1770 1774->1757 1775->1774 1777 79bb637 1775->1777 1777->1774 1778->1778
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000014,?,?,04134358,031501AC,?,00000000), ref: 079BB67E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: a678858fa0ab280b306b57115b6cd2da7bb44df8b710a4f0ade7d43e9fd4c4e2
                                                                                        • Instruction ID: 2a9f7b1bfa81005e281759a690d7c943e06c2b67a324850ea78a4e08a59bcd8c
                                                                                        • Opcode Fuzzy Hash: a678858fa0ab280b306b57115b6cd2da7bb44df8b710a4f0ade7d43e9fd4c4e2
                                                                                        • Instruction Fuzzy Hash: 8D717EB4A11609EFCB14DF99D984DAEBBB6BF48724F114099F901AB361DB31EC81CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E97397 Relevance: 1.7, APIs: 1, Instructions: 168threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1786 8e97397-8e973a6 1787 8e973a8-8e973ac 1786->1787 1788 8e973ad-8e97405 1786->1788 1787->1788 1790 8e9744c-8e97456 call 8e95ddc 1788->1790 1791 8e97407-8e97412 1788->1791 1795 8e97458-8e97467 call 8e95ddc call 8e95dec 1790->1795 1796 8e9746c-8e97484 1790->1796 1797 8e97421-8e97444 1791->1797 1798 8e97414-8e9741f 1791->1798 1795->1796 1805 8e9748a-8e974f5 GetCurrentThreadId 1796->1805 1806 8e97542 1796->1806 1797->1790 1798->1790 1798->1797 1826 8e974fe-8e97534 call 8e95dfc 1805->1826 1827 8e974f7-8e974fd 1805->1827 1833 8e97545 call 79ba6ba 1806->1833 1834 8e97545 call 79ba488 1806->1834 1835 8e97545 call 79ba477 1806->1835 1809 8e9754a-8e9754e 1811 8e97568-8e9756a 1809->1811 1812 8e97550-8e9755f 1809->1812 1813 8e9756c-8e97571 call 8e95dec 1811->1813 1814 8e97576-8e9757a 1811->1814 1812->1811 1813->1814 1817 8e9757c-8e9758e call 8e95e08 1814->1817 1818 8e97593-8e97597 1814->1818 1817->1818 1820 8e97599 1818->1820 1821 8e975a1-8e975ae 1818->1821 1820->1821 1832 8e97539 1826->1832 1827->1826 1832->1806 1833->1809 1834->1809 1835->1809
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 08E974E4
                                                                                          • Part of subcall function 08E95DFC: EnumThreadWindows.USER32(?,00000000,?), ref: 08E97701
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$CurrentEnumWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2396873506-0
                                                                                        • Opcode ID: fe74e1d08d0f71b02863b14da543891f43de55d8db57998d964e1ef1ddac322a
                                                                                        • Instruction ID: ecd3f5c500887f0e9b5d12a9a844faff888a94e22ef43aeeb7f104361063280b
                                                                                        • Opcode Fuzzy Hash: fe74e1d08d0f71b02863b14da543891f43de55d8db57998d964e1ef1ddac322a
                                                                                        • Instruction Fuzzy Hash: 29615D75E002089FCF18DFA9E894A9EBBB6FF88301F20852DD455AB361DF74A845CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E973A8 Relevance: 1.7, APIs: 1, Instructions: 160threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1836 8e973a8-8e97405 1839 8e9744c-8e97456 call 8e95ddc 1836->1839 1840 8e97407-8e97412 1836->1840 1844 8e97458-8e97467 call 8e95ddc call 8e95dec 1839->1844 1845 8e9746c-8e97484 1839->1845 1846 8e97421-8e97444 1840->1846 1847 8e97414-8e9741f 1840->1847 1844->1845 1854 8e9748a-8e974f5 GetCurrentThreadId 1845->1854 1855 8e97542 1845->1855 1846->1839 1847->1839 1847->1846 1875 8e974fe-8e97534 call 8e95dfc 1854->1875 1876 8e974f7-8e974fd 1854->1876 1882 8e97545 call 79ba6ba 1855->1882 1883 8e97545 call 79ba488 1855->1883 1884 8e97545 call 79ba477 1855->1884 1858 8e9754a-8e9754e 1860 8e97568-8e9756a 1858->1860 1861 8e97550-8e9755f 1858->1861 1862 8e9756c-8e97571 call 8e95dec 1860->1862 1863 8e97576-8e9757a 1860->1863 1861->1860 1862->1863 1866 8e9757c-8e9758e call 8e95e08 1863->1866 1867 8e97593-8e97597 1863->1867 1866->1867 1869 8e97599 1867->1869 1870 8e975a1-8e975ae 1867->1870 1869->1870 1881 8e97539 1875->1881 1876->1875 1881->1855 1882->1858 1883->1858 1884->1858
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 08E974E4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentThread
                                                                                        • String ID:
                                                                                        • API String ID: 2882836952-0
                                                                                        • Opcode ID: 168b2fa12ea12e0f8d297cce42d210296e91891b12fa43b0eaa86167a12e315c
                                                                                        • Instruction ID: 559e8aafed245128a2f54ff0b73cdcd5c2ad32e1cda95bf93fb7ce4c290b005c
                                                                                        • Opcode Fuzzy Hash: 168b2fa12ea12e0f8d297cce42d210296e91891b12fa43b0eaa86167a12e315c
                                                                                        • Instruction Fuzzy Hash: B5513D75E002089FCF18DFA9E894A9EBBB6FF88301F20812DD455AB364DF74A845CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08F98A28 Relevance: 1.7, APIs: 1, Instructions: 160libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3997379079.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8f90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 8bde6fa617edd92d40adb66a49738bfbc1884339ab18dfdc719d20d1c6aea67b
                                                                                        • Instruction ID: 3d2cd8ba53673de66137d8feb7fb3a489d8288ea677af6069a50422d2a35f24d
                                                                                        • Opcode Fuzzy Hash: 8bde6fa617edd92d40adb66a49738bfbc1884339ab18dfdc719d20d1c6aea67b
                                                                                        • Instruction Fuzzy Hash: 6761C2B4E01258CFDB54DFA9D480A8DBBB2FF89301F248169D815AB365DB35AC82CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08F98A38 Relevance: 1.7, APIs: 1, Instructions: 153libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3997379079.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8f90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 62d8c8c31bddd0677241fb4aa8b9fa4c526ac53c19856ef0b26dda10e0e43857
                                                                                        • Instruction ID: d5038a06b18d9185ea063c0b34b7baf4f0e027163d35adcc36217010e9053b3b
                                                                                        • Opcode Fuzzy Hash: 62d8c8c31bddd0677241fb4aa8b9fa4c526ac53c19856ef0b26dda10e0e43857
                                                                                        • Instruction Fuzzy Hash: B661C2B4E01218CFDB54DFA9D480A9DBBB2FF89301F248169D815AB354DB35AC82CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05290C51 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e27662e6064ddfd0c7059ea6d4cadca5d60eb5392db322197179944b419a74b7
                                                                                        • Instruction ID: 4e28cb936208216c4dca88c745f7895874a54fdc82ab89fc4f89ba3d29451479
                                                                                        • Opcode Fuzzy Hash: e27662e6064ddfd0c7059ea6d4cadca5d60eb5392db322197179944b419a74b7
                                                                                        • Instruction Fuzzy Hash: 48412172D103598FDB04CFB9D80439ABBF5EF89220F14866AD448A7240EB78A841CBE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08F9812F Relevance: 1.6, APIs: 1, Instructions: 127libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3997379079.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8f90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: ec36722f27ec363a9e8adafefb363a48bc40197a9b8149b98a40cf10c9d8726a
                                                                                        • Instruction ID: d4ee429a9f28a82394afe1239895f18e440b9d182e66b0e28e3a639c774642a7
                                                                                        • Opcode Fuzzy Hash: ec36722f27ec363a9e8adafefb363a48bc40197a9b8149b98a40cf10c9d8726a
                                                                                        • Instruction Fuzzy Hash: A451F474E00208DFDB54DFA5D498A9DBBB2FF8A305F204469D415AB3A4DB39AC82CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DBC070 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000003,00000000,00000000,00000000,00000000,00000000,00000000), ref: 08DBC190
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 02743ea8c2b063893dc8fb77cf1e9ff93782d94331ee49af959a306b88b01ef6
                                                                                        • Instruction ID: 4c80ca4e357bd6913b7ff213aa9f6f19f985cc54211c2c7f21eadef597ecf26e
                                                                                        • Opcode Fuzzy Hash: 02743ea8c2b063893dc8fb77cf1e9ff93782d94331ee49af959a306b88b01ef6
                                                                                        • Instruction Fuzzy Hash: 23414875B10204DFDB04DF69C895AAEBBF5FF882A1F1441A9E506EB361DA31EC41CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08F98140 Relevance: 1.6, APIs: 1, Instructions: 122libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3997379079.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8f90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 878290863246f91d7774445c099140b92bac60279efe0552c6a6acca91d92e46
                                                                                        • Instruction ID: 7ff4857557b8d3d32c60abe82e8f319ec2e64529a2cbad8bb77f5d9c6195abed
                                                                                        • Opcode Fuzzy Hash: 878290863246f91d7774445c099140b92bac60279efe0552c6a6acca91d92e46
                                                                                        • Instruction Fuzzy Hash: 7E510574E00208DFDB54DFA5D494A9DBBB2FF89305F208429D415AB354DB35AC82CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E95DEC Relevance: 1.6, APIs: 1, Instructions: 119threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 08E97701
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumThreadWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2941952884-0
                                                                                        • Opcode ID: 51f2c5c8a2441bf3934581e003d161fbd165693c268bb2203033e4eff12a7b78
                                                                                        • Instruction ID: 9c5d1ed1ac446e02a7f9c2a99d54c67f675a53f6b5821ac08c60c8839be80d6c
                                                                                        • Opcode Fuzzy Hash: 51f2c5c8a2441bf3934581e003d161fbd165693c268bb2203033e4eff12a7b78
                                                                                        • Instruction Fuzzy Hash: D941E372A002199FDB14CFAAD844BEEBBF5EF88310F14842EE458E7341CB789945CB65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169FB30 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0169FC42
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 716092398-0
                                                                                        • Opcode ID: 3907ff0ddd557466ea05f1cc09690ab3a24c09e6fdee626f129e5252cf6f7ed2
                                                                                        • Instruction ID: 0d601cc99d6255f12d462299fc1f4463bd833ca0c14abbf3de0acbdd51f1e2e3
                                                                                        • Opcode Fuzzy Hash: 3907ff0ddd557466ea05f1cc09690ab3a24c09e6fdee626f129e5252cf6f7ed2
                                                                                        • Instruction Fuzzy Hash: D5419CB1D10259DFDB14CF9AC884ADEBFB5BF48310F25816AE819AB210D775A885CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08F988A8 Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3997379079.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8f90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e4b14c96389b78794edbde9199e059b66ff3dad71a05a8185140cb12dba09243
                                                                                        • Instruction ID: feee57e397a34cf189a463e691708a94873f332cd353b3d8b5b26a574e94f3a9
                                                                                        • Opcode Fuzzy Hash: e4b14c96389b78794edbde9199e059b66ff3dad71a05a8185140cb12dba09243
                                                                                        • Instruction Fuzzy Hash: 874145B4E00248DFDB54DFA5E494A9DBBB2FF8A301F248569D411AB3A4DB395C82CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01697768 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bf50e2891a2a3caee275113ee9cc33d00d8d60d6358a4fe1da852c56d03aaa8a
                                                                                        • Instruction ID: 858bd9ca82ddf98b35fd05b1b9ab28809900e6d45e06f84929da8f3a083e0c8c
                                                                                        • Opcode Fuzzy Hash: bf50e2891a2a3caee275113ee9cc33d00d8d60d6358a4fe1da852c56d03aaa8a
                                                                                        • Instruction Fuzzy Hash: 98413676900249AFDB01CF99D844AEEBFF9EF48310F14806AE915A7321C335AA14DFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB5780 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2558294473-0
                                                                                        • Opcode ID: d1ddcebb9937720dbf83eb9e8ea1018355455d6a86535375db616cffaf9c2049
                                                                                        • Instruction ID: 529e6a01041472ad70cbb6f97840f29f8e0771071383a2f5e668ff918a08bb9c
                                                                                        • Opcode Fuzzy Hash: d1ddcebb9937720dbf83eb9e8ea1018355455d6a86535375db616cffaf9c2049
                                                                                        • Instruction Fuzzy Hash: 9631BA75920345CFEB60CFAAD889BEEBBF5BF84314F258029D41BA6241C7799084CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169A289 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(0000004B), ref: 0169A2FD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID:
                                                                                        • API String ID: 4116985748-0
                                                                                        • Opcode ID: 99b9c7cb197ad5d74c8439c762a9a1535bae5d97f68e8a04726d1e676acdd4d8
                                                                                        • Instruction ID: 9e3ec5b51e5886f04b50baf22f07557581a3265a58423d2c909f62f36f5b63ee
                                                                                        • Opcode Fuzzy Hash: 99b9c7cb197ad5d74c8439c762a9a1535bae5d97f68e8a04726d1e676acdd4d8
                                                                                        • Instruction Fuzzy Hash: 0131DF70814394CFEF11CFEAE9453A97FF8AB55700F08809AE588A7382DB399644DF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05293187 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessWindowStation.USER32(?,?,?,?,00000E20,?,?,0529BFFB), ref: 052931F5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessStationWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3348185895-0
                                                                                        • Opcode ID: 5f1032c77b1484188671fe8209a18b76287feff564ca4daab9f0b63618091932
                                                                                        • Instruction ID: 89c405711f5e803c02c35e67f053973ad4dd7b53337173341fce03399c19ae12
                                                                                        • Opcode Fuzzy Hash: 5f1032c77b1484188671fe8209a18b76287feff564ca4daab9f0b63618091932
                                                                                        • Instruction Fuzzy Hash: A731BF70D143469FDF18CFAAC445BAAFBF8FF58310F14842AD409A7340CB74A9448BA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05296D38 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000003,00000000,00000000,?,?,?,00000000), ref: 05296DB6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: c0f6c1720f0f41db63e3b64fe562e5b2a164d489a92d74346c10cce162d68b11
                                                                                        • Instruction ID: d43c5c29cd7bf91b333b9f338cb7933717a88f6688870fd92ed5e869fbb4e7b3
                                                                                        • Opcode Fuzzy Hash: c0f6c1720f0f41db63e3b64fe562e5b2a164d489a92d74346c10cce162d68b11
                                                                                        • Instruction Fuzzy Hash: 3121C231B101219BDB18DB69DC40BAE77A6FFC4325F0481B8E51997395CB34E865CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05293198 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessWindowStation.USER32(?,?,?,?,00000E20,?,?,0529BFFB), ref: 052931F5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessStationWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3348185895-0
                                                                                        • Opcode ID: 4b856dd41c360a804d6f6eae354db4eb33ec539c57df90b600f617f68c4b301a
                                                                                        • Instruction ID: d339cf3b81827b44b405f3509dff2618d3409bb65124f418f138943aad080c85
                                                                                        • Opcode Fuzzy Hash: 4b856dd41c360a804d6f6eae354db4eb33ec539c57df90b600f617f68c4b301a
                                                                                        • Instruction Fuzzy Hash: F9219C7091024A9FDB18CFAAC4457AAFBF8FB58314F14842AD409A3340CB74A9449BA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADBC4F0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0ADBC58F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DrawText
                                                                                        • String ID:
                                                                                        • API String ID: 2175133113-0
                                                                                        • Opcode ID: 9e090b7b2abf0bb4f8d97cccdff5c38420b098bb6c7a18eca88b94aa430b9c49
                                                                                        • Instruction ID: 9402e0ac637871fa786bd38c80b684aeb1ae0ff3df8773bee860a6258908446c
                                                                                        • Opcode Fuzzy Hash: 9e090b7b2abf0bb4f8d97cccdff5c38420b098bb6c7a18eca88b94aa430b9c49
                                                                                        • Instruction Fuzzy Hash: 8F31E0B591024ADFDB10CF9AD884AEEFBF5BF48310F15842AE819A7310D375A944CFA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E95C04 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MoveFileExW.KERNEL32(?,00000000,?), ref: 08E9679D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileMove
                                                                                        • String ID:
                                                                                        • API String ID: 3562171763-0
                                                                                        • Opcode ID: d3a4962f0d4c58501a8e70e41688a1c72abb259db467d9a13bf5ad1cc58541d6
                                                                                        • Instruction ID: 281d9cf614b8dde711ac8a355e0e89e51eb4c64606e8d28f70694b1ce62b1e1c
                                                                                        • Opcode Fuzzy Hash: d3a4962f0d4c58501a8e70e41688a1c72abb259db467d9a13bf5ad1cc58541d6
                                                                                        • Instruction Fuzzy Hash: CF2135B6C01619DFCB10CF99D4847EEFBF5EB88310F24856AD808AB351D375AA40CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADBC4F8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0ADBC58F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DrawText
                                                                                        • String ID:
                                                                                        • API String ID: 2175133113-0
                                                                                        • Opcode ID: 8bdfdd1e8f2fd08482195e9ef348c832a92374bc6ab7ba7f0579b75d2215a62f
                                                                                        • Instruction ID: 38e6da599b06de2e4a8bc235dd285b7fe3d1dc0c579fdad9b91d9af5ddad20ff
                                                                                        • Opcode Fuzzy Hash: 8bdfdd1e8f2fd08482195e9ef348c832a92374bc6ab7ba7f0579b75d2215a62f
                                                                                        • Instruction Fuzzy Hash: 3621EEB5910209DFDB10CF9AD884ADEFBF8BB48320F55842AE819A7310D374A944CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB4408 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 08DB4496
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExtentPoint32Text
                                                                                        • String ID:
                                                                                        • API String ID: 223599850-0
                                                                                        • Opcode ID: 916ae9170b2b64d72813292ad08fa6db332acfccbf99187e28d2d8aa3e79ed9f
                                                                                        • Instruction ID: 6c9f8235188c59538cd6a5e404d190c679d463163bf49e51e279dd3b4ab555f8
                                                                                        • Opcode Fuzzy Hash: 916ae9170b2b64d72813292ad08fa6db332acfccbf99187e28d2d8aa3e79ed9f
                                                                                        • Instruction Fuzzy Hash: 2221E2B1901359DFDB10CF9AD884ADEFBF4BB48360F24842EE819A7201C375A944CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DBBE38 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(?,00000000), ref: 08DBBEBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfo
                                                                                        • String ID:
                                                                                        • API String ID: 3534257612-0
                                                                                        • Opcode ID: bd6a52c011c7fd1101abe67941e6f8c5b556a8cecb3a17ba7386bd419efc734a
                                                                                        • Instruction ID: 7bf2cbf12f7d3802fe8861094c116da79db8b81e48e9f6f619723edbac6f38d7
                                                                                        • Opcode Fuzzy Hash: bd6a52c011c7fd1101abe67941e6f8c5b556a8cecb3a17ba7386bd419efc734a
                                                                                        • Instruction Fuzzy Hash: 752145B1901709DFDB10CFAAC884ADEFBF4AB48320F14802ED519A7250D374A544CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB4410 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 08DB4496
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExtentPoint32Text
                                                                                        • String ID:
                                                                                        • API String ID: 223599850-0
                                                                                        • Opcode ID: 6bd761af3309f7be43bd81f3f5d133076c638b246f9bede466778a82bd0eb1d2
                                                                                        • Instruction ID: 254882b1aa2f4b381e6f48f46e572538ced40822619955a9069ec5c6fb5c1809
                                                                                        • Opcode Fuzzy Hash: 6bd761af3309f7be43bd81f3f5d133076c638b246f9bede466778a82bd0eb1d2
                                                                                        • Instruction Fuzzy Hash: 4B21D2B5901349DFDB10CF9AD884ADEFBF5AB48360F14842EE419A7301C375A944CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0529CFA7 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0529D02A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentThread
                                                                                        • String ID:
                                                                                        • API String ID: 2882836952-0
                                                                                        • Opcode ID: 3785ad34f258bc02e9445482bea8af313000043651b2b4608bb62502b3ae51c3
                                                                                        • Instruction ID: 880214fbb55c1c89b66d8d4ff328a8e97884b2e0b2a76663b0a6d1b9a2d56781
                                                                                        • Opcode Fuzzy Hash: 3785ad34f258bc02e9445482bea8af313000043651b2b4608bb62502b3ae51c3
                                                                                        • Instruction Fuzzy Hash: 422133B590024A8FDB10CFAAD484ADEFBF0FF88314F14856AD429AB311D375A945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E95DFC Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 08E97701
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumThreadWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2941952884-0
                                                                                        • Opcode ID: ef96736396a9d2e03ae5f9a94b2adc25e72757417a86b8c739f667de46de52ce
                                                                                        • Instruction ID: 2d5768420a108ce2c42e7baf71219627d04e295d5ea06d763858c1cb214d4478
                                                                                        • Opcode Fuzzy Hash: ef96736396a9d2e03ae5f9a94b2adc25e72757417a86b8c739f667de46de52ce
                                                                                        • Instruction Fuzzy Hash: 5C2147B1D10219DFDB14CF9AC844BEEFBF5EB88310F14842AD858A7241D7B8A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 016977E0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01697867
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 72ce9911fd3e128bd8c23626239bdca7180b92669dc046ca66392dac72723b5d
                                                                                        • Instruction ID: 973ced7e187339a9c3bae420f583ca790162baf91254778a33031cec2d9e745c
                                                                                        • Opcode Fuzzy Hash: 72ce9911fd3e128bd8c23626239bdca7180b92669dc046ca66392dac72723b5d
                                                                                        • Instruction Fuzzy Hash: C421E4B5900249EFDB10CFAAD984ADEFBF8FB48310F14841AE914A7350C374A944CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DBBE40 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(?,00000000), ref: 08DBBEBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfo
                                                                                        • String ID:
                                                                                        • API String ID: 3534257612-0
                                                                                        • Opcode ID: 11ede13d78d5f54dbe1b8ce8528b7bb2ba9878330a07b638b66046eac565e833
                                                                                        • Instruction ID: 7fb8fd5bc6cb370490910f72db0c2194e937fe9e8140d2184aa43a9e32f75425
                                                                                        • Opcode Fuzzy Hash: 11ede13d78d5f54dbe1b8ce8528b7bb2ba9878330a07b638b66046eac565e833
                                                                                        • Instruction Fuzzy Hash: A82104B1901719DFDB10CF9AC884ADEFBF4AB48360F14812ED919A7350D374A944CB65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05296381 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,940523E7), ref: 052963F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ForegroundWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2020703349-0
                                                                                        • Opcode ID: 31f85e6d5b53fd598babf21cefa772f083f36c318910df23c74f687e042a54ec
                                                                                        • Instruction ID: e8549106a37f01afe04e8b9cb2cbfbcfb1508171ec102f6058700faa69d08232
                                                                                        • Opcode Fuzzy Hash: 31f85e6d5b53fd598babf21cefa772f083f36c318910df23c74f687e042a54ec
                                                                                        • Instruction Fuzzy Hash: 8821A9B19003098FDB24DFAAE4457EEBBF5EF88210F64842DD51AA7340DB74A4408FA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05296390 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,940523E7), ref: 052963F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: ForegroundWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2020703349-0
                                                                                        • Opcode ID: 3381fd1953d1555ab86b2ed954a801573769aee8fc811fa9f6e57dc5575ece7c
                                                                                        • Instruction ID: 7de91e19af25de8d860fd650cb325fcd86cd53331058a6350df2fd9291e2bfcf
                                                                                        • Opcode Fuzzy Hash: 3381fd1953d1555ab86b2ed954a801573769aee8fc811fa9f6e57dc5575ece7c
                                                                                        • Instruction Fuzzy Hash: FB11ACB1910709CFDB24DFAAE0457EEBBF5EF88210F148429D51AA7340DB75A5408FA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169C428 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0169D809,00000800,00000000,00000000), ref: 0169DA1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 2d8adee4a41cea22de4e412f63e685f2ac61d39d2dff1db44984a6302a64a802
                                                                                        • Instruction ID: 5c70bad222c07a80d8ae4ff5b9a6c176b76f8813b1eece1c78f6192847e2aa34
                                                                                        • Opcode Fuzzy Hash: 2d8adee4a41cea22de4e412f63e685f2ac61d39d2dff1db44984a6302a64a802
                                                                                        • Instruction Fuzzy Hash: F91103B68002499FDB10CF9AC844B9EFBF9AB88310F14842AE919B7300C379A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169D9A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0169D809,00000800,00000000,00000000), ref: 0169DA1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: cc435745e7fceceac264e40bdb81ffee97c1e36f98b92a2147b780b391173cb8
                                                                                        • Instruction ID: 22b9bc2bd857bcc5fccaf31b24ff98ec43aceeee683d2cc5adc3f8b8d01e302c
                                                                                        • Opcode Fuzzy Hash: cc435745e7fceceac264e40bdb81ffee97c1e36f98b92a2147b780b391173cb8
                                                                                        • Instruction Fuzzy Hash: D31114B6D003499FDB10CF9AC844ADEFBF9AB48710F14842AD919B7300C379A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB8D31 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 08DB8DA2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 530164218-0
                                                                                        • Opcode ID: da3d722a22af10b3c1c4e3bfd78ce56010c3229905758474c42a443db9a38b05
                                                                                        • Instruction ID: da91f35ac689f69fb53bfcd4deed250560775459e7930afc84d18c50b7c5529c
                                                                                        • Opcode Fuzzy Hash: da3d722a22af10b3c1c4e3bfd78ce56010c3229905758474c42a443db9a38b05
                                                                                        • Instruction Fuzzy Hash: 0F1103B69006498FDB14CF9AD844BEEFBF4EF88360F14852ED859A7640C378A545CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB4BE0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,0ADB536F,00000000,04134358,031501AC,00000000,?), ref: 0ADB5ACD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: e9024c47b816badcb01551138ad75c870cbd5e8dd7d3eb60fa1b9cb2c31f3888
                                                                                        • Instruction ID: c23af3a1374ef6c5b1a3a5f28e9a00fc3d29cb3e1bbaad44bc63adaffddb8b63
                                                                                        • Opcode Fuzzy Hash: e9024c47b816badcb01551138ad75c870cbd5e8dd7d3eb60fa1b9cb2c31f3888
                                                                                        • Instruction Fuzzy Hash: 8811C4B1810259DFDB10DF9AD484BDEFBF8EB48310F55842AE555A3241C378A644CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB8D38 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 08DB8DA2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 530164218-0
                                                                                        • Opcode ID: d8707c7ebc5fd374cf834b05db01391cf62a6c5aa8e579533e923754d96b6f2e
                                                                                        • Instruction ID: 4fff020b3a7a3551d4fb66e21e38a5d4bd0757fce9759c987145ba7ce1d15d3d
                                                                                        • Opcode Fuzzy Hash: d8707c7ebc5fd374cf834b05db01391cf62a6c5aa8e579533e923754d96b6f2e
                                                                                        • Instruction Fuzzy Hash: CB1126B2800649CFDB14CF9AC444BDEFBF8EF88360F14842AD859A7640D378A545CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05290D38 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 05290D9F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3968053514.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_5290000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalMemoryStatus
                                                                                        • String ID:
                                                                                        • API String ID: 1890195054-0
                                                                                        • Opcode ID: 7617207f1f920b1b9724071269918f07dc49710facdc5579188b002f62e5775e
                                                                                        • Instruction ID: 0cd358e8696d9f4b60970e37ad91d5fd99f82ddf5e61fcc7621942bdb4253bf1
                                                                                        • Opcode Fuzzy Hash: 7617207f1f920b1b9724071269918f07dc49710facdc5579188b002f62e5775e
                                                                                        • Instruction Fuzzy Hash: 0C11E2B5C1065A9BDB14CFAAC444BDEFBF8AF48320F15816AD818B7240D378A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB56C8 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 0ADB5730
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID:
                                                                                        • API String ID: 2222842502-0
                                                                                        • Opcode ID: 9d2b044781b1d832b9e793a118096cad1821291bf06748d0727e00e3c125685b
                                                                                        • Instruction ID: bcaf3a9ee68be6c7af8909715e01db098e50ffbaa88405be495dece74539d6e8
                                                                                        • Opcode Fuzzy Hash: 9d2b044781b1d832b9e793a118096cad1821291bf06748d0727e00e3c125685b
                                                                                        • Instruction Fuzzy Hash: 0511F3B5800249DFDB10CF9AD984BDEFBF8EB48320F10842AE959A3251C378A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB56C3 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 0ADB5730
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID:
                                                                                        • API String ID: 2222842502-0
                                                                                        • Opcode ID: 0b02715c3a70f024ab4a6e40fe1b861e49255a7b5334bb884d9a5b533ab9ba8e
                                                                                        • Instruction ID: 31c0f6a2d402a7910122b77823735f22d7aa74c7b2b87d1a68982e889acf9cfe
                                                                                        • Opcode Fuzzy Hash: 0b02715c3a70f024ab4a6e40fe1b861e49255a7b5334bb884d9a5b533ab9ba8e
                                                                                        • Instruction Fuzzy Hash: 041123B5900249DFDB20CF9AD484BEEFBF8EB48320F14842AE959A3240C378A545CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB5A67 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,0ADB536F,00000000,04134358,031501AC,00000000,?), ref: 0ADB5ACD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: d76a273c155c137b07d8c6b787152b132ca18c2b8b38bd90ee43c24f2be9e227
                                                                                        • Instruction ID: 045374ace19fdae62d04974121ae1765c381b602620ce9435adca8796ba0a149
                                                                                        • Opcode Fuzzy Hash: d76a273c155c137b07d8c6b787152b132ca18c2b8b38bd90ee43c24f2be9e227
                                                                                        • Instruction Fuzzy Hash: 5B11C3B5810259DFDB10CF9AD884BEEFBF4EB48310F15842AE959B3241C379A644CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DBC611 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000018,00000001,?), ref: 08DBC675
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: d7adb8e4c6ac6f7c8cd29eaa729aa3962242307789f28c2f723d0cc838918796
                                                                                        • Instruction ID: d39caed7e9e70ceb97f9ef8b3edcea4343e62da4c443747a665773061515eb22
                                                                                        • Opcode Fuzzy Hash: d7adb8e4c6ac6f7c8cd29eaa729aa3962242307789f28c2f723d0cc838918796
                                                                                        • Instruction Fuzzy Hash: 9C11F5B5800649DFDB20CF9AD849BDEFBF8FB48310F10855AD959A7210C375A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DBA608 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,08DBA5F9,?,?,00000000), ref: 08DBA66D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: c285061246670033690524e62fddac18ef811fe3e6e4be81da9b8ec43e4291f5
                                                                                        • Instruction ID: 9d9894ed76860b73ac79c67dc1989d9a11cd12144f2abb23b1bf29092e296497
                                                                                        • Opcode Fuzzy Hash: c285061246670033690524e62fddac18ef811fe3e6e4be81da9b8ec43e4291f5
                                                                                        • Instruction Fuzzy Hash: 9411F2B5800659DFDB20CF9AD849BDEFBF8FB48320F10855AE519A7210C375A584CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB79D4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000018,00000001,?), ref: 08DBC675
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 5737c8288bdd1f216a5042e64f68bd00745424adf5dc3cbfc45b179443d9795b
                                                                                        • Instruction ID: 22728595d16200ed19bd77580f0c7e6f910e33d0dca006df1ca0627c8a8ba29a
                                                                                        • Opcode Fuzzy Hash: 5737c8288bdd1f216a5042e64f68bd00745424adf5dc3cbfc45b179443d9795b
                                                                                        • Instruction Fuzzy Hash: 8C11F2B5800349DFDB20CF9AD884BDEBBF8FB48350F10851AE919A7211C375A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB94F8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,08DBA5F9,?,?,00000000), ref: 08DBA66D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: d69fe2cf21d13c53d276f60225371f436f9fad2dedab2a9dadb4c482224efa72
                                                                                        • Instruction ID: e8b992ecedfbbc45fd765d7ea893fe67cd0705cf55ea2b527e2bcd1b71ab5434
                                                                                        • Opcode Fuzzy Hash: d69fe2cf21d13c53d276f60225371f436f9fad2dedab2a9dadb4c482224efa72
                                                                                        • Instruction Fuzzy Hash: C811F2B5800759DFDB20DF9AD485BDEBBF8EB48310F10851AE919A7200C375A954CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169D728 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0169D78E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 3bf84eca8b5b400d44bc817c3a1c12da2b8a92b95bc592f157ddac054f1f60fb
                                                                                        • Instruction ID: 9ed9cb1b25f33311599adf6500ce0da27300fd88cd3876be652479e9563df7bc
                                                                                        • Opcode Fuzzy Hash: 3bf84eca8b5b400d44bc817c3a1c12da2b8a92b95bc592f157ddac054f1f60fb
                                                                                        • Instruction Fuzzy Hash: C211D2B5C006498FDB14CF9AD844A9EFBF9AB48224F14842AD519A7210C375A545CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E99A79 Relevance: 1.5, APIs: 1, Instructions: 46timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Timer
                                                                                        • String ID:
                                                                                        • API String ID: 2870079774-0
                                                                                        • Opcode ID: f94e76d391ba2484ca985b504160ea205288e4125ba50b49ef9afd51074df9ec
                                                                                        • Instruction ID: 65254d27f927dfa8cc9b91152084f00c89f79c9d13234e6173f45ade9eecfc97
                                                                                        • Opcode Fuzzy Hash: f94e76d391ba2484ca985b504160ea205288e4125ba50b49ef9afd51074df9ec
                                                                                        • Instruction Fuzzy Hash: D011F5B5800349DFDB10DF9AD485BDEFBF8EB48320F108459D558A7210C3B5A984CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB4C14 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0ADB5427), ref: 0ADB5F9D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID:
                                                                                        • API String ID: 2061451462-0
                                                                                        • Opcode ID: c0e86d45b0b9191773cf70aaf65ff35977d52a69504ba3857a2d7c1649e28048
                                                                                        • Instruction ID: 04afc6b146ff4e8e635e27c3cc608850c7a8d2f88793b5f29149b427c3d505a6
                                                                                        • Opcode Fuzzy Hash: c0e86d45b0b9191773cf70aaf65ff35977d52a69504ba3857a2d7c1649e28048
                                                                                        • Instruction Fuzzy Hash: E811DFB1C14649DFDB20DF9AE444BDEFBF4AB48210F10846AE91AA7240D378A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E99A80 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: Timer
                                                                                        • String ID:
                                                                                        • API String ID: 2870079774-0
                                                                                        • Opcode ID: 442727461d3544976266b4a6196ac7ce79c71d634fc1885d986bcd590ec87f20
                                                                                        • Instruction ID: 3a7b3f5f05638843cc9750c1ae08f60021feed95f5dcb76987dcd42b4e9fa430
                                                                                        • Opcode Fuzzy Hash: 442727461d3544976266b4a6196ac7ce79c71d634fc1885d986bcd590ec87f20
                                                                                        • Instruction Fuzzy Hash: 3611D3B5800349DFDB10DF9AD485BDEFBF8EB48324F108419D558A7201C3B5A984CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0169FD78 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,?,?), ref: 0169FDD5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3898602753.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_1690000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1378638983-0
                                                                                        • Opcode ID: 4b398c477848191abc4e35267ec192fca087cbc850dc61191a4b014f666c3bd7
                                                                                        • Instruction ID: 08178c1d768170aaa3a5b8c526230170243c37acdb8c2cfe623317bdde475410
                                                                                        • Opcode Fuzzy Hash: 4b398c477848191abc4e35267ec192fca087cbc850dc61191a4b014f666c3bd7
                                                                                        • Instruction Fuzzy Hash: F011D3B5800249DFDB10CF9AD485BDEFBF8EB48320F20845AD929A7740C375A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0ADB5F3B Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0ADB5427), ref: 0ADB5F9D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4004547106.000000000ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_adb0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID:
                                                                                        • API String ID: 2061451462-0
                                                                                        • Opcode ID: e0ddcf19577805fee73b1ccf5c316aa94eeb823e67ca7450da1a4fd5316aa29d
                                                                                        • Instruction ID: 65c8310fdf17922c5acbc1b24fb2f5167de9d86ca0a0d564eb03852f51e60c7b
                                                                                        • Opcode Fuzzy Hash: e0ddcf19577805fee73b1ccf5c316aa94eeb823e67ca7450da1a4fd5316aa29d
                                                                                        • Instruction Fuzzy Hash: 7411F2B1C04699CFDB20CFAAE484BDEFBF4AB88310F14855AD859B7250C379A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08E99A30 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3994026979.0000000008E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8e90000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dfe80cdd685fc0b6e75f959623cc60efbb87406d7d5de39aa5318b39ddf755e6
                                                                                        • Instruction ID: 7b765260635866bda75bc87c92668507a4da5ca84ce6a644b683025ffa684edd
                                                                                        • Opcode Fuzzy Hash: dfe80cdd685fc0b6e75f959623cc60efbb87406d7d5de39aa5318b39ddf755e6
                                                                                        • Instruction Fuzzy Hash: 56F0F6368083818FDB129728A815399BFE0AF82231F25D1CFC085DB2E3C6F89449C772
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB056C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08DB2142
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 5e44101204e4783e6402d6c9ec316beb842a8bf4f355dc3e2249a9aff07ed003
                                                                                        • Instruction ID: eace0aadc7e9e41fa42dfb650f9af87f7f21226af979704fd2255c640e974972
                                                                                        • Opcode Fuzzy Hash: 5e44101204e4783e6402d6c9ec316beb842a8bf4f355dc3e2249a9aff07ed003
                                                                                        • Instruction Fuzzy Hash: 78E086757102249B8618AA7998548AB37AEEFC8BE130045AEF50BCB361CE24EC01C7E5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08DB211F Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08DB2142
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3992385782.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_8db0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 42618a6e34c9cfd31e8648d716af0faf27163e02241c58842d6e1db90120d04f
                                                                                        • Instruction ID: fb5cbe36a87126aec6725efa2da5bfe83af3cee3630708460d82d0f85a3b692d
                                                                                        • Opcode Fuzzy Hash: 42618a6e34c9cfd31e8648d716af0faf27163e02241c58842d6e1db90120d04f
                                                                                        • Instruction Fuzzy Hash: 6EE012767005108B8728AAB5995586B3BAA9F88A9130045AEE40ACB360CE24DC01C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920D790 Relevance: .2, Instructions: 219COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 380c897842173039de8c4993f3660d2770cd550bc373a16ffc94098fb25e6945
                                                                                        • Instruction ID: dacdf268754847afbdbf2aef76cbbb680174f88f551a9a9da619727a7ebe8ea7
                                                                                        • Opcode Fuzzy Hash: 380c897842173039de8c4993f3660d2770cd550bc373a16ffc94098fb25e6945
                                                                                        • Instruction Fuzzy Hash: A371DD717057418FE7069FB8E42475A7BA2FFCA600F1585AAD406CB2E2DF749C05CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920FDB0 Relevance: .2, Instructions: 188COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d36a96718b7080eec8a5378c2ab1c97e83b2088a62bbe4eeb56dacd5891c77eb
                                                                                        • Instruction ID: 410df276760c422dfa3a52cc78ddc0595a6a4a0b0c8e0cc020506ead158cfde8
                                                                                        • Opcode Fuzzy Hash: d36a96718b7080eec8a5378c2ab1c97e83b2088a62bbe4eeb56dacd5891c77eb
                                                                                        • Instruction Fuzzy Hash: 0051DF31B142668FDB25CB68DA646EEBBF5BF89314F0580A6E945D7283E770EC40C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920DC08 Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 894819005de5400259fc8d00e043253cf69d813be94143dd20033873d6352432
                                                                                        • Instruction ID: e8d586a5467367189a1ff603a543c0fbb4f4cc7d71f76f9c1ad0c98a5caf9153
                                                                                        • Opcode Fuzzy Hash: 894819005de5400259fc8d00e043253cf69d813be94143dd20033873d6352432
                                                                                        • Instruction Fuzzy Hash: E4514E3022A710CBE7249BA4D16873A77B6FF94705F11881AE84387AC3C7F5E8818B56
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920D878 Relevance: .1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c5f203992e97886440a7cbfefee11ad69fc34b86153b869b69c3b53d6c203e0
                                                                                        • Instruction ID: df61f7141ac7fa31f467d8091020c687539d56cede352605caaaea2edf28bd5c
                                                                                        • Opcode Fuzzy Hash: 7c5f203992e97886440a7cbfefee11ad69fc34b86153b869b69c3b53d6c203e0
                                                                                        • Instruction Fuzzy Hash: 6F41EE71B053458FE7059BB9D964B1E3BA2EFC6600B1640AAE406CF3F2CE609C05CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920E648 Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a8404ff77fec4085c37cd3d7ba53874f6a792d041b73a95f71c7b392310030e7
                                                                                        • Instruction ID: d4b78b8c39cb9249db89c44ff360d94d0dab64e4b761c8983eebb72c9dee0a31
                                                                                        • Opcode Fuzzy Hash: a8404ff77fec4085c37cd3d7ba53874f6a792d041b73a95f71c7b392310030e7
                                                                                        • Instruction Fuzzy Hash: 5431BC757002008FDB049B79E858A2E7BF6EFCD621B1540BAE50ACB3A2CB70DC45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920DA68 Relevance: .1, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f6b399c0e830ad8401f724c8529088968fa23ca6924f91d49030deed95483e3e
                                                                                        • Instruction ID: 84bad07f4abfcc435a193ae3d4b56eae3fcf841bab8a56b74127009a0888a18c
                                                                                        • Opcode Fuzzy Hash: f6b399c0e830ad8401f724c8529088968fa23ca6924f91d49030deed95483e3e
                                                                                        • Instruction Fuzzy Hash: 09416934B267059BEB149BB4E46472E7BA2FB84700F108869E402CB2C6DB74ED41CB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920ECE8 Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 088b0d9c0a17ff4045ab42648f86985e084b69063ea17d628d7b0b76f1d2ca1b
                                                                                        • Instruction ID: c04d30b6cbd4ea34a821aa35232c277988a0b51d1bb0f41d5a06d21fe0521c23
                                                                                        • Opcode Fuzzy Hash: 088b0d9c0a17ff4045ab42648f86985e084b69063ea17d628d7b0b76f1d2ca1b
                                                                                        • Instruction Fuzzy Hash: 762127317053108FD7159B38D1A065ABBF6FFCA704B06889ED4868B2A3CB30DC86C795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 014CD690 Relevance: .1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3895830212.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_14cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: daec0101b93a77052c2721941828e80afde4eb1610cdfdf4451b395c73e5570f
                                                                                        • Instruction ID: 23cdbe0f614df731846266a8bb36db6f99163d5c2de5a533f655699fa7f4acb2
                                                                                        • Opcode Fuzzy Hash: daec0101b93a77052c2721941828e80afde4eb1610cdfdf4451b395c73e5570f
                                                                                        • Instruction Fuzzy Hash: 1C210B79900284DFDB45DF94D9C0B17BB65FB88714F24C57EE9090B266C336D416CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 09203498 Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 56f664af8ad41c2e2aad2e35c14762c70ce1435845201db9a060b2e657108e3f
                                                                                        • Instruction ID: 4a44341358e20a0251fec3887c2e9847838c7ac29566e990e520921a5fbc5956
                                                                                        • Opcode Fuzzy Hash: 56f664af8ad41c2e2aad2e35c14762c70ce1435845201db9a060b2e657108e3f
                                                                                        • Instruction Fuzzy Hash: 8821C6B1D106199BDB08CFAAD9847EEFBF6BF89310F14C12AE418B7294DB744945CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920CE08 Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b46426d912468b3693df94f6ffe9fd597dc34d845bfbe7e2ecfc394de354c15c
                                                                                        • Instruction ID: 24d119a25f8917bf35fff44bd5237ff92bffbed12a8be002272217e9b514eed9
                                                                                        • Opcode Fuzzy Hash: b46426d912468b3693df94f6ffe9fd597dc34d845bfbe7e2ecfc394de354c15c
                                                                                        • Instruction Fuzzy Hash: 4131E478E012099FDB04CFA9E854AEEBBB2FF89310F10416AE915A73A1DB745940CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 014CD4D8 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3895830212.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_14cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: afcf7bc1adec23a2963dd96414fa8425565119862da9435cc94fe87c00289676
                                                                                        • Instruction ID: a00b0484b174863f3da630c03a2fdb777ac2ce2dae20889d1a3979ed70dcc718
                                                                                        • Opcode Fuzzy Hash: afcf7bc1adec23a2963dd96414fa8425565119862da9435cc94fe87c00289676
                                                                                        • Instruction Fuzzy Hash: 25212479900204DFDB45DF94D9C0B27BB65FB98718F20817EE9090B366C336D446CAE2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae907e0cb21f1d1e92464cd1b275b6921d3136757b42d89aaca9538cb198218e
                                                                                        • Instruction ID: ad72303d3bad5a6ce2f358f0720c0103da7c0756bec4d1398dd3bed0c9a3e3b2
                                                                                        • Opcode Fuzzy Hash: ae907e0cb21f1d1e92464cd1b275b6921d3136757b42d89aaca9538cb198218e
                                                                                        • Instruction Fuzzy Hash: 51210375504208DFDB15DFA4D8C0B26BBB1FB84318F24C969D8090F246D33AD407CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5df488751dfe7f78ece42fa668080e5c4878fb57d71b8c273a18cbf0348fbfa4
                                                                                        • Instruction ID: 68e2ee03600f5f9417f348ba8250d5988d36b155dc252cbec7e19004437e2853
                                                                                        • Opcode Fuzzy Hash: 5df488751dfe7f78ece42fa668080e5c4878fb57d71b8c273a18cbf0348fbfa4
                                                                                        • Instruction Fuzzy Hash: 8821F571504284EFDB05DF94D9C0B65FBB5FB84328F24C96DE8094F252C336D846CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD488 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a26acf1e559922ee1cbab11978b68c71a410f4f8db43f7c8aaf0b6a1267094b3
                                                                                        • Instruction ID: e361bdb9cc7157b57a60fb5098184c0af6fb642f3df7c5178e175048d9f12e38
                                                                                        • Opcode Fuzzy Hash: a26acf1e559922ee1cbab11978b68c71a410f4f8db43f7c8aaf0b6a1267094b3
                                                                                        • Instruction Fuzzy Hash: 82213BB1504244DFDB11DF54D8C0B6ABBB5FB8432CF24C56DD8090F286C37AD446CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD2D4 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02ffe7c6509d15dee744f483854fa72cf4476da2a8935884468b6f46a0a06d54
                                                                                        • Instruction ID: 5029ce9344dcf9769eea3b6c26d95745056bb20d8e395701af889d612d46d096
                                                                                        • Opcode Fuzzy Hash: 02ffe7c6509d15dee744f483854fa72cf4476da2a8935884468b6f46a0a06d54
                                                                                        • Instruction Fuzzy Hash: 912123B1505244DFD704DF58D5C0B6AFBB4FBC4618F24C569D8090F246C33AD806CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD006 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d1edcf21c55af99a9038ae8353f6cbb7ea5696cd57c7a6e239a6e61a1121ed4e
                                                                                        • Instruction ID: cbfadedc7f841e1054b031c1b7763579931641b7dde81dc3ef51ef6579566a85
                                                                                        • Opcode Fuzzy Hash: d1edcf21c55af99a9038ae8353f6cbb7ea5696cd57c7a6e239a6e61a1121ed4e
                                                                                        • Instruction Fuzzy Hash: 25217C755093849FCB02CF24D9D0715BF71FB46218F28C5EAD8498F6A7C33A980ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 014CD68B Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3895830212.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_14cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                                        • Instruction ID: 17b579e50524d09bf17a4634fd4cb8f34dedecd1f3010f5daeaf7acf5f50cd6f
                                                                                        • Opcode Fuzzy Hash: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                                        • Instruction Fuzzy Hash: 58218176504280DFCB06CF54D9C4B16BF61FB88714F2486AAD9490A666C33AD456CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 014CD4D3 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3895830212.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_14cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction ID: 38980e2c5a49e75017fdf407277b4eaaa3cf517d5305ca4ec37688796ece41b4
                                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction Fuzzy Hash: 7F11DF76904240DFCB02CF44D9C0B16BF71FB94318F2486AED8090B267C33AD456CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920D308 Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 869cc0ce70971982474f6ad2aefb08a6bb72618cd8a29f972102a10908a7e944
                                                                                        • Instruction ID: 6a30d7f9ddc315a3706a21f7c08a8bb073a76b42a240d1aa6e7a20836dc1dcd9
                                                                                        • Opcode Fuzzy Hash: 869cc0ce70971982474f6ad2aefb08a6bb72618cd8a29f972102a10908a7e944
                                                                                        • Instruction Fuzzy Hash: 9601F1353112144FEB086B7D946862D37E7EFCAA11B2544AEE506CB3A2CE60CC06C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920FD30 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8105b7342b500aa66ef78a97f096d2d3a5243bcbef2a865e82fe99f2b7ed96d5
                                                                                        • Instruction ID: 49551e171cc7e538e90bb4d314d432254975d1413d08b02de4e779bf952ec79b
                                                                                        • Opcode Fuzzy Hash: 8105b7342b500aa66ef78a97f096d2d3a5243bcbef2a865e82fe99f2b7ed96d5
                                                                                        • Instruction Fuzzy Hash: 4E01C4617193964FE7131A70791031A3FA1AF86641F1A40EAD808CB2D3DF688C0683A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction ID: 267ff1d09025da6be301e8491c31c67cd72147a22b1a30a8e39403053615af80
                                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction Fuzzy Hash: 8E11BB75904280DFCB02CF54C5C0B19FFB1FB84228F24C6A9D8494F696C33AD44ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD483 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                                        • Instruction ID: f72b3d1904f6849bdcec8ad3fe561c231ddbb68912e67439825ecabfd4797dda
                                                                                        • Opcode Fuzzy Hash: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                                        • Instruction Fuzzy Hash: 23118E75504280DFDB12CF54D5C4B59BB71FB84228F24C6AAD8494B696C33AD44ACB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015BD2CF Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3896872627.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_15bd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 929cd43f58b2ef54ffe1233cb7e90d3c55c56ec0023e0b4b31723b2ed3ccaa0c
                                                                                        • Instruction ID: b343e087a87e99f5cdf393a0cda048d139b263ded304afbc71f33e96a241c537
                                                                                        • Opcode Fuzzy Hash: 929cd43f58b2ef54ffe1233cb7e90d3c55c56ec0023e0b4b31723b2ed3ccaa0c
                                                                                        • Instruction Fuzzy Hash: A211E371505680DFD712CF14D5C0759FFB1FB84218F24C6AAD8494B657C33AD44ACB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920DA58 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 687b16c037874e08bafde7b8a03c011d8361ed94e178b8c41826303654310bb8
                                                                                        • Instruction ID: e44a6331c5f99040a384eb721f78780b8b807b67ba5a7f5646d809b12e710eb1
                                                                                        • Opcode Fuzzy Hash: 687b16c037874e08bafde7b8a03c011d8361ed94e178b8c41826303654310bb8
                                                                                        • Instruction Fuzzy Hash: AF019E3466E3518BE7258EB8A52433A3B75FBC0741F484869E002CB1C7CB64C900C756
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920E638 Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 069a99e46daf38bd3db4953a6883bafb946c063394acffbe11c2aebf44d17ba8
                                                                                        • Instruction ID: 3949f2326279e0feb95f36c900d9e22a99e28b7ed6dc404ed244ae79ef05b3d3
                                                                                        • Opcode Fuzzy Hash: 069a99e46daf38bd3db4953a6883bafb946c063394acffbe11c2aebf44d17ba8
                                                                                        • Instruction Fuzzy Hash: B4F090327645108FD704DB3DEA98C587BF6EF8D62131A81BAF109CB3B2DA20DC148B50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 014CD61B Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3895830212.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_14cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 164ca4b2275ffe1322c0c01575d0709b2103768a7c9f3c3389d3149eaf11c86c
                                                                                        • Instruction ID: d241801b3eff7c1e78628db3631217b8e5ce1b923403d0a692e2cfe7379bf1d4
                                                                                        • Opcode Fuzzy Hash: 164ca4b2275ffe1322c0c01575d0709b2103768a7c9f3c3389d3149eaf11c86c
                                                                                        • Instruction Fuzzy Hash: 34F03776600610AF93208F0AD884C27FBADEBC4B70319C16AE84A4B712C271EC42CEA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920D9F0 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0825fce4e4c0c95ad06758954a34859e28b19cd9e5c36e3de0082914bbd127e0
                                                                                        • Instruction ID: 53f55a026c49091836baeb492eceb5bf9f16ec2320f68661d4286b92cd9cce94
                                                                                        • Opcode Fuzzy Hash: 0825fce4e4c0c95ad06758954a34859e28b19cd9e5c36e3de0082914bbd127e0
                                                                                        • Instruction Fuzzy Hash: 27F0BEB061D7824FE3079B798964B127FE5AF97604F0A82DAE881CF1F3D6608C01CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 014CD60C Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3895830212.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_14cd000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 57ef3669bb82837a92333d17d52a50747104e8d20e4fb3b0444c6c349d52a091
                                                                                        • Instruction ID: 1bb3849a8a3770d6bb1f085e17551f51e7d70d73f72732d77e2300d66093b2fd
                                                                                        • Opcode Fuzzy Hash: 57ef3669bb82837a92333d17d52a50747104e8d20e4fb3b0444c6c349d52a091
                                                                                        • Instruction Fuzzy Hash: 1FF03C75104680AFD325CF45C884C63BFB9EF8A760719848DE8994B362C671FC42CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920CEF0 Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 98463420eab86db3bdc41a1d17ade833cb61e4626250cb5c722bf3e4a72a685f
                                                                                        • Instruction ID: 019d6c101f08ca41392a810dd73ce4ae80673203995c8b3f4ed40bfcffd5989c
                                                                                        • Opcode Fuzzy Hash: 98463420eab86db3bdc41a1d17ade833cb61e4626250cb5c722bf3e4a72a685f
                                                                                        • Instruction Fuzzy Hash: AAF037B4E1A248AFDB00CFB4E8945EDBBB1EB99341F00416AE845A7292D7705901CB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0920DA20 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 632e9c642f9488da5b57dc309f7497c700a41ff5cb038f77747bdfec426ddc2e
                                                                                        • Instruction ID: b80b879f326e23756fa2cd4437d8e4abf7bb3819062157255673e4a5d208633e
                                                                                        • Opcode Fuzzy Hash: 632e9c642f9488da5b57dc309f7497c700a41ff5cb038f77747bdfec426ddc2e
                                                                                        • Instruction Fuzzy Hash: 73E08C313602144BE718DFBAE844B56B7DEEFC8A15F0480BAF509CB6A2E961E80047C0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 0D925C51 Relevance: 7.6, APIs: 5, Instructions: 116keyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetKeyState.USER32(00000001), ref: 0D925CAD
                                                                                        • GetKeyState.USER32(00000002), ref: 0D925CF2
                                                                                        • GetKeyState.USER32(00000004), ref: 0D925D37
                                                                                        • GetKeyState.USER32(00000005), ref: 0D925D7C
                                                                                        • GetKeyState.USER32(00000006), ref: 0D925DC1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4038147090.000000000D920000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D920000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_d920000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: State
                                                                                        • String ID:
                                                                                        • API String ID: 1649606143-0
                                                                                        • Opcode ID: 08a4a77c5679bc5aaa4912e7982c0f0a5b61de0cb68e9bdd3845e775ba96fe48
                                                                                        • Instruction ID: 9ee98576b0850f4be821a3dfc78c04c02b74cef224ce3c6fd26417363acf037d
                                                                                        • Opcode Fuzzy Hash: 08a4a77c5679bc5aaa4912e7982c0f0a5b61de0cb68e9bdd3845e775ba96fe48
                                                                                        • Instruction Fuzzy Hash: A7419070C00799CEEB51DF9AC44C3BFBFF8AB05308F208419D949A6690D3B89645CFA6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D925C60 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetKeyState.USER32(00000001), ref: 0D925CAD
                                                                                        • GetKeyState.USER32(00000002), ref: 0D925CF2
                                                                                        • GetKeyState.USER32(00000004), ref: 0D925D37
                                                                                        • GetKeyState.USER32(00000005), ref: 0D925D7C
                                                                                        • GetKeyState.USER32(00000006), ref: 0D925DC1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4038147090.000000000D920000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D920000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_d920000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID: State
                                                                                        • String ID:
                                                                                        • API String ID: 1649606143-0
                                                                                        • Opcode ID: 545fa35383f748f0ab87b31c3405f02f9b716f30b1bebae24421afa4b220d863
                                                                                        • Instruction ID: 13667fe9bb09b9e77520d54951470555f217b737152afbe72525c556df33c551
                                                                                        • Opcode Fuzzy Hash: 545fa35383f748f0ab87b31c3405f02f9b716f30b1bebae24421afa4b220d863
                                                                                        • Instruction Fuzzy Hash: 98418070C01795CEEB51DF9AC44C3BFBFF8AB05308F208419D949AA690C3B89645CFA6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D924508 Relevance: .2, Instructions: 157COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4038147090.000000000D920000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D920000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_d920000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9985db2c4197f884cf79638d65ccd50a57f7d3844f2d92400366427a6a4c5e26
                                                                                        • Instruction ID: c88635dd0d7ad18cad154e6b4104ae8eb54d6a17b9490fb4f8156fd3cea5db87
                                                                                        • Opcode Fuzzy Hash: 9985db2c4197f884cf79638d65ccd50a57f7d3844f2d92400366427a6a4c5e26
                                                                                        • Instruction Fuzzy Hash: 2461C578A01219CFDB14DFA4D958BEDB7B2FB89300F1084A9D90A673A0DB355E81DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8568 Relevance: .1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a7e3904c870dbfcee37e8e09a82610620d470ede0a10c2b88b8c09fb517a0751
                                                                                        • Instruction ID: 0782b8e0e476b31dc7598ff6de076dc7b07ee59059b67cc13f0640f33d270f89
                                                                                        • Opcode Fuzzy Hash: a7e3904c870dbfcee37e8e09a82610620d470ede0a10c2b88b8c09fb517a0751
                                                                                        • Instruction Fuzzy Hash: E141C0B0A05209DFC715DFA8C944AEEBBF5BF8A304F1445EAD044AB391CB349E49CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB199 Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3be7520a9096c53b5aad1770e401472971c553b02fb16065810c024aec963a29
                                                                                        • Instruction ID: adc8e165f686d17753416fabd8950fd851ce715da91803601ba08918bbbd647f
                                                                                        • Opcode Fuzzy Hash: 3be7520a9096c53b5aad1770e401472971c553b02fb16065810c024aec963a29
                                                                                        • Instruction Fuzzy Hash: A44169B0D05209DFDB24DFA8C584BEDBBB2BF86314F5045EAD004A7291C7349E85DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB0B0 Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6b42a94760c71029a8e32c21a3d4a1011ac8b2c939e83e1584bb57c2f5c7c393
                                                                                        • Instruction ID: 456de78819a7721d30c707ee2d3a1765d92383c3568f6d1c6ac63c19c9017287
                                                                                        • Opcode Fuzzy Hash: 6b42a94760c71029a8e32c21a3d4a1011ac8b2c939e83e1584bb57c2f5c7c393
                                                                                        • Instruction Fuzzy Hash: BF3185B0D05209EFDB64DFA8C988BEDBBB1BF86314F6045A9D044A7291DB309E85DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB281 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c60904f2245390a55cdee511d28ea237500b65b1a1e45fa7074664e813adc9d
                                                                                        • Instruction ID: b2e7bd33dad82f8c5a79f429346141df71fc7350cd4519031003a26c4b6f9b11
                                                                                        • Opcode Fuzzy Hash: 6c60904f2245390a55cdee511d28ea237500b65b1a1e45fa7074664e813adc9d
                                                                                        • Instruction Fuzzy Hash: DC3197B0D01209EFCB65DFA8C544BEDBBF1BF4A304F2485A9C044AB291DB349B89DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8760 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 86b22ed70df102e41ee7d31e2607bcf4ed67326413dac06aabfe9c749b00dd32
                                                                                        • Instruction ID: 3a2c77bc21b5d40a0e2e3c7581b3b6440ad7b68a47a8b53e5db5691baec7f5b3
                                                                                        • Opcode Fuzzy Hash: 86b22ed70df102e41ee7d31e2607bcf4ed67326413dac06aabfe9c749b00dd32
                                                                                        • Instruction Fuzzy Hash: C3316DB0D05249DFCB14DFA8C984BEDBBB5BF86305F1441AAD410BB391D7349A85DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8930 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 78857e5bacbb6c2b1b6dfa6142507d74b914b4ce11ecc2ab73669a6077aa31bc
                                                                                        • Instruction ID: f27638d4372c1274bcf80fc0d15c13f9abfaca3bbebaafe71a50cfedaa389c12
                                                                                        • Opcode Fuzzy Hash: 78857e5bacbb6c2b1b6dfa6142507d74b914b4ce11ecc2ab73669a6077aa31bc
                                                                                        • Instruction Fuzzy Hash: F03188B0E05209DFCB24DFA8CA44BEEBBF5BF4A314F1045A9C004B7291C734AA45DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8849 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bbca485010b5a80a6746b80832ef5a7c6b46ef7a16873b01d943d758c5e99f93
                                                                                        • Instruction ID: 42cc44f56c771456d08361e84e3e94e7477ef351b65769a46ce650e77589cecc
                                                                                        • Opcode Fuzzy Hash: bbca485010b5a80a6746b80832ef5a7c6b46ef7a16873b01d943d758c5e99f93
                                                                                        • Instruction Fuzzy Hash: 6E2189B0A05209EFDB15DFA4C944BEEBBB5BF8A305F1442E9D014A7291C7349F85DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B85D0 Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 346effa10c51d7646315c9ed45599786e6b8e348d9c4dbf10821267744ce1b74
                                                                                        • Instruction ID: 2e184f2b3bcc7395ef1e14eb0c7c642474b31e51e27ced44e707f7fc7700a832
                                                                                        • Opcode Fuzzy Hash: 346effa10c51d7646315c9ed45599786e6b8e348d9c4dbf10821267744ce1b74
                                                                                        • Instruction Fuzzy Hash: 42212AB0D05209DFCB14DFA4CA44BEDB7F5BF89305F1045A9D004AB391C7349A84DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BAFC8 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d9a1e7cf4281c0c4948a90bc59289a9c47b55d38a2672270ebd3fcebe6dfc827
                                                                                        • Instruction ID: 1fb6ceebce8fd12a8ef038f3c8330e48597c994b21a3b7d2d258b5ad27375845
                                                                                        • Opcode Fuzzy Hash: d9a1e7cf4281c0c4948a90bc59289a9c47b55d38a2672270ebd3fcebe6dfc827
                                                                                        • Instruction Fuzzy Hash: 4F2166B0A05209DFCB14CFA8C644BEDBBF1BF86314F5446AAD018AB290C7346E85DB44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8770 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fd7f3c989fb0b6046df6673bc8c768348005a02e35b3e21e2ed30a4001559f45
                                                                                        • Instruction ID: 15fbbefc9461211c9b7501e9946fdc24a6d693da20d22693ad4b1971596cbd0b
                                                                                        • Opcode Fuzzy Hash: fd7f3c989fb0b6046df6673bc8c768348005a02e35b3e21e2ed30a4001559f45
                                                                                        • Instruction Fuzzy Hash: E221E2B0D01209DFDB14DFA9C988BEEB7B5BF89305F5085AAD404AB390C7349A85DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB290 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec6285a9d05642c8d25d81986dca924e8735000d1ea3c7117277a1849507c0da
                                                                                        • Instruction ID: be7ca36859895825ee8053e7ff8abca7354b16feea5184f170085e30e70a5872
                                                                                        • Opcode Fuzzy Hash: ec6285a9d05642c8d25d81986dca924e8735000d1ea3c7117277a1849507c0da
                                                                                        • Instruction Fuzzy Hash: D421F3B0D0120DEFDB54DFA8C544BEEB7B5BF89305F5085A9D005A7290DB34AB88DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB1A8 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0c6ca4a659b9703031a36587adc69a1550be3cc43dd2e96b60f076193f502465
                                                                                        • Instruction ID: 7fb2e3cae5580d5640db37969f50b5bf5c619ce2cc519fab487191c6b6aa26f6
                                                                                        • Opcode Fuzzy Hash: 0c6ca4a659b9703031a36587adc69a1550be3cc43dd2e96b60f076193f502465
                                                                                        • Instruction Fuzzy Hash: 682134B0D05209DFCB14DFA9C584BEEB7F1BF89304F5085AAD419A7290C734AE84DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BB0C0 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a620e5c0ca7dcaac2c04784d3758d1c023f78780ccc1c4243795a3684251b5cb
                                                                                        • Instruction ID: d7a37e45fedca8c4a281c6161f57d85875c61a160efb7c046e6207913652482a
                                                                                        • Opcode Fuzzy Hash: a620e5c0ca7dcaac2c04784d3758d1c023f78780ccc1c4243795a3684251b5cb
                                                                                        • Instruction Fuzzy Hash: DB21F5B0D05209EFDB54DFA8C984BEDB7B2BF85305F5045A9D408B7290CB349A85DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079BAFD8 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8ef9c9f68f9fc5d7e1110edb7339216cf7812b2f16ac41a01b0ca5c1d6159fcd
                                                                                        • Instruction ID: c9af64eec3d140e20cf63e3c6675b16a5129a786dfd2e3074485033be8aeb8b8
                                                                                        • Opcode Fuzzy Hash: 8ef9c9f68f9fc5d7e1110edb7339216cf7812b2f16ac41a01b0ca5c1d6159fcd
                                                                                        • Instruction Fuzzy Hash: C42134B0D05209DFCB14DFA8C684BEEB7F1BF85304F5086A9D009B7290C734AA84DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8940 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f0990ff6b2cb7e1e37c156f0212502cad3235d1a249b66b432f0c07037e1436e
                                                                                        • Instruction ID: b5a6f08f7922cdfa3584b09adbf2ac5acd6d4b3d0a919165255b900355ebeb8b
                                                                                        • Opcode Fuzzy Hash: f0990ff6b2cb7e1e37c156f0212502cad3235d1a249b66b432f0c07037e1436e
                                                                                        • Instruction Fuzzy Hash: B82115B0E01209EFDB14DFA8CA44BEEBBF5BF89305F1045A9D404B7290C735AA84DB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 079B8858 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3988273778.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_79b0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 043fbf5fb89421a9762b29eb2411399edc0122679ba21efc9189626faca16cd3
                                                                                        • Instruction ID: 91e5895ce656eace1cd4be4b0cfae0b9b05043dc4a03ffcc81f7c75a42ff9ed9
                                                                                        • Opcode Fuzzy Hash: 043fbf5fb89421a9762b29eb2411399edc0122679ba21efc9189626faca16cd3
                                                                                        • Instruction Fuzzy Hash: 2821F3B0D01209EFDB14DFA8C944BEEB7B5BF89305F1045A9D005A7290C734AA85DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 093F61CB Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.4000726988.00000000093F2000.00000002.00000001.01000000.0000000F.sdmp, Offset: 093F0000, based on PE: true
                                                                                        • Associated: 00000007.00000002.4000634021.00000000093F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                        • Associated: 00000007.00000002.4003630000.0000000009452000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_93f0000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4ea0ebbc13e8ba218f15e42cd212c340f67f5e0d3523a11946156fd50254ac66
                                                                                        • Instruction ID: d35558db22d02bc6dfacd0d3edb056b6d1e106d56a119e414a944f91f15cff37
                                                                                        • Opcode Fuzzy Hash: 4ea0ebbc13e8ba218f15e42cd212c340f67f5e0d3523a11946156fd50254ac66
                                                                                        • Instruction Fuzzy Hash: E401CCA280E7D08FC7134BB848752907FB19E67215B5E08DBC8C1CF1A3E129281AE773
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 092070A4 Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3999969376.0000000009200000.00000040.00000800.00020000.00000000.sdmp, Offset: 09200000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_9200000_DRMS_Tender_No.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9a1bb654f7b414e79186cfde380224a93cf1b8e1379b76c08dc3772eb8df034
                                                                                        • Instruction ID: 6fae9dca6934bc1939b64dafbdb4e0e2e1f5d96773f2521a8dddb326cb248fe5
                                                                                        • Opcode Fuzzy Hash: c9a1bb654f7b414e79186cfde380224a93cf1b8e1379b76c08dc3772eb8df034
                                                                                        • Instruction Fuzzy Hash: BBA0112AEA2008A20F000CC8B8000F8F338EAC32B2E0030A2C208B300082A2AA380288
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:11.1%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:45
                                                                                        Total number of Limit Nodes:2
                                                                                        execution_graph 25478 2b3d520 25479 2b3d566 25478->25479 25483 2b3d700 25479->25483 25486 2b3d6ef 25479->25486 25480 2b3d653 25484 2b3d72e 25483->25484 25490 2b3d0b0 25483->25490 25484->25480 25487 2b3d6fd 25486->25487 25488 2b3d0b0 DuplicateHandle 25487->25488 25489 2b3d72e 25488->25489 25489->25480 25491 2b3d768 DuplicateHandle 25490->25491 25492 2b3d7fe 25491->25492 25492->25484 25513 2b3b190 25516 2b3b279 25513->25516 25514 2b3b19f 25517 2b3b282 25516->25517 25518 2b3b23e 25516->25518 25519 2b3b2bc 25517->25519 25525 2b3b520 25517->25525 25529 2b3b510 25517->25529 25518->25514 25519->25514 25520 2b3b2b4 25520->25519 25521 2b3b4c0 GetModuleHandleW 25520->25521 25522 2b3b4ed 25521->25522 25522->25514 25526 2b3b534 25525->25526 25528 2b3b559 25526->25528 25533 2b3ac90 25526->25533 25528->25520 25530 2b3b520 25529->25530 25531 2b3b559 25530->25531 25532 2b3ac90 LoadLibraryExW 25530->25532 25531->25520 25532->25531 25534 2b3b700 LoadLibraryExW 25533->25534 25536 2b3b779 25534->25536 25536->25528 25493 2b34668 25494 2b34672 25493->25494 25496 2b34759 25493->25496 25497 2b3477d 25496->25497 25501 2b34859 25497->25501 25505 2b34868 25497->25505 25502 2b34868 25501->25502 25504 2b3496c 25502->25504 25509 2b344c4 25502->25509 25507 2b3488f 25505->25507 25506 2b3496c 25506->25506 25507->25506 25508 2b344c4 CreateActCtxA 25507->25508 25508->25506 25510 2b358f8 CreateActCtxA 25509->25510 25512 2b359bb 25510->25512

                                                                                        Executed Functions

                                                                                        Function 051EF5D8 Relevance: .4, Instructions: 416COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1149 51ef5d8-51ef603 1150 51ef60a-51ef652 1149->1150 1151 51ef605 1149->1151 1152 51ef653 1150->1152 1151->1150 1153 51ef65a-51ef676 1152->1153 1154 51ef67f-51ef680 1153->1154 1155 51ef678 1153->1155 1160 51ef6ca-51ef733 call 51ed354 1154->1160 1155->1152 1155->1154 1156 51efa5d 1155->1156 1157 51ef7d2-51ef7f1 1155->1157 1158 51ef9d3 1155->1158 1159 51ef94c-51ef95f 1155->1159 1155->1160 1161 51efa48-51efa5b 1155->1161 1162 51ef682-51ef69f 1155->1162 1163 51ef843-51ef854 1155->1163 1164 51ef983 1155->1164 1165 51ef7fe-51ef802 1155->1165 1166 51ef9fc 1155->1166 1167 51ef778-51ef79f 1155->1167 1168 51ef734 1155->1168 1169 51ef835-51ef83e 1155->1169 1170 51ef872-51ef8a2 1155->1170 1171 51ef9b2-51ef9d1 1155->1171 1172 51ef7f3-51ef7fc 1155->1172 1173 51ef8eb-51ef91f 1155->1173 1174 51efa2b-51efa46 1155->1174 1175 51ef8a7-51ef8b8 1155->1175 1176 51ef964-51ef981 1155->1176 1177 51ef763-51ef776 1155->1177 1178 51ef7a0 1155->1178 1179 51ef6a1 1155->1179 1190 51efbb1 1156->1190 1184 51ef7a7-51ef7c3 1157->1184 1158->1166 1159->1184 1160->1168 1180 51efa03-51efa1f 1161->1180 1162->1153 1207 51ef85a-51ef86d 1163->1207 1186 51ef98a-51ef9a6 1164->1186 1187 51ef804-51ef813 1165->1187 1188 51ef815-51ef81c 1165->1188 1166->1180 1167->1178 1183 51ef73b-51ef757 1168->1183 1169->1184 1170->1184 1171->1186 1172->1184 1226 51ef925-51ef947 1173->1226 1174->1180 1181 51ef8ba-51ef8c9 1175->1181 1182 51ef8cb-51ef8d2 1175->1182 1176->1158 1176->1164 1177->1183 1178->1184 1238 51ef6a1 call 51efe10 1179->1238 1239 51ef6a1 call 51efe00 1179->1239 1203 51efa28-51efa29 1180->1203 1204 51efa21 1180->1204 1191 51ef8d9-51ef8e6 1181->1191 1182->1191 1193 51ef759 1183->1193 1194 51ef760-51ef761 1183->1194 1198 51ef7cc-51ef7cd 1184->1198 1199 51ef7c5 1184->1199 1196 51ef9af-51ef9b0 1186->1196 1197 51ef9a8 1186->1197 1202 51ef823-51ef830 1187->1202 1188->1202 1209 51efbb8-51efbd4 1190->1209 1191->1184 1193->1156 1193->1157 1193->1158 1193->1159 1193->1161 1193->1163 1193->1164 1193->1165 1193->1166 1193->1167 1193->1168 1193->1169 1193->1170 1193->1171 1193->1172 1193->1173 1193->1174 1193->1175 1193->1176 1193->1177 1193->1178 1193->1194 1194->1167 1196->1158 1197->1156 1197->1158 1197->1161 1197->1164 1197->1166 1197->1171 1197->1174 1197->1190 1197->1196 1210 51efc1e 1197->1210 1211 51efc3c 1197->1211 1212 51efc5d-51efc70 1197->1212 1213 51efc75-51efd32 1197->1213 1214 51efbef-51efbf2 1197->1214 1215 51efd61-51efd68 1197->1215 1198->1176 1199->1156 1199->1157 1199->1158 1199->1159 1199->1161 1199->1163 1199->1164 1199->1165 1199->1166 1199->1169 1199->1170 1199->1171 1199->1172 1199->1173 1199->1174 1199->1175 1199->1176 1199->1178 1199->1198 1202->1184 1203->1156 1204->1156 1204->1161 1204->1166 1204->1174 1204->1190 1204->1203 1204->1210 1204->1211 1204->1212 1204->1213 1204->1214 1204->1215 1205 51ef6a7-51ef6c8 1205->1153 1207->1184 1216 51efbe9-51efbea 1209->1216 1217 51efbd6 1209->1217 1222 51efc25-51efc37 1210->1222 1223 51efc45-51efc58 1211->1223 1212->1209 1237 51efd3b-51efd5c 1213->1237 1221 51efbfb-51efc1c 1214->1221 1216->1215 1217->1190 1217->1210 1217->1211 1217->1212 1217->1213 1217->1214 1217->1215 1217->1216 1221->1209 1222->1209 1223->1209 1226->1184 1237->1209 1238->1205 1239->1205
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 031047c6840903267bc6eba07a4088ba153dc479500f38c51a4610a00829f2e9
                                                                                        • Instruction ID: f137a12070fa15a65b83f86e306c8e13950d4940620acd67089748f2ee950a1f
                                                                                        • Opcode Fuzzy Hash: 031047c6840903267bc6eba07a4088ba153dc479500f38c51a4610a00829f2e9
                                                                                        • Instruction Fuzzy Hash: 16020774E04618DFDB58CFA9D990A9DBBB2BF89300F10D46AD80ABB354DB309946CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EF5C8 Relevance: .4, Instructions: 404COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1240 51ef5c8-51ef603 1242 51ef60a-51ef652 1240->1242 1243 51ef605 1240->1243 1244 51ef653 1242->1244 1243->1242 1245 51ef65a-51ef676 1244->1245 1246 51ef67f-51ef680 1245->1246 1247 51ef678 1245->1247 1252 51ef6ca-51ef733 call 51ed354 1246->1252 1247->1244 1247->1246 1248 51efa5d 1247->1248 1249 51ef7d2-51ef7f1 1247->1249 1250 51ef9d3 1247->1250 1251 51ef94c-51ef95f 1247->1251 1247->1252 1253 51efa48-51efa5b 1247->1253 1254 51ef682-51ef69f 1247->1254 1255 51ef843-51ef854 1247->1255 1256 51ef983 1247->1256 1257 51ef7fe-51ef802 1247->1257 1258 51ef9fc 1247->1258 1259 51ef778-51ef79f 1247->1259 1260 51ef734 1247->1260 1261 51ef835-51ef83e 1247->1261 1262 51ef872-51ef8a2 1247->1262 1263 51ef9b2-51ef9d1 1247->1263 1264 51ef7f3-51ef7fc 1247->1264 1265 51ef8eb-51ef8f3 1247->1265 1266 51efa2b-51efa46 1247->1266 1267 51ef8a7-51ef8b8 1247->1267 1268 51ef964-51ef981 1247->1268 1269 51ef763-51ef776 1247->1269 1270 51ef7a0 1247->1270 1271 51ef6a1 1247->1271 1282 51efbb1 1248->1282 1276 51ef7a7-51ef7c3 1249->1276 1250->1258 1251->1276 1252->1260 1272 51efa03-51efa1f 1253->1272 1254->1245 1299 51ef85a-51ef86d 1255->1299 1278 51ef98a-51ef9a6 1256->1278 1279 51ef804-51ef813 1257->1279 1280 51ef815-51ef81c 1257->1280 1258->1272 1259->1270 1275 51ef73b-51ef757 1260->1275 1261->1276 1262->1276 1263->1278 1264->1276 1284 51ef8f9-51ef91f 1265->1284 1266->1272 1273 51ef8ba-51ef8c9 1267->1273 1274 51ef8cb-51ef8d2 1267->1274 1268->1250 1268->1256 1269->1275 1270->1276 1330 51ef6a1 call 51efe10 1271->1330 1331 51ef6a1 call 51efe00 1271->1331 1295 51efa28-51efa29 1272->1295 1296 51efa21 1272->1296 1283 51ef8d9-51ef8e6 1273->1283 1274->1283 1285 51ef759 1275->1285 1286 51ef760-51ef761 1275->1286 1290 51ef7cc-51ef7cd 1276->1290 1291 51ef7c5 1276->1291 1288 51ef9af-51ef9b0 1278->1288 1289 51ef9a8 1278->1289 1294 51ef823-51ef830 1279->1294 1280->1294 1301 51efbb8-51efbd4 1282->1301 1283->1276 1318 51ef925-51ef947 1284->1318 1285->1248 1285->1249 1285->1250 1285->1251 1285->1253 1285->1255 1285->1256 1285->1257 1285->1258 1285->1259 1285->1260 1285->1261 1285->1262 1285->1263 1285->1264 1285->1265 1285->1266 1285->1267 1285->1268 1285->1269 1285->1270 1285->1286 1286->1259 1288->1250 1289->1248 1289->1250 1289->1253 1289->1256 1289->1258 1289->1263 1289->1266 1289->1282 1289->1288 1302 51efc1e 1289->1302 1303 51efc3c 1289->1303 1304 51efc5d-51efc70 1289->1304 1305 51efc75-51efc8e 1289->1305 1306 51efbef-51efbf2 1289->1306 1307 51efd61-51efd68 1289->1307 1290->1268 1291->1248 1291->1249 1291->1250 1291->1251 1291->1253 1291->1255 1291->1256 1291->1257 1291->1258 1291->1261 1291->1262 1291->1263 1291->1264 1291->1265 1291->1266 1291->1267 1291->1268 1291->1270 1291->1290 1294->1276 1295->1248 1296->1248 1296->1253 1296->1258 1296->1266 1296->1282 1296->1295 1296->1302 1296->1303 1296->1304 1296->1305 1296->1306 1296->1307 1297 51ef6a7-51ef6c8 1297->1245 1299->1276 1308 51efbe9-51efbea 1301->1308 1309 51efbd6 1301->1309 1314 51efc25-51efc37 1302->1314 1315 51efc45-51efc58 1303->1315 1304->1301 1320 51efc9a-51efcf6 1305->1320 1313 51efbfb-51efc1c 1306->1313 1308->1307 1309->1282 1309->1302 1309->1303 1309->1304 1309->1305 1309->1306 1309->1307 1309->1308 1313->1301 1314->1301 1315->1301 1318->1276 1326 51efd00-51efd12 1320->1326 1327 51efd19-51efd25 1326->1327 1328 51efd2f-51efd32 1327->1328 1329 51efd3b-51efd5c 1328->1329 1329->1301 1330->1297 1331->1297
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 37a1838e186179da0f1be540b2415686bd0528da708928b67d2ade362b551b86
                                                                                        • Instruction ID: ac017675aa759a60066752b46df78a48bf55a5318bc7f6901c1500476b11645b
                                                                                        • Opcode Fuzzy Hash: 37a1838e186179da0f1be540b2415686bd0528da708928b67d2ade362b551b86
                                                                                        • Instruction Fuzzy Hash: D702F674E05618DFDB58CFA9D980A9DBBB2BF89300F14D46AD809BB354DB309986CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EFA60 Relevance: .2, Instructions: 177COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7466c459f15e2d345a6f4468803014478fab74510b0fe4727791f3a994ac101a
                                                                                        • Instruction ID: 7e67815072b1d89447fb1381db3673f55544e5fd3136faca47839104a1a5e259
                                                                                        • Opcode Fuzzy Hash: 7466c459f15e2d345a6f4468803014478fab74510b0fe4727791f3a994ac101a
                                                                                        • Instruction Fuzzy Hash: 6F81B974E05218CFDB68DFA5D890B9DB7B2BF89300F5081AAD809A7354DB319E86DF11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EF9ED Relevance: .1, Instructions: 143COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bec63a9c1b28bf12e9abbf160a7ad00cea76fbdfa116508b572bc653eb0d750f
                                                                                        • Instruction ID: b65dd75867eefa7196b8a28cdc8b9bd6ccf8acf6f3f3ec0c95ef48bbc5415c06
                                                                                        • Opcode Fuzzy Hash: bec63a9c1b28bf12e9abbf160a7ad00cea76fbdfa116508b572bc653eb0d750f
                                                                                        • Instruction Fuzzy Hash: 10512C74E05209CFDB68CFA5D85179DBBB2FB88300F20856AD819BB354DB319A46CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EF9D8 Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6494a89008dcd5083a125f08c2ef1244ddc67f01b223054fc173b972bb2266a8
                                                                                        • Instruction ID: c52cb44808db3031af3703bff4beb05ad381b2f866d29199e10014c6dd53935f
                                                                                        • Opcode Fuzzy Hash: 6494a89008dcd5083a125f08c2ef1244ddc67f01b223054fc173b972bb2266a8
                                                                                        • Instruction Fuzzy Hash: 6D510B74E05209DFDB68CFA5D89179DBBB2FB88300F20856AD419BB354DB319946CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B3B279 Relevance: 1.7, APIs: 1, Instructions: 215COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02B3B4DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: e0219495fb8bf440b7d05d52b218ad7ffc2fbd97cfc72fe0f90dc79a1270a24e
                                                                                        • Instruction ID: 188849983d6894a95ef2e21b15b9dfaf7515d3c34f829d8fd699cf6d597265ab
                                                                                        • Opcode Fuzzy Hash: e0219495fb8bf440b7d05d52b218ad7ffc2fbd97cfc72fe0f90dc79a1270a24e
                                                                                        • Instruction Fuzzy Hash: DD817870A00B048FD725DF6AD44579ABBF1FF88308F048A6DE09AD7A54DB74E949CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B344C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 66 2b344c4-2b359b9 CreateActCtxA 69 2b359c2-2b35a1c 66->69 70 2b359bb-2b359c1 66->70 77 2b35a2b-2b35a2f 69->77 78 2b35a1e-2b35a21 69->78 70->69 79 2b35a31-2b35a3d 77->79 80 2b35a40 77->80 78->77 79->80 82 2b35a41 80->82 82->82
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 02B359A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 42013515d7d95de462679cc709fe6f1be1ff683a9e83ff969439e1d7e1154ff6
                                                                                        • Instruction ID: 69544238e12eebb0ec76dffd39cb568177f99dab40786ef2a3135e467a362d41
                                                                                        • Opcode Fuzzy Hash: 42013515d7d95de462679cc709fe6f1be1ff683a9e83ff969439e1d7e1154ff6
                                                                                        • Instruction Fuzzy Hash: E241D2B0C00719DFEB25CFA9C884B8EBBF5BF49304F60806AD418AB251DB756949CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B358EC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 83 2b358ec-2b359b9 CreateActCtxA 85 2b359c2-2b35a1c 83->85 86 2b359bb-2b359c1 83->86 93 2b35a2b-2b35a2f 85->93 94 2b35a1e-2b35a21 85->94 86->85 95 2b35a31-2b35a3d 93->95 96 2b35a40 93->96 94->93 95->96 98 2b35a41 96->98 98->98
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 02B359A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 14fca9be7305b2e1a080064e14aa1edb9845ebcbc6f3a691a6fd0573054c0ce6
                                                                                        • Instruction ID: 97ab70d8819fa7249a7940ead2735b013540d30ad5a74add7e4cf1aa1b755393
                                                                                        • Opcode Fuzzy Hash: 14fca9be7305b2e1a080064e14aa1edb9845ebcbc6f3a691a6fd0573054c0ce6
                                                                                        • Instruction Fuzzy Hash: 7941D1B1C00729CFEB25CFA9C885BCEBBB5BF49304F60816AD418AB251DB756949CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B3D0B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 99 2b3d0b0-2b3d7fc DuplicateHandle 101 2b3d805-2b3d822 99->101 102 2b3d7fe-2b3d804 99->102 102->101
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B3D72E,?,?,?,?,?), ref: 02B3D7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: c68f6dc3879590b08f22ecff358634483ee50e8e712f394c4e88acbf92844546
                                                                                        • Instruction ID: edd6304c99056a963b59db2047ee5d7bca2dadb0ab97b3e03bf1da8005045650
                                                                                        • Opcode Fuzzy Hash: c68f6dc3879590b08f22ecff358634483ee50e8e712f394c4e88acbf92844546
                                                                                        • Instruction Fuzzy Hash: D821E4B5900349EFDB10CFAAD984ADEBBF8EB48310F14845AE914A7350D378A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B3D760 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 105 2b3d760-2b3d762 106 2b3d768-2b3d7fc DuplicateHandle 105->106 107 2b3d805-2b3d822 106->107 108 2b3d7fe-2b3d804 106->108 108->107
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B3D72E,?,?,?,?,?), ref: 02B3D7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: c94a15bdd516666b41c1e0d0c6ccbe843cfcd0d1bda6b3dd4addaaf04ed1116f
                                                                                        • Instruction ID: 47bfdf19b43de72a3f1dee34de71ccb230c9bd846852418ce23186c570b32abb
                                                                                        • Opcode Fuzzy Hash: c94a15bdd516666b41c1e0d0c6ccbe843cfcd0d1bda6b3dd4addaaf04ed1116f
                                                                                        • Instruction Fuzzy Hash: 7721E3B5900249EFDB10CFAAD984ADEBBF8EB48310F14845AE954A3350D378A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B3AC90 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 111 2b3ac90-2b3b740 113 2b3b742-2b3b745 111->113 114 2b3b748-2b3b777 LoadLibraryExW 111->114 113->114 115 2b3b780-2b3b79d 114->115 116 2b3b779-2b3b77f 114->116 116->115
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B3B559,00000800,00000000,00000000), ref: 02B3B76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 23579108626fb7325e190e28e29caf3c1fbbc85cfac7f5053f73f63a26cf06c7
                                                                                        • Instruction ID: 88c519cf25ad44ab44d96fc68edddf780a0fa3e3d3635c7a2785c7cb9ab19d42
                                                                                        • Opcode Fuzzy Hash: 23579108626fb7325e190e28e29caf3c1fbbc85cfac7f5053f73f63a26cf06c7
                                                                                        • Instruction Fuzzy Hash: 3A1114B6900308DFDB11CF9AD884BDEFBF4EB48714F10846AE419A7200C375A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B3B6F8 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 119 2b3b6f8-2b3b740 120 2b3b742-2b3b745 119->120 121 2b3b748-2b3b777 LoadLibraryExW 119->121 120->121 122 2b3b780-2b3b79d 121->122 123 2b3b779-2b3b77f 121->123 123->122
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B3B559,00000800,00000000,00000000), ref: 02B3B76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 9851b200a9874e780d93dbec3265d6f32b752c7b5f81f22e6405e9cd51412108
                                                                                        • Instruction ID: 6f9b2eb88d6732b44d0650fdf15bf955c5223f073a9d2c4a4b803f48d6302400
                                                                                        • Opcode Fuzzy Hash: 9851b200a9874e780d93dbec3265d6f32b752c7b5f81f22e6405e9cd51412108
                                                                                        • Instruction Fuzzy Hash: 721103B6900248DFDB15CFAAD544ADEBBF4EB48314F14845ED419A7200C379A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02B3B478 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 126 2b3b478-2b3b4b8 127 2b3b4c0-2b3b4eb GetModuleHandleW 126->127 128 2b3b4ba-2b3b4bd 126->128 129 2b3b4f4-2b3b508 127->129 130 2b3b4ed-2b3b4f3 127->130 128->127 130->129
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02B3B4DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1491448268.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_2b30000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: ab7db6ad681271051f37ddef59c469ddb73fdfb9bbfacf6851b724675922ecf8
                                                                                        • Instruction ID: 30272f607c09d4b7d167ad7646279ac6a6453c18ec6b06a3948a3519731cbc5b
                                                                                        • Opcode Fuzzy Hash: ab7db6ad681271051f37ddef59c469ddb73fdfb9bbfacf6851b724675922ecf8
                                                                                        • Instruction Fuzzy Hash: 98110FB6C006498FDB20CF9AD444ADEFBF4EF88328F14845AD829A7200C375A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ECC80 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 132 51ecc80-51eccb2 135 51eccb4-51eccfc 132->135 136 51ecd03-51ecd05 132->136 135->136 137 51ecd0d-51ecd0f 136->137 139 51ecd4f-51ecd54 137->139 140 51ecd11-51ecd47 call 51ec8ec 137->140 140->139
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: K=m^
                                                                                        • API String ID: 0-2134298072
                                                                                        • Opcode ID: 14e4192d02c6f924426a32af3e66e19f1ca5488a5f23d2ffaac2dbf895566974
                                                                                        • Instruction ID: 49df1712678539e9b0a710233d3b564d96c971466547ec857938de89e98afbb9
                                                                                        • Opcode Fuzzy Hash: 14e4192d02c6f924426a32af3e66e19f1ca5488a5f23d2ffaac2dbf895566974
                                                                                        • Instruction Fuzzy Hash: C6119D703043048FD718EB79D885B9AB7A6FB85318F20892DE1198B390DF71AC05CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ECC90 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 149 51ecc90-51eccb2 151 51eccb4-51eccfc 149->151 152 51ecd03-51ecd05 149->152 151->152 153 51ecd0d-51ecd0f 152->153 155 51ecd4f-51ecd54 153->155 156 51ecd11-51ecd47 call 51ec8ec 153->156 156->155
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: K=m^
                                                                                        • API String ID: 0-2134298072
                                                                                        • Opcode ID: 521132aec273d0c22b6d7c02fbda1bf84da105cd8842559f3eed4795fb34e6dd
                                                                                        • Instruction ID: 540910599974acb8174355a2cbb409392ba6cd685e3ae08fb379d7f7b764908d
                                                                                        • Opcode Fuzzy Hash: 521132aec273d0c22b6d7c02fbda1bf84da105cd8842559f3eed4795fb34e6dd
                                                                                        • Instruction Fuzzy Hash: 3C119070704705CFD718AB79D884A9AB7A6FF85218B10893DE1198B390DF71AD05CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E6800 Relevance: .8, Instructions: 784COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5371796c0105ca2af856776ff4986fa9c08e846a306f0dc2cd08aead2c75f0ae
                                                                                        • Instruction ID: f5726401587b2b17e227cbdf3be93af35dc300bcbc4d1097cf1397111c7e1202
                                                                                        • Opcode Fuzzy Hash: 5371796c0105ca2af856776ff4986fa9c08e846a306f0dc2cd08aead2c75f0ae
                                                                                        • Instruction Fuzzy Hash: DE62FF70E00F81CBEB749F749588BADBAA5FB45B00F34491ED4BECA2C5DB3498818B55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EDA2A Relevance: .5, Instructions: 526COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 759 51eda2a-51edb2c 768 51edb32-51edb7f call 51eabb0 759->768 773 51edb83-51edb8c 768->773 774 51edb81 768->774 775 51edb8e 773->775 776 51edb90-51edb99 773->776 774->773 775->776 777 51edb9b 776->777 778 51edba1-51edba5 776->778 777->778 781 51edced-51edcf6 777->781 779 51edbac 778->779 780 51edba7-51edbaa 778->780 782 51edbaf-51edbe6 779->782 780->782 783 51edcfe-51edd2c 781->783 784 51edcf8 781->784 785 51edbed-51edbf1 782->785 786 51edbe8-51edbeb 782->786 788 51edd2e-51edd31 783->788 789 51edd33-51edd37 783->789 784->783 787 51ede1c-51ede9e 784->787 790 51edbf4-51edbf8 785->790 786->785 786->790 804 51edeac 787->804 805 51edea0-51edeaa 787->805 788->789 791 51edd3a-51edd3e 788->791 789->791 792 51edbff 790->792 793 51edbfa-51edbfd 790->793 794 51edd45 791->794 795 51edd40-51edd43 791->795 797 51edc02-51edc39 792->797 793->797 798 51edd48-51edd7f 794->798 795->798 801 51edc3b-51edc3e 797->801 802 51edc40-51edc44 797->802 799 51edd86-51edd8a 798->799 800 51edd81-51edd84 798->800 806 51edd8d-51eddbb 799->806 800->799 800->806 801->802 807 51edc47-51edc4b 801->807 802->807 808 51edeae-51edeb0 804->808 805->808 809 51eddbd-51eddc0 806->809 810 51eddc2-51eddc6 806->810 811 51edc4d-51edc50 807->811 812 51edc52 807->812 813 51edfab-51edfaf 808->813 814 51edeb6-51edfa2 call 51ed130 808->814 809->810 815 51eddc9-51eddcd 809->815 810->815 816 51edc55-51edc8c 811->816 812->816 819 51edfbd 813->819 820 51edfb1-51edfbb 813->820 814->813 817 51eddcf-51eddd2 815->817 818 51eddd4 815->818 821 51edc8e-51edc91 816->821 822 51edc93-51edc97 816->822 825 51eddd7-51ede0e 817->825 818->825 826 51edfbf-51edfc1 819->826 820->826 821->822 823 51edc9a-51edc9e 821->823 822->823 827 51edca5 823->827 828 51edca0-51edca3 823->828 829 51ede15-51ede19 825->829 830 51ede10-51ede13 825->830 831 51ee0bc-51ee145 826->831 832 51edfc7-51ee0b3 call 51ed130 826->832 833 51edca8-51edcdf 827->833 828->833 829->787 830->787 830->829 849 51ee187-51ee1dd 831->849 850 51ee147-51ee153 831->850 832->831 836 51edce6-51edcea 833->836 837 51edce1-51edce4 833->837 836->781 837->781 837->836 850->849 853 51ee155-51ee16e 850->853 853->849 858 51ee170-51ee17f 853->858 858->849
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5650ef761338d3258aeafbff703162ce3179239338e468b5f30fef0a20b05ee6
                                                                                        • Instruction ID: 40dc0a2cfd0fe0c6c3c3bf74af9da95aae2ede9bfba5604348f34260764abdc6
                                                                                        • Opcode Fuzzy Hash: 5650ef761338d3258aeafbff703162ce3179239338e468b5f30fef0a20b05ee6
                                                                                        • Instruction Fuzzy Hash: D3420230D10A19CFCF15EFA8D8456ECBBB1BF49300F518699D5497B264EB30AA99CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E6840 Relevance: .5, Instructions: 457COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: edf24f6e5993f53eecafc044abd02a1360279fc7e3d3a0f257558fb6f5df8122
                                                                                        • Instruction ID: 26ce6f00b451dd489edd9def2a26cf6810fd26ca02e6e036e75640e26ee3123f
                                                                                        • Opcode Fuzzy Hash: edf24f6e5993f53eecafc044abd02a1360279fc7e3d3a0f257558fb6f5df8122
                                                                                        • Instruction Fuzzy Hash: 82225FB0E05F82CBE7B45F648684F9EB690FB05710F34491BC4FECA299E73494869B49
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E3248 Relevance: .3, Instructions: 286COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c743e6c563e4d68b7c5d833474097c37be3a3481241eb4742e80d7adf5076bdd
                                                                                        • Instruction ID: 5203cefdd7c01f4745752ce7985bd36d37711fbe72a6c1ba34eae09c71a2b445
                                                                                        • Opcode Fuzzy Hash: c743e6c563e4d68b7c5d833474097c37be3a3481241eb4742e80d7adf5076bdd
                                                                                        • Instruction Fuzzy Hash: 5DB12834B006148FDB18DF69C498AADBBF6BF89711F1544A9E416EB3A1CB31EC42CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E5B30 Relevance: .2, Instructions: 219COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4ce691ef7be72e10bf1763c5c54f6442cac1b2d62dce6970b2e4da6250532f07
                                                                                        • Instruction ID: 6a783ba98027918f772c550855d480f11507174664be14211cd3513936c79460
                                                                                        • Opcode Fuzzy Hash: 4ce691ef7be72e10bf1763c5c54f6442cac1b2d62dce6970b2e4da6250532f07
                                                                                        • Instruction Fuzzy Hash: E881C138710A148FCB14EF28D498A6D7BF6BF89B05B2641A9E506DB375DB71EC41CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED598 Relevance: .2, Instructions: 207COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 272c0dd56f3239df233508942832c7ea3655d4bb7605d06228a9c11736632f4f
                                                                                        • Instruction ID: e9dff26d39a06a05160f7cb3ff8a256dcee2c603baec00ffbfbc837d806fb079
                                                                                        • Opcode Fuzzy Hash: 272c0dd56f3239df233508942832c7ea3655d4bb7605d06228a9c11736632f4f
                                                                                        • Instruction Fuzzy Hash: 0181A530E10A09DFCB15EF68E4486EDBBB2FF45304F51446DE446AB2A4EB70D9A5CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E5640 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 98e2af6fd88d77c9ff24aee116fbdde3c16327019bf9043635345e19bc47a056
                                                                                        • Instruction ID: 75db6296f3996adc1e09c265d23f157a4e299b379744634f5b0d90bbc12198fc
                                                                                        • Opcode Fuzzy Hash: 98e2af6fd88d77c9ff24aee116fbdde3c16327019bf9043635345e19bc47a056
                                                                                        • Instruction Fuzzy Hash: 94711635B046088FDB05EBA8C5A49ADB7F2BF89314F6544A9D402BB3A1CB35ED41CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E50A0 Relevance: .2, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7f03e53fc4fce1b47edf7552f0dd735ba0e093b9501fa9ee15154e54779c05d1
                                                                                        • Instruction ID: b6a5acca32352491b2b3e53ecce29c28810c69fdd10037f092d9436c1162b6ae
                                                                                        • Opcode Fuzzy Hash: 7f03e53fc4fce1b47edf7552f0dd735ba0e093b9501fa9ee15154e54779c05d1
                                                                                        • Instruction Fuzzy Hash: 1E718D30F00609CFDB15DFA9C8586AEBBB6FF88304F158169E406A7391EB349985CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E59F8 Relevance: .2, Instructions: 176COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8d053f8ad7e47a21606787be70400253852eb4349eaa9d35c54afb27484a0f6
                                                                                        • Instruction ID: 4d4c6740d0f925172cad82dd3affdd02d4ddae37c34472ab078154c7a12369a1
                                                                                        • Opcode Fuzzy Hash: e8d053f8ad7e47a21606787be70400253852eb4349eaa9d35c54afb27484a0f6
                                                                                        • Instruction Fuzzy Hash: 48518C35310A108FDB14EF79D499A6EB7E7BFC8A04B164568E906CB361DF75EC058B80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E40D8 Relevance: .2, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 209562988a3027f699c2251a4665b5a9e099f395f2725413cfd744ddc624c914
                                                                                        • Instruction ID: 876d271d95a6adfe1c201fb2fe88cb2b99b7fe12132a291bae8c0c086cdaaf0d
                                                                                        • Opcode Fuzzy Hash: 209562988a3027f699c2251a4665b5a9e099f395f2725413cfd744ddc624c914
                                                                                        • Instruction Fuzzy Hash: 56719E74A01609EFCB15DFA9D884DAEBBB6FF88314B114498F901AB361DB71EC81CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E6070 Relevance: .2, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c1ab74a44c6e9e5ec0781c1c26324704e1793965803dedb00b41e71a4717f1a9
                                                                                        • Instruction ID: 4ef6d1fb0fd7663dbd1cef13ec31bdf75b666fe80a412b4ccd740dcc4d5b3da4
                                                                                        • Opcode Fuzzy Hash: c1ab74a44c6e9e5ec0781c1c26324704e1793965803dedb00b41e71a4717f1a9
                                                                                        • Instruction Fuzzy Hash: 2B51A032B00A098FDF01CF64EC44AEEB3B6FF85704F458465E915AB262DB35E906CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E04A8 Relevance: .2, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc076d6a2b49395b373c56e736d9e216392901386d956848c70ab20a4a5028d5
                                                                                        • Instruction ID: 5964b512a63e246cf7d61d389e5eeb783c499145e5854d008b1e28117afe614c
                                                                                        • Opcode Fuzzy Hash: bc076d6a2b49395b373c56e736d9e216392901386d956848c70ab20a4a5028d5
                                                                                        • Instruction Fuzzy Hash: A7517175E106099FDB14DFAAC849AAFBFF9EFC8210F10841AE455E3350DB749945CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E08E8 Relevance: .1, Instructions: 149COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5f5df41e42d8da7e6b64e44b5d0863789b16267c9a9b8aab0baf54fc01937746
                                                                                        • Instruction ID: cf1d299ce24fefbc9dbb464044b95ae3a9243338a8afeec4c6339aa00cb77f86
                                                                                        • Opcode Fuzzy Hash: 5f5df41e42d8da7e6b64e44b5d0863789b16267c9a9b8aab0baf54fc01937746
                                                                                        • Instruction Fuzzy Hash: 6941E575B006058BDB15AFA8C45977F7AFAEFC8210F608928E406E73C5CF788D458B95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1330 Relevance: .1, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c91dd5cc5cf487760ac4b01bff61190750e89dfe503f4f0f939d41e9783503a9
                                                                                        • Instruction ID: 3be3affa0426d8abe46355c0bd867b78d6e6dfeed27b46165bd0c2cafefb72c8
                                                                                        • Opcode Fuzzy Hash: c91dd5cc5cf487760ac4b01bff61190750e89dfe503f4f0f939d41e9783503a9
                                                                                        • Instruction Fuzzy Hash: B3319E30E12618EFCB15DFA0E584ADDBBB2FF84311F218569E48267655CB319D65CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2008 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7cb430518c31addeeb4b906b056ee73f6901940e646cdc08493c2d9d26ca8898
                                                                                        • Instruction ID: 74204431e1897184eb46e2b8e9fec6ef1b448283d45407203662f8dd5443fd64
                                                                                        • Opcode Fuzzy Hash: 7cb430518c31addeeb4b906b056ee73f6901940e646cdc08493c2d9d26ca8898
                                                                                        • Instruction Fuzzy Hash: DA417DB5A007089FDB14DFA9D844B9EBBF9FF88310F108469E41AA7351CB35A945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7AD0 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 59baf64e943be462ff4552e6a4103ba9ed0d60aec648002dc8dbccd0a60a85bf
                                                                                        • Instruction ID: 56aec97cd8dd3ab4bf16ced30b63023079c81a80cdc2b9d4d35327679c303174
                                                                                        • Opcode Fuzzy Hash: 59baf64e943be462ff4552e6a4103ba9ed0d60aec648002dc8dbccd0a60a85bf
                                                                                        • Instruction Fuzzy Hash: 05414930B146989FEB14DB69C884EADBBF6FF89704F1440A9E501EB3A2CB71D800CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E5E08 Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5753cfacdf73672e038aa1d5c7ff3c9d951a2c5fd21ea55086da84fdc918354e
                                                                                        • Instruction ID: de5fe88698021e22a35dbc870b06b6b7c43cc888e1bfbdee8456357c2e02893d
                                                                                        • Opcode Fuzzy Hash: 5753cfacdf73672e038aa1d5c7ff3c9d951a2c5fd21ea55086da84fdc918354e
                                                                                        • Instruction Fuzzy Hash: 0641AE32A00A198BDF10DFA4D8446EEF3B6FF85715F15416AED05BB250DB71AD46CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED094 Relevance: .1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c608beca80c0ecbcb44f51022e5a0bdfb8fbf67e4d82bf62025c85d9a18ae049
                                                                                        • Instruction ID: 46c7428d2e040aa4fad44efd9ba56a489d36f027466b469cf08b3b9af979982d
                                                                                        • Opcode Fuzzy Hash: c608beca80c0ecbcb44f51022e5a0bdfb8fbf67e4d82bf62025c85d9a18ae049
                                                                                        • Instruction Fuzzy Hash: 98418370E049169FDB19EF64ED59AAA7BF2FB44340F52442AD403E7295EB30C911CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED810 Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 23c63cde549c4fb3b4b8845704d6c5c0452ed1386fe7830b7b29c822e17c327e
                                                                                        • Instruction ID: d5c3289f37a7766a8a0eff1e2d720742a81b91b0f47495eaa29a0a9206378dc6
                                                                                        • Opcode Fuzzy Hash: 23c63cde549c4fb3b4b8845704d6c5c0452ed1386fe7830b7b29c822e17c327e
                                                                                        • Instruction Fuzzy Hash: 7841E4B0E08A169FDB19EF64ED59AA97BF2FB45340F52046ED403E7295EB30C911CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E40C8 Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4fdce4aa615f07f87d78476a0cb9809ca2b0d4135d817530da92fbb61e1b1cff
                                                                                        • Instruction ID: 0e94c9430491416f66aa65e75c2194312997960878ff2578149cbc708d79ae2d
                                                                                        • Opcode Fuzzy Hash: 4fdce4aa615f07f87d78476a0cb9809ca2b0d4135d817530da92fbb61e1b1cff
                                                                                        • Instruction Fuzzy Hash: C7518038611609EFCB14DFA9D894D9EBBB6FF89720B114498F9029B361DB71EC81CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8C04 Relevance: .1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83cba8879774b8321ba77e296d2f580467352e5ef061db09ebae8e190aee3c15
                                                                                        • Instruction ID: 62dceff20186dcc88e4e695a326f9c518c1e32ce2fe3c7c1668f665cb9181bb8
                                                                                        • Opcode Fuzzy Hash: 83cba8879774b8321ba77e296d2f580467352e5ef061db09ebae8e190aee3c15
                                                                                        • Instruction Fuzzy Hash: D1414C30A10609CFDB44EFB8C858AAEB7F1FF85300F118569E815AB361EB71D984CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EBD88 Relevance: .1, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cfedf34c5230fe5d28846889f86c10405558aa1fddd7cdd207579e6bc2d45ab0
                                                                                        • Instruction ID: 89ddc94bdbe699e05edaef8b08d0d1694ef80a88e3cd7a3369aea1d3056fa58f
                                                                                        • Opcode Fuzzy Hash: cfedf34c5230fe5d28846889f86c10405558aa1fddd7cdd207579e6bc2d45ab0
                                                                                        • Instruction Fuzzy Hash: 22414634A056089FDB14DFA8D894AADBBB2BF89310F148569E501BB3A1DB70ED81CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E3B70 Relevance: .1, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ca87048df5a0805123c95ded96d3356a519bf309a882a655550f0a448bedf2ea
                                                                                        • Instruction ID: fe7a6fe6478917ecee62cad220ecd294ac0eb17e44d6b33c042bce39357a8c3e
                                                                                        • Opcode Fuzzy Hash: ca87048df5a0805123c95ded96d3356a519bf309a882a655550f0a448bedf2ea
                                                                                        • Instruction Fuzzy Hash: 1B414734B056089FDB14DFA8D854AADBBB2FF89710F148569E501BB3A1DB70ED81CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8C74 Relevance: .1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3eae5d164c373eed688a31b828a341aa42b49af606852f75b1233a11c732aa88
                                                                                        • Instruction ID: 7d740af80b52228c81712f6341b1a20d7ded312b85b161b8a11d38c76b8e7cc6
                                                                                        • Opcode Fuzzy Hash: 3eae5d164c373eed688a31b828a341aa42b49af606852f75b1233a11c732aa88
                                                                                        • Instruction Fuzzy Hash: BB41B135B106049BDB04EBA8D885ABFB7F6EFC8700F058559F405AB2A0EB709D41C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EE9D8 Relevance: .1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 73fcac1b310c61e9e01704c38eabcfa8013c39f9efeaf33e4f67ea9a16a4a944
                                                                                        • Instruction ID: a0a38a7c6553e4bdae43411b7de6e603ee18584f8fd9a973f5d2a2cc68f05937
                                                                                        • Opcode Fuzzy Hash: 73fcac1b310c61e9e01704c38eabcfa8013c39f9efeaf33e4f67ea9a16a4a944
                                                                                        • Instruction Fuzzy Hash: 3641AF35B106049BDB04EFA8D884ABEB7F6EFC8700F158559F405EB2A0EB709D41C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4B68 Relevance: .1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8279dea5a77caafad003b6b136fbf10a8c94772f2b424cbbc4ff2b7b857b6452
                                                                                        • Instruction ID: 6df08a5ff9819bfec8658490e65009f08f6df382e84a852faef1f68e636e5b07
                                                                                        • Opcode Fuzzy Hash: 8279dea5a77caafad003b6b136fbf10a8c94772f2b424cbbc4ff2b7b857b6452
                                                                                        • Instruction Fuzzy Hash: CD41D934A046198FDF54EB68C884BDDB7B5BF89704F114455E905AB3A1DB75E801CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0006 Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0c9f385acd19f7d822f672e4bf0e97560394950d6f9c1f6887730bdd78f31d4
                                                                                        • Instruction ID: 6b1e7489134acc060286b124a57327fa919b6cb032d2d95f93986d50b7057d84
                                                                                        • Opcode Fuzzy Hash: e0c9f385acd19f7d822f672e4bf0e97560394950d6f9c1f6887730bdd78f31d4
                                                                                        • Instruction Fuzzy Hash: 514100B0C00358DFCB15CFAAD888ACEBBB1FF49310F54826AE408AB251D7B59945CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EFBE8 Relevance: .1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7afc0b63592fe471d595f0eecf3ff53423b62e5f89d38a45b81b231da23afdbc
                                                                                        • Instruction ID: 2370a4361efa924d23771530dc2b939b909881985f157c5b1d08628732f8906b
                                                                                        • Opcode Fuzzy Hash: 7afc0b63592fe471d595f0eecf3ff53423b62e5f89d38a45b81b231da23afdbc
                                                                                        • Instruction Fuzzy Hash: 29413B74E05218CFDB28CFB5D894B9DBBB2FF88200F5085AAD809A7354DB319A46CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E14B8 Relevance: .1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bfa444b4b80876747ced02d10eeed708c947b6ca50efd5d262f9bca81171c53b
                                                                                        • Instruction ID: 22f95d4b2e6427689f269609edd025bd43061555f17dde7858ca3f25e53844e3
                                                                                        • Opcode Fuzzy Hash: bfa444b4b80876747ced02d10eeed708c947b6ca50efd5d262f9bca81171c53b
                                                                                        • Instruction Fuzzy Hash: BB21C071B04244AFD7189BB8D849B6E7FE6EF86210F54886AE006C7781DF35DC458792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0316 Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c4cbbe273b4d2899291c8db4ddd3c8a15f8ae65e4f5806af12a1466c04231e5c
                                                                                        • Instruction ID: ce01f80313e783d7c7d276e711b420d5660c5c4b4883d60c35d80bde84720ecf
                                                                                        • Opcode Fuzzy Hash: c4cbbe273b4d2899291c8db4ddd3c8a15f8ae65e4f5806af12a1466c04231e5c
                                                                                        • Instruction Fuzzy Hash: 3E41E2B1D00709CFDB20CFAAC585ACDBBB5BF48304F648529D408BB240DBB56A46CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0320 Relevance: .1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7af9659620e2b279b891b5e0187f0bec7516c556f67eace5edd4d37e80e70b71
                                                                                        • Instruction ID: d7cf95cb81d3419e29728a8bba3f5713fdc7280fe59787bb92d43cc03fa5e3eb
                                                                                        • Opcode Fuzzy Hash: 7af9659620e2b279b891b5e0187f0bec7516c556f67eace5edd4d37e80e70b71
                                                                                        • Instruction Fuzzy Hash: 3F41C2B1D00709DBDB24DFAAC984ACDBBB5BF48304F648529D408BB250DBB56A46CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0040 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 043ce8e8405c6f7b57afe8405f62ad422398a7fd93b98720293f17cd106f4ca9
                                                                                        • Instruction ID: 62ad08998cf07466c081bc046311f2c6873c560eb8f933b4e790209496d78923
                                                                                        • Opcode Fuzzy Hash: 043ce8e8405c6f7b57afe8405f62ad422398a7fd93b98720293f17cd106f4ca9
                                                                                        • Instruction Fuzzy Hash: BC41AFB0D00759DFDB14CF9AD888ADEFBB5BF88710F24812AE419AB250D7B56845CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7B56 Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 25a3905194a066fe47e7d95165edbe28e16d45881a598d6c1a2fa3b2aae4f4ea
                                                                                        • Instruction ID: ea97d1ae7fee0677a3099d81f7401d41a3d768877fd3c1e7c10239cb0adf9dfe
                                                                                        • Opcode Fuzzy Hash: 25a3905194a066fe47e7d95165edbe28e16d45881a598d6c1a2fa3b2aae4f4ea
                                                                                        • Instruction Fuzzy Hash: 3D312334B146988FEB14DB69C884EADBBB6FF49705F5500A9E901EB2A2CB71DD01CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EA11F Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1ab3d27d42330c038b00c64c9e8a62c8a80390cef6479fbb6fee999625ee5d79
                                                                                        • Instruction ID: 9aa97b88bb8a0e3e6f4b1f642026e9b433177ef3fcc9e32b0b2e669d6bf97f96
                                                                                        • Opcode Fuzzy Hash: 1ab3d27d42330c038b00c64c9e8a62c8a80390cef6479fbb6fee999625ee5d79
                                                                                        • Instruction Fuzzy Hash: C1316A70A10606CFDB48DFA8C848EAABBF1FF44300F118469E905EB361EB71D944CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0497 Relevance: .1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4f5d12ec38c8779f7a1bdfa0d45edeb5692fac4598334551331ea2b0af862ce5
                                                                                        • Instruction ID: 7f50cb5c57df2976c8f3f62ffb799a54460fe974a81799b5fcbbd8c4915f7d5f
                                                                                        • Opcode Fuzzy Hash: 4f5d12ec38c8779f7a1bdfa0d45edeb5692fac4598334551331ea2b0af862ce5
                                                                                        • Instruction Fuzzy Hash: FF219476F101059FDB11DBAAC844EFFBBFAAFC8200F14851AE554D3255EB709A028790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8D3C Relevance: .1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ca1de05377d287357e0ce22ba132af02a483a3be54a014489edb7c3228aa539d
                                                                                        • Instruction ID: 51a2f6b693f9edfeae8ebfee3ff1338adeff40ec80130c99f22a7bbc85d56b03
                                                                                        • Opcode Fuzzy Hash: ca1de05377d287357e0ce22ba132af02a483a3be54a014489edb7c3228aa539d
                                                                                        • Instruction Fuzzy Hash: A4210631E04A15DBCB29AB68CC881BABB72FF81304F51496AD486B7244FB31DD618BD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E5528 Relevance: .1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 423730c67c49c1ad4b4a0bc0d92508bd28ee9d0d04752ee71621d8e7c2a27b53
                                                                                        • Instruction ID: 4daf7b4d0d1ee3a2c64d71ec8a5052584334b73c51ea6cf686c56d6010a91f0e
                                                                                        • Opcode Fuzzy Hash: 423730c67c49c1ad4b4a0bc0d92508bd28ee9d0d04752ee71621d8e7c2a27b53
                                                                                        • Instruction Fuzzy Hash: D521AB71A046448FC715DFA8C484A9EBBF6FF8A304F2540AAD509AB352CB31DD46CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0218 Relevance: .1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6416780c5f0ecbd4a7ca31e864c45b309cb9c99f6e1a1ce31f76042200f61058
                                                                                        • Instruction ID: eb63cf2a070e9a887046d9b991b97760d66938fe9f8499486d5afe8c5fa3b3ed
                                                                                        • Opcode Fuzzy Hash: 6416780c5f0ecbd4a7ca31e864c45b309cb9c99f6e1a1ce31f76042200f61058
                                                                                        • Instruction Fuzzy Hash: 6121E1766042008FC715DB79D8888ABBFF6EF85204B1488ADE509DB355EF75EC098B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2D79 Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9906dfa0c233319f2aaa5f3deea264dcd1e621392ef68b0454e3ac1e0feeeca4
                                                                                        • Instruction ID: 928a283ec33fe152401d3f13aeed7bcbfabaf8e8eec1bd51115938d9b932fa48
                                                                                        • Opcode Fuzzy Hash: 9906dfa0c233319f2aaa5f3deea264dcd1e621392ef68b0454e3ac1e0feeeca4
                                                                                        • Instruction Fuzzy Hash: 2121F879710B119FD734CE38C4A6B66B7F6FB45210F040E29E1BAC7641D770E8858B80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2D88 Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ad2a8bfb03e2a58d4670cb0fe612db280cb89a262f93dec6c0ff990071653372
                                                                                        • Instruction ID: 107be2dda8d45c26c12d1ede3bba297d103e01939903526d803375211afa5449
                                                                                        • Opcode Fuzzy Hash: ad2a8bfb03e2a58d4670cb0fe612db280cb89a262f93dec6c0ff990071653372
                                                                                        • Instruction Fuzzy Hash: B721C479610B159FD734CF38C4A6B66B7FAFB45210F040E29E1AACB641D770E8898B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FAD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490878017.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fad000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 37f68bd2fca9a197eb5564c3f0eea25fe550e1faac9aa4a171ae7d096628c965
                                                                                        • Instruction ID: 822a853c7886d02a1dffaa53e1d4cc93e8fe2ae0e3ff28455d61ec6300e35c60
                                                                                        • Opcode Fuzzy Hash: 37f68bd2fca9a197eb5564c3f0eea25fe550e1faac9aa4a171ae7d096628c965
                                                                                        • Instruction Fuzzy Hash: 982128B6500304DFDB04DF14D9C0B16BB65FB99324F24C169EC0A0F656C336E856EAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FAD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490878017.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fad000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4cad896fb49c2b5e3f0f7865a5a96321a005f26f45733f86a9cdfa1236d9e1aa
                                                                                        • Instruction ID: a81f512c6cfbf9eaac407ba204c78b79e445510c1f024b96db449db3bd880180
                                                                                        • Opcode Fuzzy Hash: 4cad896fb49c2b5e3f0f7865a5a96321a005f26f45733f86a9cdfa1236d9e1aa
                                                                                        • Instruction Fuzzy Hash: 522128B2D00244DFDB15DF14D9C0B26BF65FB89328F28C569E8060B656C336D856EBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8C94 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b28bd112fcb72bae778c40e8c830e0bf1d6236e7866524014c6727f63b833d83
                                                                                        • Instruction ID: 6e6325995e4bb05f19e45e20bf881230ec3d6e2e1db514892301f43059dbd1e1
                                                                                        • Opcode Fuzzy Hash: b28bd112fcb72bae778c40e8c830e0bf1d6236e7866524014c6727f63b833d83
                                                                                        • Instruction Fuzzy Hash: B921F3313006109FD305ABB9D884D6FBBAAFFC5700F41896DE0458B294EF74AD45CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E3239 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 207b22bc93495b3c73e400b62893d427fffb3d6ec653223d2d3ad1c7b4d08b46
                                                                                        • Instruction ID: 71b2e21346cf4c3040e778535d29bdfe7f333528c0a4eb892c75eef050a0a77c
                                                                                        • Opcode Fuzzy Hash: 207b22bc93495b3c73e400b62893d427fffb3d6ec653223d2d3ad1c7b4d08b46
                                                                                        • Instruction Fuzzy Hash: 11214835610610CFC7149F28C858EA9B7F6FF89700F1549A9E406EB362CB75AC41CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EB561 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e619fa5494938ab28c06224f71d92235ea3e00d4f22c34ae995e3a36d519b5f
                                                                                        • Instruction ID: 914f02b5f7267ae6cdba52376e547a613e27df9efda7d6ec58d3cc6943232a46
                                                                                        • Opcode Fuzzy Hash: 9e619fa5494938ab28c06224f71d92235ea3e00d4f22c34ae995e3a36d519b5f
                                                                                        • Instruction Fuzzy Hash: A521DE313006109FD305EBA9E884E6FBBAAFFC9700F41896DE0458B294DF74AD45CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4E21 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b085667297ed2554073ba0dad335263fcc53dc9f429b3f0a676f84c079a18c20
                                                                                        • Instruction ID: d884e10a4badabc8ecc612e3f1a02bc74e8068136aad5b7ceb72accc4b1c6119
                                                                                        • Opcode Fuzzy Hash: b085667297ed2554073ba0dad335263fcc53dc9f429b3f0a676f84c079a18c20
                                                                                        • Instruction Fuzzy Hash: 99212C343006108FDB24DB7DD854F6A73EABF85714B1584A9E506CB3A1DBBAEC86CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FBD01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490932974.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fbd000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 494b31d907f16f6b8be7eb8eefe1dc86fad57731a6076c68eea829e152142cff
                                                                                        • Instruction ID: 61138eb26aefcc4bede59009afd0dd7ef403553bb233727d3b6f8497021f3822
                                                                                        • Opcode Fuzzy Hash: 494b31d907f16f6b8be7eb8eefe1dc86fad57731a6076c68eea829e152142cff
                                                                                        • Instruction Fuzzy Hash: C8212576A04304DFDB14EF24D880B16BB61FB84324F24C569D80A0B24AD336D807DE63
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FBD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490932974.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fbd000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 125f74f4625c5dd9068e5624a815e74b0f2237b142abc73255ca44893d560d41
                                                                                        • Instruction ID: ad46151c4dd32d82014363dd1739747335c7852b1f930d0d67257ebd5285d477
                                                                                        • Opcode Fuzzy Hash: 125f74f4625c5dd9068e5624a815e74b0f2237b142abc73255ca44893d560d41
                                                                                        • Instruction Fuzzy Hash: 7B212571904284EFDB04DF15D9C0B25BB61FB84324F20C56DE8094B242D336D806DE63
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4E30 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8cf2d755ba6a86c3c16e68730dc2e5abbf7452b54969a7cede0627c1333b4cb9
                                                                                        • Instruction ID: aa9ac23f004a45f207e84aa3609d7493b3e26f1d300c08fae95b518cca209feb
                                                                                        • Opcode Fuzzy Hash: 8cf2d755ba6a86c3c16e68730dc2e5abbf7452b54969a7cede0627c1333b4cb9
                                                                                        • Instruction Fuzzy Hash: 66214F343006108FDB28EB7DD854E6A73E6BF85714B1584ADE506CB3A1DBB6EC82CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E384C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe67a348e43036d715630431e63d29b803f1554bf863087e03f8642fa645bb41
                                                                                        • Instruction ID: 108d28f100ffc0e7a18dee267023d23430b781b24dca1f9d27181780555acb5f
                                                                                        • Opcode Fuzzy Hash: fe67a348e43036d715630431e63d29b803f1554bf863087e03f8642fa645bb41
                                                                                        • Instruction Fuzzy Hash: 6B214935700A109FCB249A19D480E6AB7BAFF88720F51482AE65687750CB76F881CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0208 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f6c09c667e5e79668f353e77e204a129b1e19db3a8b1cd82a7c87bbbd67925f3
                                                                                        • Instruction ID: 67c26dadcfce9b9d23a30f3e6f0e6accb9041d3b33c104277dd8e2f5e138269b
                                                                                        • Opcode Fuzzy Hash: f6c09c667e5e79668f353e77e204a129b1e19db3a8b1cd82a7c87bbbd67925f3
                                                                                        • Instruction Fuzzy Hash: 7821B6756002058FD704EBB9D549AAEBBF6EF84304F008968E506DB350EF75ED058F91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EFE00 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41760409d15b77bd4ee3260121c6a3cf74b60f1fe3ce4ad0f11c85d14881fa1e
                                                                                        • Instruction ID: 55304f1f2bdd9e8931a8523bd39b4bc8e1e3b62495b6bbc7cf90a56daadaf5f2
                                                                                        • Opcode Fuzzy Hash: 41760409d15b77bd4ee3260121c6a3cf74b60f1fe3ce4ad0f11c85d14881fa1e
                                                                                        • Instruction Fuzzy Hash: 5B213974E15609DFCB48DFA9D5815AEBBF2EB88300F21D46AD805E7314E7309A82DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EA800 Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 978a15599e14486b4140238767642c6e8b10eaa5638322df56df9f45d2cc2ad4
                                                                                        • Instruction ID: c9044fc5809e88924fbcdd1f7ef0e21dc40398a0e892f66c9bdbe48647d000b6
                                                                                        • Opcode Fuzzy Hash: 978a15599e14486b4140238767642c6e8b10eaa5638322df56df9f45d2cc2ad4
                                                                                        • Instruction Fuzzy Hash: 661126313403204BEB05A72CD49076EB7DBEBC9700F10402AE502D77D6CEB5EC826791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EFE10 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3763744221c79563dc6d454fe241e289fea0bd7c9fd63425db36ea525058d80e
                                                                                        • Instruction ID: c0b44bdf8f1899d153e8621e01c40ebf67f0f4b5334f569e71c8aaa0942b45ac
                                                                                        • Opcode Fuzzy Hash: 3763744221c79563dc6d454fe241e289fea0bd7c9fd63425db36ea525058d80e
                                                                                        • Instruction Fuzzy Hash: DB212C74E15609DFCB48DFA9D58056EFBF2EF89300F21D46AD809A7314E7309A42CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8D2C Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6fac1112857bf8473dcb65f836a1388c5a52700ef2981d6e9abe73642a731a9c
                                                                                        • Instruction ID: 0683d7744cdb30a9311585368e777d7f6385dd8457469e5a75d6b8754ecf392e
                                                                                        • Opcode Fuzzy Hash: 6fac1112857bf8473dcb65f836a1388c5a52700ef2981d6e9abe73642a731a9c
                                                                                        • Instruction Fuzzy Hash: C011E332F0850AEBCB25AAA4D9446FE7FB1FB80351B614CA1D09AB3184F33486308F95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EA810 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ffc0158849a64d7fb5b7bac6d090d28f5a8a101b5626442a02bef8ceab39d384
                                                                                        • Instruction ID: 7e25d1cc6749a6728788f1ba563e39e9911d2d8c32e0aec58786e0aee956c8c3
                                                                                        • Opcode Fuzzy Hash: ffc0158849a64d7fb5b7bac6d090d28f5a8a101b5626442a02bef8ceab39d384
                                                                                        • Instruction Fuzzy Hash: 0511C1313403204BEB09A76DC85076FB6DBEBC9B04F108069E502E77DACDB5AC5267D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E38F0 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f4c694cdac0a889785ad77bb789b6d416536fc9354332da4ed809c4689398da3
                                                                                        • Instruction ID: 69949795f87cbd24ad10b2c92e9109f40ee172920bdb2583d9ba0b7e65781780
                                                                                        • Opcode Fuzzy Hash: f4c694cdac0a889785ad77bb789b6d416536fc9354332da4ed809c4689398da3
                                                                                        • Instruction Fuzzy Hash: 6221ED71E0020A9FCB05DFADC9849AFFBF9FF98310B11855AE514E7211E774A952CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FBD005 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490932974.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fbd000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cac00ef52be62d44be601f891b79a026e849c6822664688b65c9178c4a2f552a
                                                                                        • Instruction ID: 591d191d1a420837f70d1673487622e31bbf0cf92556d1eb584d3185ba07225b
                                                                                        • Opcode Fuzzy Hash: cac00ef52be62d44be601f891b79a026e849c6822664688b65c9178c4a2f552a
                                                                                        • Instruction Fuzzy Hash: B22180755093809FCB02DF20D990715BF71EB46314F29C5EAD8498F6A7C33A980ADB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E3DBB Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 82f17939aca46c6eeb8df88c6d00c66d577e395b1b90c8032f7f63096f794652
                                                                                        • Instruction ID: dbbd39718e77adf6839679838bab3fc675add590f7dfb7df3f54ad96b54138c5
                                                                                        • Opcode Fuzzy Hash: 82f17939aca46c6eeb8df88c6d00c66d577e395b1b90c8032f7f63096f794652
                                                                                        • Instruction Fuzzy Hash: 3E113A39700A109FCB25DE19C580F6AB7B7BF88711F55482DEA9687750CB35F881CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EEBB8 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 36e106d3db18f1fef20b7e6ff84075ced652be55908fe0f1fdaa39e9e3be0089
                                                                                        • Instruction ID: 03ee6348dc499e57347c35234fc24a49732685b3eec2c4cd227a7e9d1ba7a98c
                                                                                        • Opcode Fuzzy Hash: 36e106d3db18f1fef20b7e6ff84075ced652be55908fe0f1fdaa39e9e3be0089
                                                                                        • Instruction Fuzzy Hash: 8D1180363003485FDB119F65988476F3FE99BC8201F04846EF949CB182CB3BD84683A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4928 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 650cc8666694a3f5bda015de2bb7b396343e58fa48ca0e9d52e60044390ed075
                                                                                        • Instruction ID: 8cad7cec9eb482f698e019b6a057db0ea52bf7272f91a5a148c4ada06b6b5b4a
                                                                                        • Opcode Fuzzy Hash: 650cc8666694a3f5bda015de2bb7b396343e58fa48ca0e9d52e60044390ed075
                                                                                        • Instruction Fuzzy Hash: 06210B75E0024A9FCF05DFA9C8449AEFBF5FF98200B10855AE414E7211E7749956CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E19FC Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f465bce9d6319808fb9930205dbf49c2c8045c130b920bfb0bc239fd6c949c5
                                                                                        • Instruction ID: 14d95278f4b68b6946d9c59c7e1cdf1824fe47868e4538cdf7d71189c1c7867c
                                                                                        • Opcode Fuzzy Hash: 2f465bce9d6319808fb9930205dbf49c2c8045c130b920bfb0bc239fd6c949c5
                                                                                        • Instruction Fuzzy Hash: 6F11E5717206044BE315DA38D492B5BBBEBF788710F018829E196D7780CFB9B8414B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2BE7 Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2117fdd1eb770c484a76983b2a14450806c65d7ff3082afd25e64ca575233857
                                                                                        • Instruction ID: dd5461b4db6579d16666ef1da70f18437b490a959b8c62bbf9b835a625d9ead4
                                                                                        • Opcode Fuzzy Hash: 2117fdd1eb770c484a76983b2a14450806c65d7ff3082afd25e64ca575233857
                                                                                        • Instruction Fuzzy Hash: 4F1104717106004BE715DA68C49279BBBEBF788310F558929E186D7BC4DFB9B8428F90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FAD4BF Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490878017.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fad000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction ID: 560ece6a77ba50e4fecd6bf6283a7196b77907c4900c977f77f835c3bcd1c9b7
                                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction Fuzzy Hash: CB11D3B6D04280DFCB15CF10D9C4B16BF71FB94328F28C6A9D84A0B656C336D856DBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FAD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490878017.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fad000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction ID: 092d262779f9f47ba7346821a542ef6134f938b64a55db1c8019eea4f0612f7b
                                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction Fuzzy Hash: 3A11D3B6904240DFDB15CF10D9C4B16BF71FB99324F24C6A9DC0A0B656C33AE856DBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4FE0 Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 314331b494a267a0c940b8b1dfa6e8ce4833ae9eb5ad6e40173cd7ed63592245
                                                                                        • Instruction ID: 4e4225f875a61d2480af05b87becdff8d6f56866e05e777db7ffcbe042e8337e
                                                                                        • Opcode Fuzzy Hash: 314331b494a267a0c940b8b1dfa6e8ce4833ae9eb5ad6e40173cd7ed63592245
                                                                                        • Instruction Fuzzy Hash: 4001C071B042149FDB49EBBD981476F7BEAAFC8A00F548578A409C7380EF358D858B92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1884 Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3f9cdd17a1056791095e14319de0b1bab82c04f4ba6f046b4ee7f56fcae795a1
                                                                                        • Instruction ID: 37b9abc64075b7773b03968f07e59a53f2fe50902cfd8017ca9877d03e191eb6
                                                                                        • Opcode Fuzzy Hash: 3f9cdd17a1056791095e14319de0b1bab82c04f4ba6f046b4ee7f56fcae795a1
                                                                                        • Instruction Fuzzy Hash: 6D21D3B5900648DFDB20CF9AD884BDEBBF8FB48310F14841AE919A7310D379A944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FBD1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490932974.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fbd000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction ID: 1ec80a3de92fb2d7aa989d9ec378985a08dce8c667f54bf3f57e94f5e67ce77b
                                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction Fuzzy Hash: A1118B75904280DFCB15CF10D9C4B55FFA1FB84324F24C6A9D8494B696D33AD84ADF62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E3DB9 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 79ded1bbd2e65090d9a63a866d0b359ca4b1e1fdec7bdfb0c2a39a678ce169a5
                                                                                        • Instruction ID: 5788d9569057fb3689cbc38a3871230423f6439f416c46a198fe24b689be52cb
                                                                                        • Opcode Fuzzy Hash: 79ded1bbd2e65090d9a63a866d0b359ca4b1e1fdec7bdfb0c2a39a678ce169a5
                                                                                        • Instruction Fuzzy Hash: DF111839700A109FCB24DE19C584E7AB3B7BF84710F55892DE69687750D776F881CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E3B60 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 71389033f9afbee51b602ed6c3ce78dd55c6be99410218dd45459e53df78d565
                                                                                        • Instruction ID: 92a4e361681601db7ca4a53b96d932d11ca042e8d8a7bb0af4adb60907924446
                                                                                        • Opcode Fuzzy Hash: 71389033f9afbee51b602ed6c3ce78dd55c6be99410218dd45459e53df78d565
                                                                                        • Instruction Fuzzy Hash: B0018F3271494047EB3D94689CD07ABA383E7C8611F6E456AA107DB2C4DF64ACC54260
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8491 Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 693c2b8f33d84cd1d406c05ed6d74a783fd45fbb8f6cbc8991603a4b10153b2b
                                                                                        • Instruction ID: a057e3f3a208084790b0dec398897a4909796491c3f7ee906553cfd6e0a55003
                                                                                        • Opcode Fuzzy Hash: 693c2b8f33d84cd1d406c05ed6d74a783fd45fbb8f6cbc8991603a4b10153b2b
                                                                                        • Instruction Fuzzy Hash: 570140343186519FC711D768D894B697BE6EFCA610F1940E6E505CB3A1CF64DC828B61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7E41 Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e67682e32b61854ecb49a95ceb7bcd7fde57137f99b07d2c7489321d0949f26b
                                                                                        • Instruction ID: 8b3bff77b76f0737aced7217092984b5b633b8283f8b2dafed4b2e40434a2fdd
                                                                                        • Opcode Fuzzy Hash: e67682e32b61854ecb49a95ceb7bcd7fde57137f99b07d2c7489321d0949f26b
                                                                                        • Instruction Fuzzy Hash: 0A01A23270495047EB3DD569DCC176BB393EBC9211F6E456AD106DB2C8DF70B8C64660
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E5518 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a9046432abcee2fc4e4000e40af880617d9863be1b3554dd7d407e27b12ae3b4
                                                                                        • Instruction ID: a560a8697c2254031631b633f06dda07e5e8f4291b7e9ac34a7aa324cd4461c5
                                                                                        • Opcode Fuzzy Hash: a9046432abcee2fc4e4000e40af880617d9863be1b3554dd7d407e27b12ae3b4
                                                                                        • Instruction Fuzzy Hash: 68114574A00606CFCB50DFA8C185A9EBBF6FF48704F2500A9D405A7350CB32E942CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E07B8 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83a2b8f961446855902e9950caccbb43b9b37de958b75fc2450773b292f5d62a
                                                                                        • Instruction ID: 67c3041f97001724e05259db6f3c0a0e5210dc527bf1bc0924eae5cd028a2a47
                                                                                        • Opcode Fuzzy Hash: 83a2b8f961446855902e9950caccbb43b9b37de958b75fc2450773b292f5d62a
                                                                                        • Instruction Fuzzy Hash: AE11F3B5C00648DFDB10CF9AD448BDEFBF8EB88310F14841AE459A7210D379A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EBF88 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 574831fced5d1596b45238f8f9d1baff6d8583e5ff70d7cb4fd762c371fca921
                                                                                        • Instruction ID: b152b368348a6a447d757341d2a2577cf9f7e2f3712d120fd02e98201f600375
                                                                                        • Opcode Fuzzy Hash: 574831fced5d1596b45238f8f9d1baff6d8583e5ff70d7cb4fd762c371fca921
                                                                                        • Instruction Fuzzy Hash: 6E01F972F0C515AFCB266779DC557E93FB1EB85350B1948A6D05AE3284F33885144FD0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E07C0 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7503d8ea41487d867652bb8a7abcc86755e5d7860f3cfa7e84757c1504bcc8e8
                                                                                        • Instruction ID: fb4e496974312f19710e05f528031a06be45f3f7e5ce4e642d8250a8f8d23cc3
                                                                                        • Opcode Fuzzy Hash: 7503d8ea41487d867652bb8a7abcc86755e5d7860f3cfa7e84757c1504bcc8e8
                                                                                        • Instruction Fuzzy Hash: 1D11C0B5D006489FDB10DF9AD848B9EFBF8AB88220F14841AD459A7210D3B8A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1868 Relevance: .0, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: df2b40e29ddc0cc472bafe8c665aad7c45aeb96962e37df4e21e94489cd52d29
                                                                                        • Instruction ID: 2481a6896fb74478362e9b58fafc7768e6b96b264a116798f1a6237e2fbf0cf7
                                                                                        • Opcode Fuzzy Hash: df2b40e29ddc0cc472bafe8c665aad7c45aeb96962e37df4e21e94489cd52d29
                                                                                        • Instruction Fuzzy Hash: 781125B1900648DFCB20DF9AD484BDEBBF4EB48310F10841AE519A7301C379A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E18BC Relevance: .0, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: af0d6e94c4dba6f9ea5ff34445198c0eb6fe3d8c1888687799df0d15b55abaf3
                                                                                        • Instruction ID: abbe2bedd07d71bd866f7e48128d4cc3c447d7514292e5afbca4e64224f8256f
                                                                                        • Opcode Fuzzy Hash: af0d6e94c4dba6f9ea5ff34445198c0eb6fe3d8c1888687799df0d15b55abaf3
                                                                                        • Instruction Fuzzy Hash: 1C1125B1904648DFCB20DF9AD444BDEBBF4EB48310F10845AE519A7300C379A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8F10 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 752b0475606a4fbf7af235895d24c3c0e94b4f0c0c450ae2e5de119f18874e52
                                                                                        • Instruction ID: 9bcf9e4bef2c1207903642c156831d5f2ec62af9715d7df3b6879422b8e57993
                                                                                        • Opcode Fuzzy Hash: 752b0475606a4fbf7af235895d24c3c0e94b4f0c0c450ae2e5de119f18874e52
                                                                                        • Instruction Fuzzy Hash: CDF0C831728620ABFB14257964097AA7DDBAB80735F540726B41DC22C2DFA9C8868691
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1EAA Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c11bc307e0a7c1e492d99e8ec032930dcbacac429e1294fc7cb0f2acde008c4
                                                                                        • Instruction ID: be797af8cb538051385ddc7a205ff854115999cc228e22dbc97addde665df791
                                                                                        • Opcode Fuzzy Hash: 7c11bc307e0a7c1e492d99e8ec032930dcbacac429e1294fc7cb0f2acde008c4
                                                                                        • Instruction Fuzzy Hash: 0E1103B5900648DFDB10DF9AD584BDEFBF4EB48320F20841AE519A7340C779A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E10F0 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e65a67c1c0d57c265ab6bba48c636720c211077f1f80eecdbd02efaa1af1f121
                                                                                        • Instruction ID: 6c2879578085903960ad439320521c004998850a9e760604acf9e95a236622d2
                                                                                        • Opcode Fuzzy Hash: e65a67c1c0d57c265ab6bba48c636720c211077f1f80eecdbd02efaa1af1f121
                                                                                        • Instruction Fuzzy Hash: AD01A97EB006549FCF17BBA898545BF7FB6AB89610F100059E505A7382DB311E01C7E6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FAD745 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490878017.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fad000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e4d16765efc24423f9b7e113804e2f5f71f619ca50d43557914fa2ba68d529b
                                                                                        • Instruction ID: 6da03f8b63d252a27aa93250703d1cabf0a8f685d8561dc6fc80c1af7a0a1317
                                                                                        • Opcode Fuzzy Hash: 3e4d16765efc24423f9b7e113804e2f5f71f619ca50d43557914fa2ba68d529b
                                                                                        • Instruction Fuzzy Hash: 85012BB1404344ABE7184F65CC84B67BBD8EF42734F14C51AED0A0E682D7399840DAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E49D0 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 22547394f72141ed3dd7333a481d42f9c8b33c034ae513e0a0f3381696ba9541
                                                                                        • Instruction ID: 1b2423fc9e057217dd2448c89e1f2cf3870d0f8f2b146e642b9e220b8503ab7a
                                                                                        • Opcode Fuzzy Hash: 22547394f72141ed3dd7333a481d42f9c8b33c034ae513e0a0f3381696ba9541
                                                                                        • Instruction Fuzzy Hash: CD018F31200600CFCB14DF69D841E6AB3E6FFC5624F14C579E50A87220DBB2EC42CB84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8F00 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83d0384e8148c59d74f75746a6948f329ee18b18fbb670df3f1219a935f43f1a
                                                                                        • Instruction ID: 57a49396672db5c16a0babb475e1aad460ba6cf1a6bf212748077fcf2a9eb267
                                                                                        • Opcode Fuzzy Hash: 83d0384e8148c59d74f75746a6948f329ee18b18fbb670df3f1219a935f43f1a
                                                                                        • Instruction Fuzzy Hash: ABF02B3231472067FB10126E984476A7EDB9BC1334F544236F41DC32C1CF698C458291
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7AC0 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3ce97d031202e35793d4e35f8f2fa24c6d07b8485f8ef84436a74fd1373b6ef
                                                                                        • Instruction ID: 1f75f9f1a12d2d688c57ba1787ef3b9ac50eb304ba79fefe114462f5b3462123
                                                                                        • Opcode Fuzzy Hash: a3ce97d031202e35793d4e35f8f2fa24c6d07b8485f8ef84436a74fd1373b6ef
                                                                                        • Instruction Fuzzy Hash: D2015A30A18698AFDB28DB69D894EDEBFF5EF49204F144056E501E7361C77098008B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E5DFA Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83e45aaf348abd75844794ca9cbc26df5836967ef5586635f857cf079b87cc0c
                                                                                        • Instruction ID: 608d5feb3067a3022a746e66cd2d49d78d05272d67390793d1a96a9bf0fd5efe
                                                                                        • Opcode Fuzzy Hash: 83e45aaf348abd75844794ca9cbc26df5836967ef5586635f857cf079b87cc0c
                                                                                        • Instruction Fuzzy Hash: 4BF08132A00219ABDF00DF94DD80BDFBBBAEF85701F104116E915F7281DB70A915C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E97F1 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 529c409fc7d286e59e21e81294d45c3b275716cb84d32e8123a8b7782c9dd70a
                                                                                        • Instruction ID: 4625bc65da994ded7d0f806137a6cdc487263e08d092ce0f6b629ec8315e6ca6
                                                                                        • Opcode Fuzzy Hash: 529c409fc7d286e59e21e81294d45c3b275716cb84d32e8123a8b7782c9dd70a
                                                                                        • Instruction Fuzzy Hash: 75014C30911248DFEB45EFB8E895BAC7FF5FB44200F6049A8E402D3290EF356A88DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E49E0 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e6e9eb10fb4e82216715eda7f11c3a5f7666e72f9dd39688099522264698885a
                                                                                        • Instruction ID: 2177f226934e69e10dfc023cf52accf5474db20e3d98c19bc85cd999d2788afe
                                                                                        • Opcode Fuzzy Hash: e6e9eb10fb4e82216715eda7f11c3a5f7666e72f9dd39688099522264698885a
                                                                                        • Instruction Fuzzy Hash: 4A0181313047008FCB14DB69D841E6AB3E6BFC5624B24C579D40AC7320EBB1EC42CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1100 Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1fb8163bf9b003924c1b7925586b9d3fcb16c5fa49f97584dfd9ee10a4344c6b
                                                                                        • Instruction ID: d1bf342a7b7e7b12eb26ec44e3589d85a9843d7b906a3a95aa75546551f7dd5c
                                                                                        • Opcode Fuzzy Hash: 1fb8163bf9b003924c1b7925586b9d3fcb16c5fa49f97584dfd9ee10a4344c6b
                                                                                        • Instruction Fuzzy Hash: 0AF0967DB006589B8F16BAA898585BFBFBAEBC9610F100029D505B7341DF711E0287D6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED150 Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5f4d1c255cf9675e6bf530c7f775e03c7e76aaa0bc4d3f93aa3a0e1a1d5dde2f
                                                                                        • Instruction ID: 8aac1fd40d7454bb7ce065acb012a898f852eaa3606e52067b0cb027fc94ca6c
                                                                                        • Opcode Fuzzy Hash: 5f4d1c255cf9675e6bf530c7f775e03c7e76aaa0bc4d3f93aa3a0e1a1d5dde2f
                                                                                        • Instruction Fuzzy Hash: 08F0F63A3002086B9B01AEAD9CD49BF3F9BEBC8610B044819F95687241CF36981193A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED9B2 Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a3a4a2cae332a879f7a36b1e1ec862107a341862d7a37e22ad3dd26ea45fa93
                                                                                        • Instruction ID: f6f0f5a7cbb8debce3c904b58ae036ae682128878adcb1ed3630f255bb114663
                                                                                        • Opcode Fuzzy Hash: 6a3a4a2cae332a879f7a36b1e1ec862107a341862d7a37e22ad3dd26ea45fa93
                                                                                        • Instruction Fuzzy Hash: 8901A232A1060ADFCF00EFA5D8448D9FB76FF89304B108729F10667250EB70A5D9CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED9B8 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 13cba870c57726fc6ad19c99a99c4dfca3c03b0dc41b1a0ca524f4831ecee26f
                                                                                        • Instruction ID: e77e2d75ea912af3949180ecfe048f3bf82c87051080b62e2b3d41d15b48e57c
                                                                                        • Opcode Fuzzy Hash: 13cba870c57726fc6ad19c99a99c4dfca3c03b0dc41b1a0ca524f4831ecee26f
                                                                                        • Instruction Fuzzy Hash: 01018632A1060A9BCF10AFB5DC449D9FB76FFC5304F118769E14567250EB70A5D9CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EB3D7 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 31db355b4abcb7ba50b7dea29d834e074c53197fffe78fdb3237d5c684bd56da
                                                                                        • Instruction ID: f26dd74421094526e2a325baf47a6d003c7ff6143394c0b648b4553f99a5e363
                                                                                        • Opcode Fuzzy Hash: 31db355b4abcb7ba50b7dea29d834e074c53197fffe78fdb3237d5c684bd56da
                                                                                        • Instruction Fuzzy Hash: 28F0E96320D7A02FC706921499563D97FA48B57254F0DC49BE088D7243C619ED0383D6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2500 Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5a95582d831a368db62fe8989e6fe91d07c3b9eec725eab63e2c6ffe2c05e6ab
                                                                                        • Instruction ID: 636a3bebad22144e20deb3087cbdde105f410b7b887b4e5ca55feba0fdcf0077
                                                                                        • Opcode Fuzzy Hash: 5a95582d831a368db62fe8989e6fe91d07c3b9eec725eab63e2c6ffe2c05e6ab
                                                                                        • Instruction Fuzzy Hash: BAF06D35210F058BD7308E78E565667B6FAFF44610F040E2AE076C7640EB70E8058790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E24F0 Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b8bab518cfe50a77db143040eacfdfa0cedf52efcf4049538b9ca5f404cb6a7b
                                                                                        • Instruction ID: c73eddc4cfdb04d50ac0fea2430353e5b34bbcc5527c74a00a4e9b402efed86e
                                                                                        • Opcode Fuzzy Hash: b8bab518cfe50a77db143040eacfdfa0cedf52efcf4049538b9ca5f404cb6a7b
                                                                                        • Instruction Fuzzy Hash: ABF06D36220B008BD7308F68E566BA6B7EAFF45A50F040A2AE036C7640DB74E8568791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EC5F8 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8eb1b1726430470694eefc850381b77b166e3d9ffa020564471c5e52be5f2a31
                                                                                        • Instruction ID: 36ae39c162bab81a11063340e7964a944a3ca629e694682f134ba5791c9aba81
                                                                                        • Opcode Fuzzy Hash: 8eb1b1726430470694eefc850381b77b166e3d9ffa020564471c5e52be5f2a31
                                                                                        • Instruction Fuzzy Hash: C9F02E267093D01BD32296BC585556A3FA7DBC6A5034400DFD646DB2D2DF52C80383D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00FAD744 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1490878017.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_fad000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c0c6b463a39d7f9320c6e38ab99e632c3888b5cd24b0ad896cae5d04847db0e
                                                                                        • Instruction ID: 78790ccfbad78e0b5633f671f2e171ddd83d5932acfce3c7cc615c5c05b3da16
                                                                                        • Opcode Fuzzy Hash: 7c0c6b463a39d7f9320c6e38ab99e632c3888b5cd24b0ad896cae5d04847db0e
                                                                                        • Instruction Fuzzy Hash: D9F06271405344AEE7148E15DC88BA2FFD8EB51734F18C45AED094A696C2799844CAB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EEC68 Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 82ae228e6359f8825da57326871ce4fffa26004e935b18815c35c87ac16271a0
                                                                                        • Instruction ID: de87d96828e31771420fd8e8f8fc47b5d9739bfc0e45921ed463f239b7353135
                                                                                        • Opcode Fuzzy Hash: 82ae228e6359f8825da57326871ce4fffa26004e935b18815c35c87ac16271a0
                                                                                        • Instruction Fuzzy Hash: FDF082302096049FE724E718954072A7FE8AB81309F28C96EE40CDB542C377D8878B95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E9EF0 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d0f82ca74cca946e7c9dea6c89d1861c24ecb2f6e7ed5470e1a6052f5d76b5a
                                                                                        • Instruction ID: 6d26052ee92ccafac9d0f30c90608179324bacb702365a9c8d6a859fc1dec1a5
                                                                                        • Opcode Fuzzy Hash: 9d0f82ca74cca946e7c9dea6c89d1861c24ecb2f6e7ed5470e1a6052f5d76b5a
                                                                                        • Instruction Fuzzy Hash: EFF020312082546FDB05EAA8A4407EABFE9EB88221F0440AAE00DC3380DF3AD941C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E9820 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 032cbe69e093c651405fcb06ec1fe9febc641b6b68b43ffb4fa1c760a5debe0d
                                                                                        • Instruction ID: accf7d5b35efdea3872746d047d7ea3c07e163d1fd3568ae437be91465ec2755
                                                                                        • Opcode Fuzzy Hash: 032cbe69e093c651405fcb06ec1fe9febc641b6b68b43ffb4fa1c760a5debe0d
                                                                                        • Instruction Fuzzy Hash: BCF08C30A01248EFDB45FFB8E89569D7FB5FB84200B1041A8E406E3280EF312E88DB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EEB43 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d0f8d76a622a16267a6fddc293a402996c2fd9a9fda2d3fd2ec0ee64f841e0f0
                                                                                        • Instruction ID: 867f489c3617464be3a0d48e47a042929cc30637fdf83e85277bf66726a08415
                                                                                        • Opcode Fuzzy Hash: d0f8d76a622a16267a6fddc293a402996c2fd9a9fda2d3fd2ec0ee64f841e0f0
                                                                                        • Instruction Fuzzy Hash: 3EF0BB322093C45FDB038B68A814B997FA59F8B211F0D85DBF588C71A3C7798D15C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EC520 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3a4829ce4d03768a03763ef82e5458390caff19a56cdc78832d6c3d75014f54a
                                                                                        • Instruction ID: 1cec40a0dacc46883fcc92b9607a2bb8a4f1ad01263f5c956827805c9a010547
                                                                                        • Opcode Fuzzy Hash: 3a4829ce4d03768a03763ef82e5458390caff19a56cdc78832d6c3d75014f54a
                                                                                        • Instruction Fuzzy Hash: 33F0A7313006004BE710B774E9947AA3BDABF45544F404868D246C72C1EB75EC418B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EC414 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33aed83270288d5fcd3c0ea3e025b8778540fcacda52c92503995dfc0f41fec7
                                                                                        • Instruction ID: 89c2d7646befdb0851003a05c1bf3c622ce09d59da892fafd787958e5c82e4a2
                                                                                        • Opcode Fuzzy Hash: 33aed83270288d5fcd3c0ea3e025b8778540fcacda52c92503995dfc0f41fec7
                                                                                        • Instruction Fuzzy Hash: 85E06C71704B145B86349F1DA94482BFBFAEBC17603004A1EE44583750CB30ED068BE5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7F50 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae7e8f1593538fba08eff999d8c789af1421ff922f943e537fa166cd086efd9d
                                                                                        • Instruction ID: 1467ee3958f2d5a610834b85c49f600f49e9fb16e598727fb66f80188e2d284f
                                                                                        • Opcode Fuzzy Hash: ae7e8f1593538fba08eff999d8c789af1421ff922f943e537fa166cd086efd9d
                                                                                        • Instruction Fuzzy Hash: A3E09271B04A204B8B0CEBBEA40086BF6EBEFC8650304C1BED50DC7724EE30A8024AC4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1FFA Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae5f7dbc97be368443d9e38cc9013964e1b591857d8061038e53f887dc4d0fb4
                                                                                        • Instruction ID: 3ebb288865bcbba856d7909951354d981508c443c69045155318c71ce2922e08
                                                                                        • Opcode Fuzzy Hash: ae5f7dbc97be368443d9e38cc9013964e1b591857d8061038e53f887dc4d0fb4
                                                                                        • Instruction Fuzzy Hash: CCE09276200700AFD639DE55E854E63BBFDFB48660B00491DE98AC3651DB31F845CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ECB02 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: faecf76678c5990c324c4e25de75921618c2e2f2f09f50561f6fdffcec7de343
                                                                                        • Instruction ID: e09019d76956920e382fe0679ca91e71d8ac8dc8cd7e6d432e82ab6f31dffac3
                                                                                        • Opcode Fuzzy Hash: faecf76678c5990c324c4e25de75921618c2e2f2f09f50561f6fdffcec7de343
                                                                                        • Instruction Fuzzy Hash: 0BF03071600B109BC730DF1AE88592ABFFAEBC47207104A1EE545C7650CB30A946CBE5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2B91 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f4821bd3983afb6a4c93b9465273c922bb9c5ff4aea2c257b870bcf324d8a657
                                                                                        • Instruction ID: 65f14af18692e5761fd8d657edea72b97fff485bcf7b92d995ae71571dd6c2e6
                                                                                        • Opcode Fuzzy Hash: f4821bd3983afb6a4c93b9465273c922bb9c5ff4aea2c257b870bcf324d8a657
                                                                                        • Instruction Fuzzy Hash: F2E0263378031427E700615CD842BDF7B8ACBC5B11F80816AE489977C1CEA6AC0302D2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E67A8 Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 271f71b1ddca6e7761e99ccd34546509c08d3aa0361453e1c6bf6854c220d267
                                                                                        • Instruction ID: 519ea6645fa1e4a9f000d8f5441cacabace34bdf514712326e41c512329a32fc
                                                                                        • Opcode Fuzzy Hash: 271f71b1ddca6e7761e99ccd34546509c08d3aa0361453e1c6bf6854c220d267
                                                                                        • Instruction Fuzzy Hash: E3E0653B620624869710DB49F442475BBADE7486653188956F40CC7551E763D892C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EC5B0 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 512b5a652a713761eacff7e795c94434a44e9ff09561e71ce9eb4654490212a7
                                                                                        • Instruction ID: 26e50f7d9c38e22a18df0aed193edc51f837a8efa7c837a1d8efb582b155a556
                                                                                        • Opcode Fuzzy Hash: 512b5a652a713761eacff7e795c94434a44e9ff09561e71ce9eb4654490212a7
                                                                                        • Instruction Fuzzy Hash: DEE0863631029427D6146ABC94C6B6F7FEB97D8A61F50006BEA06D7381DF66D84383D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ECA02 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1b97dd26a8c671cdd6164ae6df7eca022165827487cc4796a6496b1d2f53d4ab
                                                                                        • Instruction ID: e63ae1ae439980fb956d599032f8f22b53f4f8e231549badde85d6ac3337add9
                                                                                        • Opcode Fuzzy Hash: 1b97dd26a8c671cdd6164ae6df7eca022165827487cc4796a6496b1d2f53d4ab
                                                                                        • Instruction Fuzzy Hash: 9FE08C627106542BE600AA789C89B3B2FEBC7C5A61F04406AEA05D7381DE29AC0283A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EC530 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 56ede8d5753be8569b0be8e3cd865b11261478b62241aadd5ac14105361f0032
                                                                                        • Instruction ID: dae58e45ccf890c8f771170035d014a743b11d101cdd81f13076ab4b60d3c3a1
                                                                                        • Opcode Fuzzy Hash: 56ede8d5753be8569b0be8e3cd865b11261478b62241aadd5ac14105361f0032
                                                                                        • Instruction Fuzzy Hash: 0EE092303006158BEB10B778E994BA777DAFF85944F404978D606D72C0EB75EC4187E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EEB60 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cadf16e3a7e2f3d842ea60c300d636967a255ed4855a6621edc1c1455538de90
                                                                                        • Instruction ID: 73f5794d9c55eff6fc85e3a3461e79c3a626f37d2c9ebc002d7a8d31a2c08537
                                                                                        • Opcode Fuzzy Hash: cadf16e3a7e2f3d842ea60c300d636967a255ed4855a6621edc1c1455538de90
                                                                                        • Instruction Fuzzy Hash: 8FE092322002486BCB019A9DE804E9E7FDEEBCC210B04845AF949D3251CB75985197A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E0D10 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d8739c76aea03252ad006237abb1027e95c744b1d529ad5d8cf1cb60ba2b9b7
                                                                                        • Instruction ID: 5b4b99780a8a1db121199d3ef07d41be8b0a3ebb1ce32cdf97f0c3ceac092c8b
                                                                                        • Opcode Fuzzy Hash: 9d8739c76aea03252ad006237abb1027e95c744b1d529ad5d8cf1cb60ba2b9b7
                                                                                        • Instruction Fuzzy Hash: 15E0D83310425D7BCB02DF9DD840ADF3F99AF5D211F008485F954D6152C37AD96297E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1F98 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cfc202e25052ff166d946421dba2a1451cec52639d5eee50859f2d04af72439a
                                                                                        • Instruction ID: 1db6bee703a28990b68e5bf1be8f9e7ea3e7ad1083e234fc119e3f8ea474e683
                                                                                        • Opcode Fuzzy Hash: cfc202e25052ff166d946421dba2a1451cec52639d5eee50859f2d04af72439a
                                                                                        • Instruction Fuzzy Hash: 4FE06D32100159ABCB42DFADE810FDA3FA8EB18214F008585F95886122C776D566ABA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4B10 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bb01545f1a34e70c25d0ea068e87890e77f5c188bea8691585f5ae0ecd114ee4
                                                                                        • Instruction ID: 236ef78122a7df0d5b229b1fe8204080f8bff8aaab7ad1f47ae0c4fd63176465
                                                                                        • Opcode Fuzzy Hash: bb01545f1a34e70c25d0ea068e87890e77f5c188bea8691585f5ae0ecd114ee4
                                                                                        • Instruction Fuzzy Hash: 27E0DF3230421147C201EAADEC80D8FB7E7EFD5610F048A2AE1188B250DF70E84687C5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8AB8 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 732ebcb29d0e07d09e519aacbef9638195ade26ae3615857e00890f1e8097364
                                                                                        • Instruction ID: 2fb3ac0123168e961bcd0faf08ba7cf931010bc051d09e02c84ff8f9c41ef9bc
                                                                                        • Opcode Fuzzy Hash: 732ebcb29d0e07d09e519aacbef9638195ade26ae3615857e00890f1e8097364
                                                                                        • Instruction Fuzzy Hash: E7F06D31244A519FC3249B2CC889FDA77E8EF4A315F0900EAE55A9B761C770AC40CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EB437 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1a8cefdb64b8019b0879f3bf8c2fee6c04d5b0ed6af610f44ea1b980ba57419f
                                                                                        • Instruction ID: e0b4b624be85a06fa69864642bea1767f05eca0e590b2f534b4f47e081e88de6
                                                                                        • Opcode Fuzzy Hash: 1a8cefdb64b8019b0879f3bf8c2fee6c04d5b0ed6af610f44ea1b980ba57419f
                                                                                        • Instruction Fuzzy Hash: 09E0C23235062823CB0476ACE9857DE739DDF94B18F0848A9E50AAB246DE946C4247D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E01B0 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9b95773f24c78803ad16ddce037872327247dcdd73db89172ca18db57f1dc908
                                                                                        • Instruction ID: 98f7830c2f1621ac5377db814975c6732cfa63a7a9d55e889c84a6dd7763bb76
                                                                                        • Opcode Fuzzy Hash: 9b95773f24c78803ad16ddce037872327247dcdd73db89172ca18db57f1dc908
                                                                                        • Instruction Fuzzy Hash: 5DE06D71901208EFDB40EFA4E952B997BB5EB45700F208198E804E3344EB766F54DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2BA0 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2233e386976e229849b7f45e418537843467d2bf4d67ab8d04b2adbd692f1cc7
                                                                                        • Instruction ID: 8a7db603e664f74fee3ddab1b3db07ad37e72b3b78351fc890ed7bdfbe6da434
                                                                                        • Opcode Fuzzy Hash: 2233e386976e229849b7f45e418537843467d2bf4d67ab8d04b2adbd692f1cc7
                                                                                        • Instruction Fuzzy Hash: F4E0C23238071423E305726DE410BDFB68BDBC5B21F40802AE5498B6C1CEE25C0243E2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EC5C0 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d80cab9573daf1d52e086d5fa3ca00ef59e73b6975b1b19823181e61ae4ff25
                                                                                        • Instruction ID: 460e02f22b5167f21290b9a43e49c01623c64e9dec6a7160107be1ad5def73de
                                                                                        • Opcode Fuzzy Hash: 1d80cab9573daf1d52e086d5fa3ca00ef59e73b6975b1b19823181e61ae4ff25
                                                                                        • Instruction Fuzzy Hash: CED05E2631026423D51425BD1455B6F6AEB8BD8A61B40006EEA07E73C1DE67CC0243E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8C64 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8399df27ff0fb5dbb5024e1e5f9fce3bf0e424a970d10bef97f6de673b4b003f
                                                                                        • Instruction ID: 583dd4e4d13dff482207ecdcda8cc20265f39dd3d27155189d57e40761d3a1ca
                                                                                        • Opcode Fuzzy Hash: 8399df27ff0fb5dbb5024e1e5f9fce3bf0e424a970d10bef97f6de673b4b003f
                                                                                        • Instruction Fuzzy Hash: B4E02B3139172823CA0972ACB9907ED728EEBC5F14F044C65E00AB7241CFC93C0143C6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7F41 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4fb0e845e5a2689ca7fa2ba460ee5cf6a6c60d4f0f1cdcc810e25f5a31c8963b
                                                                                        • Instruction ID: 072a9085c952868081474b38a008e4a64f37299e8e4f73ae7b2484c613ee4c6c
                                                                                        • Opcode Fuzzy Hash: 4fb0e845e5a2689ca7fa2ba460ee5cf6a6c60d4f0f1cdcc810e25f5a31c8963b
                                                                                        • Instruction Fuzzy Hash: 3FE026726046201BD70AA61ACC40762B7EBEFC5740F04C1A9D10987248DE70B8028AC0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7F97 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0990081b5fa0766eaaf30210f632651c0e6e2d99a97342da6c01221d337687af
                                                                                        • Instruction ID: bd3b00015ef2f49176f4a02560ffc806a1108ddb927d2deaafcd5b5f0a8cd2a6
                                                                                        • Opcode Fuzzy Hash: 0990081b5fa0766eaaf30210f632651c0e6e2d99a97342da6c01221d337687af
                                                                                        • Instruction Fuzzy Hash: B9D0C23230552457C705331AB89475E779ECBC6A21F08086AE009C3281CFA4684243DA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ECA10 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 82e9ca24328c43771f3ff5196074c0a1666a09b3ace96aa24088d9b682b5176a
                                                                                        • Instruction ID: c86b09f30ffc3dc08333cecd58d1ff9fdbaf9e161f8214a47eb3889508218311
                                                                                        • Opcode Fuzzy Hash: 82e9ca24328c43771f3ff5196074c0a1666a09b3ace96aa24088d9b682b5176a
                                                                                        • Instruction Fuzzy Hash: 32D0A7217102542BE60065BD5C49B3B6ADFC7C5BA1700403AFA04C7381DE659C0243F0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4F98 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3a3b0d581809eee74c99da968113fc87911b10d8ba5daba4014c08d1a94537a
                                                                                        • Instruction ID: 7ddafcc4ca26803abd602748846be20adfe70f59a0b99e8437b44a2a90d8236e
                                                                                        • Opcode Fuzzy Hash: e3a3b0d581809eee74c99da968113fc87911b10d8ba5daba4014c08d1a94537a
                                                                                        • Instruction Fuzzy Hash: 57E0C2B77051108FD7064BA8EA058A93FB5DB59A6131680D3FC49CB371DA758C01C785
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E67F1 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d925f0cd0e7095ef30272bbd24f4ce9a3ebc4920fa38f8225ce75926f161641f
                                                                                        • Instruction ID: df2f277790e86bec2f89110ab2578b82381cb341bd09f09d83c31e3a771c08a0
                                                                                        • Opcode Fuzzy Hash: d925f0cd0e7095ef30272bbd24f4ce9a3ebc4920fa38f8225ce75926f161641f
                                                                                        • Instruction Fuzzy Hash: 89E046328107A09FE712AB88F488F907FA8E725361F869162E65497181C769ECD08F92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E265A Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d738880f408e44af61d8704fe683fb84e773be7f98cffe11556f98313be2dbba
                                                                                        • Instruction ID: f8d5cff7b3676200e18cba6e9d66173f58b06c614f1db7a8a9853808dcb0d5ab
                                                                                        • Opcode Fuzzy Hash: d738880f408e44af61d8704fe683fb84e773be7f98cffe11556f98313be2dbba
                                                                                        • Instruction Fuzzy Hash: 28E08C76310300CBE300BFB5E88AB2577E9B784600B994514B501C2580EF3AD8919B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E01C0 Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c45280ff32a6f78ee9ed2c533c05c76ccc7c7bbf641be3a7b64141e4ef2d4247
                                                                                        • Instruction ID: f437160454d1dabf549b9fd1f299e15251bb199339c0555421d3cd1d6a87b7b3
                                                                                        • Opcode Fuzzy Hash: c45280ff32a6f78ee9ed2c533c05c76ccc7c7bbf641be3a7b64141e4ef2d4247
                                                                                        • Instruction Fuzzy Hash: 9DE08670A01208EFDB40EFA4E945A9D7BB5EB452047208194E804E3304EF326F54DB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4099 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8c3ed0e553e6d1735630bc763275f373dae2f85c11cfa63659f1983f6ab987f1
                                                                                        • Instruction ID: 747380ae3a65a594d7186a4ddc3bc421f44e679ee4315c289ed88a200f6608e0
                                                                                        • Opcode Fuzzy Hash: 8c3ed0e553e6d1735630bc763275f373dae2f85c11cfa63659f1983f6ab987f1
                                                                                        • Instruction Fuzzy Hash: 12D05B32210104FFDB80EFA8F841EA577B8F758B10F505665F6044B112C371F456C750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EA0F0 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4e840772b74f5c4fb86e7c71e638e2ab52593be5073cd54e2b3be72503d6a5f8
                                                                                        • Instruction ID: dabf5b3d40523ca8dcad21ee97fa9bfd7fdab6add62069406eb3157fcdad888f
                                                                                        • Opcode Fuzzy Hash: 4e840772b74f5c4fb86e7c71e638e2ab52593be5073cd54e2b3be72503d6a5f8
                                                                                        • Instruction Fuzzy Hash: F9D023337000105FC604961CF509BDA37DCCB45660F0504B7F105D7351CB50DD0147C5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8AC8 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 97cde4871a1bf205a7b18a13b7ebb65fb3c6343973a43af311da26fbb7a935da
                                                                                        • Instruction ID: af40de375316e5e24e618f04b352af7d88b8cffbe2042a8fe5849bfb6567b21c
                                                                                        • Opcode Fuzzy Hash: 97cde4871a1bf205a7b18a13b7ebb65fb3c6343973a43af311da26fbb7a935da
                                                                                        • Instruction Fuzzy Hash: 49E04F30244A418FC324CB2CC448F9677D4AF0A215F0400EAE15A97371C671AC40C750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E7FA8 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e9393edaf962720e9de98eb5514f36ec9e3e327e5bb4ee915b048c8b03ef821
                                                                                        • Instruction ID: e93b16669a50d9862769d1672cf7b87ef940c0e9642638f4611be0de2074ed67
                                                                                        • Opcode Fuzzy Hash: 3e9393edaf962720e9de98eb5514f36ec9e3e327e5bb4ee915b048c8b03ef821
                                                                                        • Instruction Fuzzy Hash: 53C01223714828530509315F64684AF768ECAC9971608046AF11AC3381CF945C4202D9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E1FDF Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e5c5b5cfbfaad9a6ceb123758bd8c8d4f6575c84a762349d8c01fa2a674ed88
                                                                                        • Instruction ID: 6eaaed33bd091aa4c081a5b29b0d49e54150a06d8bc5c6ae4c0ab044f88a6236
                                                                                        • Opcode Fuzzy Hash: 7e5c5b5cfbfaad9a6ceb123758bd8c8d4f6575c84a762349d8c01fa2a674ed88
                                                                                        • Instruction Fuzzy Hash: 85D02B6F60449CABCB15DBD6D400FB93F94AB15301F08848BF5AAC1281C73AC201E7B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E2668 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b726c9b15d82df2cc4248c3918f1674355174e58459335d18662a8a616e846ea
                                                                                        • Instruction ID: f103e3dc11e53681905dd599a2733571f14e3f51ec74c82894b0a0dbf318906c
                                                                                        • Opcode Fuzzy Hash: b726c9b15d82df2cc4248c3918f1674355174e58459335d18662a8a616e846ea
                                                                                        • Instruction Fuzzy Hash: 16D0A935304304CBE3007FB2A89A72A7BDEBB8860138D8024B906D39C0DF38D892A361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E4FA8 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: daf8f0bcf394000635b612544ca1ecb8251b5aa4c28b292066c7d0628a3bed15
                                                                                        • Instruction ID: e65632e29a34828d1d4d6157ec73794b73ea406c1732a3bd45f0fbc2b0435196
                                                                                        • Opcode Fuzzy Hash: daf8f0bcf394000635b612544ca1ecb8251b5aa4c28b292066c7d0628a3bed15
                                                                                        • Instruction Fuzzy Hash: 60D0C9363101249F97059B6CE409CA9BFEDEB4D6613158166F90AC7361CE72DC108BD4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EA100 Relevance: .0, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 815b8b0daf03699afc9aeb5b751200ed6a9c5c314ad3d4ad09af8dc996fbe1d7
                                                                                        • Instruction ID: c514d9afa8cf21519c615b6efbd639235f086057400b33e7791053c1de4c782d
                                                                                        • Opcode Fuzzy Hash: 815b8b0daf03699afc9aeb5b751200ed6a9c5c314ad3d4ad09af8dc996fbe1d7
                                                                                        • Instruction Fuzzy Hash: 4BC012313004249BCA08AA5CE5088EA37DC9B4AA64B0100AAE20ADB322CAA1AC0087D5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ECF28 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3143c2ddc1607729dd547d9bbbae2a70d77d0ce8b27d90d081d2debb823f4024
                                                                                        • Instruction ID: a54acf99d6e0ee227c0c8a924d3c6bb6c586852a21cf52e797a1ab8a60db9721
                                                                                        • Opcode Fuzzy Hash: 3143c2ddc1607729dd547d9bbbae2a70d77d0ce8b27d90d081d2debb823f4024
                                                                                        • Instruction Fuzzy Hash: 6AD0C9351012048BD705DB28D8807847B63BB84208B6899B8D4088F241C737A887CA41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051EB420 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 688622c36f4b28e14d9eaea79a1e42ed9c83a289a20962ae063190ea7bb875e5
                                                                                        • Instruction ID: 94e3e4f6f44a6cf61d9e87dbcef71deea42acebc612018526409dba7ae1d4c69
                                                                                        • Opcode Fuzzy Hash: 688622c36f4b28e14d9eaea79a1e42ed9c83a289a20962ae063190ea7bb875e5
                                                                                        • Instruction Fuzzy Hash: 1DB01222306E38330C4931AD36184ED728D4A87C74604057BE50DA73428F862E0143DE
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8E78 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4e2d45fdc6894d42ada8ed934d8e893739067b9244f0e3f9013d9ba13287292e
                                                                                        • Instruction ID: f0b99ad915c35e0431ce9e50a501974025f9599b2a4767897a43728730a92d58
                                                                                        • Opcode Fuzzy Hash: 4e2d45fdc6894d42ada8ed934d8e893739067b9244f0e3f9013d9ba13287292e
                                                                                        • Instruction Fuzzy Hash: 10C08C3020230887C309A73CDC800AC3223BFC16083D89CAD90090E142CB3FDC47C782
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E40A8 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1367b0c46f7a3a50cfe7fbf5b654cde98925714e3df632f62afeea325625312d
                                                                                        • Instruction ID: 75b159dd57ae641ab01d15f11ca4fef540e1d23862324a0f621f4a0189c510a3
                                                                                        • Opcode Fuzzy Hash: 1367b0c46f7a3a50cfe7fbf5b654cde98925714e3df632f62afeea325625312d
                                                                                        • Instruction Fuzzy Hash: 53C08C36300208BFDB80AFD4D800D56776DAB08B10F50D104FA080F212C272F862DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051ED160 Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1432be443a8ac014e189d94761d720865c1e133c395e2894e835be83bbbebcf1
                                                                                        • Instruction ID: b1d5ae7744df52e2e4c6064e10c4f23f73b5fd31e093f4d943fc8394ab2225e3
                                                                                        • Opcode Fuzzy Hash: 1432be443a8ac014e189d94761d720865c1e133c395e2894e835be83bbbebcf1
                                                                                        • Instruction Fuzzy Hash: DCC02B1424830087C010D368188071757606BE1700F00CC4D614407342C736C8019767
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 051E8AA0 Relevance: .0, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1498362564.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_51e0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 06cd3c2e74fc6dc134cbaaf9b6ed28f6f07f7c0e415fa0a4a827170815a6685d
                                                                                        • Instruction ID: c0d74cc8b4241823bc504abb371eb9dc83678589052017975b1ec9934f589ae5
                                                                                        • Opcode Fuzzy Hash: 06cd3c2e74fc6dc134cbaaf9b6ed28f6f07f7c0e415fa0a4a827170815a6685d
                                                                                        • Instruction Fuzzy Hash: 42B00230462608DAEE10DB18F9897897BA1B745309FA15851E081D7095DA3465C3DB56
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:15.9%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:634
                                                                                        Total number of Limit Nodes:54
                                                                                        execution_graph 79294 8646e40 79295 8646e53 79294->79295 79296 8647502 79295->79296 79297 be726c 14 API calls 79295->79297 79298 be8cd1 14 API calls 79295->79298 79297->79296 79298->79296 79417 864b420 79418 864b436 79417->79418 79419 864b48d 79418->79419 79423 864b4b0 79418->79423 79428 864b4ad 79418->79428 79420 864b457 79425 864b4d0 79423->79425 79433 715b520 79425->79433 79437 715b510 79425->79437 79429 864b4d0 79428->79429 79431 715b510 2 API calls 79429->79431 79432 715b520 KiUserCallbackDispatcher 79429->79432 79430 864b52a 79430->79420 79431->79430 79432->79430 79434 715b54f 79433->79434 79435 715b5d6 79434->79435 79436 715b661 KiUserCallbackDispatcher 79434->79436 79436->79435 79438 715b4ce 79437->79438 79442 715b51e 79437->79442 79444 7159250 79438->79444 79440 715b506 79440->79420 79441 715b5d6 79442->79441 79443 715b661 KiUserCallbackDispatcher 79442->79443 79443->79441 79445 715925b 79444->79445 79446 715ad00 79445->79446 79448 715b510 2 API calls 79445->79448 79449 715b520 KiUserCallbackDispatcher 79445->79449 79446->79440 79447 715acca 79447->79440 79448->79447 79449->79447 79679 8645580 79680 864558b 79679->79680 79683 86445e4 79680->79683 79682 8645596 79684 86445ef 79683->79684 79686 86455ed 79684->79686 79689 864468c 79684->79689 79686->79682 79687 8645674 79688 864469c 23 API calls 79687->79688 79688->79686 79690 8644697 79689->79690 79693 8645e50 79690->79693 79692 8646273 79694 8645e5b 79693->79694 79696 be726c 14 API calls 79694->79696 79697 be8cd1 14 API calls 79694->79697 79695 86476a3 79695->79692 79696->79695 79697->79695 78963 7151910 78964 7151932 78963->78964 78967 be726c 78963->78967 78975 be8cd1 78963->78975 78968 be7277 78967->78968 78983 beabc0 78968->78983 78988 beabd0 78968->78988 78969 be8f58 78974 be8f93 78969->78974 78993 7158b20 78969->78993 78998 7158b30 78969->78998 78974->78964 78976 be8ce0 78975->78976 78979 beabd0 14 API calls 78976->78979 78980 beabc0 14 API calls 78976->78980 78977 be8f58 78978 be8f93 78977->78978 78981 7158b30 LoadLibraryExW 78977->78981 78982 7158b20 LoadLibraryExW 78977->78982 78978->78964 78979->78977 78980->78977 78981->78978 78982->78978 78984 beabda 78983->78984 79003 bead90 78984->79003 79007 bead82 78984->79007 78985 beac0e 78985->78969 78989 beabda 78988->78989 78991 bead82 14 API calls 78989->78991 78992 bead90 14 API calls 78989->78992 78990 beac0e 78990->78969 78991->78990 78992->78990 78994 7158b30 78993->78994 78995 7158b9b 78994->78995 78996 bed7c2 LoadLibraryExW 78994->78996 78997 bed7d0 LoadLibraryExW 78994->78997 78995->78974 78996->78995 78997->78995 78999 7158b58 78998->78999 79000 7158b9b 78999->79000 79001 bed7c2 LoadLibraryExW 78999->79001 79002 bed7d0 LoadLibraryExW 78999->79002 79000->78974 79001->79000 79002->79000 79011 beae50 79003->79011 79029 beae40 79003->79029 79004 beadae 79004->78985 79008 beadae 79007->79008 79009 beae50 14 API calls 79007->79009 79010 beae40 14 API calls 79007->79010 79008->78985 79009->79008 79010->79008 79013 beae88 79011->79013 79012 beaedd 79012->79004 79013->79012 79047 beaf68 79013->79047 79015 beb1f7 79019 beb3f7 79015->79019 79022 beb34a 79015->79022 79077 bea0fc GetFocus 79015->79077 79017 beb49f 79018 beb50b 79017->79018 79078 be729c 79017->79078 79018->79022 79023 beabd0 13 API calls 79018->79023 79019->79017 79019->79018 79021 beb49a KiUserCallbackDispatcher 79019->79021 79021->79017 79022->79004 79025 beb62f 79023->79025 79024 beb653 79065 bec058 79024->79065 79071 bec048 79024->79071 79025->79024 79026 beabd0 13 API calls 79025->79026 79026->79024 79030 beae88 79029->79030 79031 beaf68 13 API calls 79030->79031 79032 beaedd 79030->79032 79033 beb1f7 79031->79033 79032->79004 79038 beb3f7 79033->79038 79040 beb34a 79033->79040 79261 bea0fc GetFocus 79033->79261 79035 beb49f 79036 beb50b 79035->79036 79037 be729c 13 API calls 79035->79037 79036->79040 79041 beabd0 13 API calls 79036->79041 79037->79036 79038->79035 79038->79036 79039 beb49a KiUserCallbackDispatcher 79038->79039 79039->79035 79040->79004 79043 beb62f 79041->79043 79042 beb653 79045 bec058 13 API calls 79042->79045 79046 bec048 13 API calls 79042->79046 79043->79042 79044 beabd0 13 API calls 79043->79044 79044->79042 79045->79040 79046->79040 79048 beaf8a 79047->79048 79050 beaff0 79047->79050 79049 beaf68 13 API calls 79048->79049 79048->79050 79051 beb1f7 79049->79051 79050->79015 79055 beb3f7 79051->79055 79058 beb34a 79051->79058 79084 bea0fc GetFocus 79051->79084 79053 beb49f 79054 beb50b 79053->79054 79056 be729c 13 API calls 79053->79056 79054->79058 79059 beabd0 13 API calls 79054->79059 79055->79053 79055->79054 79057 beb49a KiUserCallbackDispatcher 79055->79057 79056->79054 79057->79053 79058->79015 79061 beb62f 79059->79061 79060 beb653 79063 bec058 13 API calls 79060->79063 79064 bec048 13 API calls 79060->79064 79061->79060 79062 beabd0 13 API calls 79061->79062 79062->79060 79063->79058 79064->79058 79066 bec075 79065->79066 79067 bec0b9 79066->79067 79068 be729c 14 API calls 79066->79068 79069 beae50 14 API calls 79067->79069 79068->79067 79070 bec126 79069->79070 79070->79022 79073 bec058 79071->79073 79072 bec0b9 79075 beae50 14 API calls 79072->79075 79073->79072 79074 be729c 14 API calls 79073->79074 79074->79072 79076 bec126 79075->79076 79076->79022 79077->79019 79079 be72a7 79078->79079 79085 bec2fc 79079->79085 79082 beae50 14 API calls 79083 becfc9 79082->79083 79083->79018 79084->79055 79087 bec307 79085->79087 79086 becfaf 79086->79082 79087->79086 79088 bed082 79087->79088 79099 bed168 79087->79099 79107 8a6bd49 79087->79107 79112 8a6bd58 79087->79112 79116 bed180 79087->79116 79089 beae50 14 API calls 79088->79089 79091 bed09f 79089->79091 79090 bed121 79125 8a6ef60 79090->79125 79130 8a6ef50 79090->79130 79091->79090 79092 bec2fc 14 API calls 79091->79092 79092->79091 79100 bed180 79099->79100 79101 bed1bd 79100->79101 79135 bed4e8 79100->79135 79138 bed4d8 79100->79138 79101->79088 79102 bed1fe 79102->79101 79141 bee808 79102->79141 79146 bee804 79102->79146 79108 8a6bd58 79107->79108 79110 bed168 3 API calls 79108->79110 79111 bed180 3 API calls 79108->79111 79109 8a6bd85 79110->79109 79111->79109 79114 bed168 3 API calls 79112->79114 79115 bed180 3 API calls 79112->79115 79113 8a6bd85 79114->79113 79115->79113 79118 bed2b2 79116->79118 79119 bed1b1 79116->79119 79117 bed1bd 79117->79088 79118->79088 79119->79117 79123 bed4e8 2 API calls 79119->79123 79124 bed4d8 2 API calls 79119->79124 79120 bed1fe 79120->79118 79121 bee808 CreateWindowExW 79120->79121 79122 bee804 CreateWindowExW 79120->79122 79121->79118 79122->79118 79123->79120 79124->79120 79126 8a6ef72 79125->79126 79127 8a6efaf 79126->79127 79178 8a6f270 79126->79178 79183 8a6f280 79126->79183 79127->79086 79132 8a6ef72 79130->79132 79131 8a6efaf 79131->79086 79132->79131 79133 8a6f280 7 API calls 79132->79133 79134 8a6f270 7 API calls 79132->79134 79133->79131 79134->79131 79151 bed528 79135->79151 79136 bed4f2 79136->79102 79139 bed4f2 79138->79139 79140 bed528 2 API calls 79138->79140 79139->79102 79140->79139 79142 bee833 79141->79142 79143 bee8e2 79142->79143 79167 bef6e0 79142->79167 79170 bef5d0 79142->79170 79148 bee808 79146->79148 79147 bee8e2 79147->79147 79148->79147 79149 bef5d0 CreateWindowExW 79148->79149 79150 bef6e0 CreateWindowExW 79148->79150 79149->79147 79150->79147 79152 bed549 79151->79152 79153 bed56c 79151->79153 79152->79153 79159 bed7c2 79152->79159 79163 bed7d0 79152->79163 79153->79136 79154 bed564 79154->79153 79155 bed770 GetModuleHandleW 79154->79155 79156 bed79d 79155->79156 79156->79136 79160 bed7e4 79159->79160 79161 bec428 LoadLibraryExW 79160->79161 79162 bed809 79160->79162 79161->79162 79162->79154 79164 bed7e4 79163->79164 79165 bec428 LoadLibraryExW 79164->79165 79166 bed809 79164->79166 79165->79166 79166->79154 79168 bef715 79167->79168 79174 bec59c 79167->79174 79168->79143 79171 bef5e2 79170->79171 79172 bec59c CreateWindowExW 79171->79172 79173 bef715 79172->79173 79173->79143 79175 befb30 CreateWindowExW 79174->79175 79177 befc54 79175->79177 79179 8a6f2a3 79178->79179 79180 8a6f3d8 79179->79180 79188 b7d60c 79179->79188 79195 b7d61b 79179->79195 79180->79127 79184 8a6f2a3 79183->79184 79185 8a6f3d8 79184->79185 79186 b7d60c 7 API calls 79184->79186 79187 b7d61b 7 API calls 79184->79187 79185->79127 79186->79185 79187->79185 79189 b7d61b 79188->79189 79190 b7d662 79189->79190 79202 853097b 79189->79202 79216 85305cd 79189->79216 79231 8530448 79189->79231 79246 8530438 79189->79246 79190->79180 79196 b7d644 79195->79196 79197 b7d662 79196->79197 79198 853097b 7 API calls 79196->79198 79199 8530448 7 API calls 79196->79199 79200 8530438 7 API calls 79196->79200 79201 85305cd 7 API calls 79196->79201 79197->79180 79198->79196 79199->79196 79200->79196 79201->79196 79203 853098d 79202->79203 79208 8619557 LdrInitializeThunk 79203->79208 79209 8619568 LdrInitializeThunk 79203->79209 79204 8530bcc 79210 8619ce8 LdrInitializeThunk 79204->79210 79211 8619cda LdrInitializeThunk 79204->79211 79205 8530bef 79212 8619e68 LdrInitializeThunk 79205->79212 79213 8619e58 LdrInitializeThunk 79205->79213 79206 8530bfc 79207 8530e30 79206->79207 79214 8642360 GlobalMemoryStatusEx 79206->79214 79215 8642388 GlobalMemoryStatusEx 79206->79215 79208->79204 79209->79204 79210->79205 79211->79205 79212->79206 79213->79206 79214->79207 79215->79207 79218 85305df 79216->79218 79217 85307a9 79217->79189 79218->79217 79225 8619557 LdrInitializeThunk 79218->79225 79226 8619568 LdrInitializeThunk 79218->79226 79219 8530bcc 79227 8619ce8 LdrInitializeThunk 79219->79227 79228 8619cda LdrInitializeThunk 79219->79228 79220 8530bef 79229 8619e68 LdrInitializeThunk 79220->79229 79230 8619e58 LdrInitializeThunk 79220->79230 79221 8530bfc 79222 8530e30 79221->79222 79223 8642360 GlobalMemoryStatusEx 79221->79223 79224 8642388 GlobalMemoryStatusEx 79221->79224 79223->79222 79224->79222 79225->79219 79226->79219 79227->79220 79228->79220 79229->79221 79230->79221 79232 8530478 79231->79232 79233 85307a9 79232->79233 79238 8619557 LdrInitializeThunk 79232->79238 79239 8619568 LdrInitializeThunk 79232->79239 79233->79189 79234 8530bcc 79240 8619ce8 LdrInitializeThunk 79234->79240 79241 8619cda LdrInitializeThunk 79234->79241 79235 8530bef 79242 8619e68 LdrInitializeThunk 79235->79242 79243 8619e58 LdrInitializeThunk 79235->79243 79236 8530bfc 79237 8530e30 79236->79237 79244 8642360 GlobalMemoryStatusEx 79236->79244 79245 8642388 GlobalMemoryStatusEx 79236->79245 79238->79234 79239->79234 79240->79235 79241->79235 79242->79236 79243->79236 79244->79237 79245->79237 79248 8530478 79246->79248 79247 85307a9 79247->79189 79248->79247 79255 8619557 LdrInitializeThunk 79248->79255 79256 8619568 LdrInitializeThunk 79248->79256 79249 8530bcc 79257 8619ce8 LdrInitializeThunk 79249->79257 79258 8619cda LdrInitializeThunk 79249->79258 79250 8530bef 79259 8619e68 LdrInitializeThunk 79250->79259 79260 8619e58 LdrInitializeThunk 79250->79260 79251 8530bfc 79252 8530e30 79251->79252 79253 8642360 GlobalMemoryStatusEx 79251->79253 79254 8642388 GlobalMemoryStatusEx 79251->79254 79253->79252 79254->79252 79255->79249 79256->79249 79257->79250 79258->79250 79259->79251 79260->79251 79261->79038 79299 8a62380 79301 8a62393 79299->79301 79300 8a623b0 79301->79300 79304 8a624f7 79301->79304 79302 8a623d4 79305 8a62559 79304->79305 79306 8a624fb 79304->79306 79305->79302 79307 8a6255e 79306->79307 79310 8a68d38 79306->79310 79314 8a68d31 79306->79314 79307->79302 79311 8a68d80 SetWindowTextW 79310->79311 79312 8a68d7a 79310->79312 79313 8a68db1 79311->79313 79312->79311 79313->79305 79315 8a68d80 SetWindowTextW 79314->79315 79316 8a68d7a 79314->79316 79317 8a68db1 79315->79317 79316->79315 79317->79305 79318 be6d98 79319 be6da8 79318->79319 79320 be6db9 79319->79320 79323 be6ecf 79319->79323 79328 be6e08 79319->79328 79324 be6ed4 79323->79324 79325 be6f39 79324->79325 79333 be7069 79324->79333 79337 be7078 79324->79337 79325->79320 79329 be6e42 79328->79329 79330 be7078 16 API calls 79329->79330 79331 be7069 16 API calls 79329->79331 79332 be6f39 79329->79332 79330->79332 79331->79332 79332->79320 79334 be7085 79333->79334 79335 be70bf 79334->79335 79341 be6ad0 79334->79341 79335->79325 79338 be7085 79337->79338 79339 be70bf 79338->79339 79340 be6ad0 16 API calls 79338->79340 79339->79325 79340->79339 79342 be6ad5 79341->79342 79343 be7dd8 79342->79343 79345 be725c 79342->79345 79346 be7267 79345->79346 79347 be726c 14 API calls 79346->79347 79348 be7e47 79347->79348 79355 beaf68 14 API calls 79348->79355 79359 beae50 14 API calls 79348->79359 79360 beae40 14 API calls 79348->79360 79363 beb5a4 79348->79363 79372 beb1c8 79348->79372 79388 beaf58 79348->79388 79349 be7e56 79406 be728c 79349->79406 79351 be7e70 79352 be729c 14 API calls 79351->79352 79353 be7e77 79352->79353 79361 bed168 3 API calls 79353->79361 79362 bed180 3 API calls 79353->79362 79354 be7e81 79354->79343 79355->79349 79359->79349 79360->79349 79361->79354 79362->79354 79364 beb5c1 79363->79364 79365 beb6aa 79364->79365 79366 beabd0 14 API calls 79364->79366 79368 beb62f 79366->79368 79367 beb653 79370 bec058 14 API calls 79367->79370 79371 bec048 14 API calls 79367->79371 79368->79367 79369 beabd0 14 API calls 79368->79369 79369->79367 79370->79365 79371->79365 79373 beaf68 14 API calls 79372->79373 79374 beb1f7 79372->79374 79373->79374 79378 beb34a 79374->79378 79379 beb3f7 79374->79379 79411 bea0fc GetFocus 79374->79411 79376 beb50b 79376->79378 79382 beabd0 14 API calls 79376->79382 79377 beb49f 79377->79376 79380 be729c 14 API calls 79377->79380 79378->79349 79379->79376 79379->79377 79381 beb49a KiUserCallbackDispatcher 79379->79381 79380->79376 79381->79377 79384 beb62f 79382->79384 79383 beb653 79386 bec058 14 API calls 79383->79386 79387 bec048 14 API calls 79383->79387 79384->79383 79385 beabd0 14 API calls 79384->79385 79385->79383 79386->79378 79387->79378 79389 beaf8a 79388->79389 79391 beaff0 79388->79391 79390 beaf68 14 API calls 79389->79390 79389->79391 79392 beb1f7 79390->79392 79391->79349 79395 beb3f7 79392->79395 79399 beb34a 79392->79399 79412 bea0fc GetFocus 79392->79412 79394 beb50b 79394->79399 79400 beabd0 14 API calls 79394->79400 79395->79394 79396 beb49f 79395->79396 79398 beb49a KiUserCallbackDispatcher 79395->79398 79396->79394 79397 be729c 14 API calls 79396->79397 79397->79394 79398->79396 79399->79349 79402 beb62f 79400->79402 79401 beb653 79404 bec058 14 API calls 79401->79404 79405 bec048 14 API calls 79401->79405 79402->79401 79403 beabd0 14 API calls 79402->79403 79403->79401 79404->79399 79405->79399 79407 be7297 79406->79407 79410 bec8f1 79407->79410 79413 bec1f8 79407->79413 79409 bec8ec 79409->79351 79410->79351 79411->79379 79412->79395 79414 bec203 79413->79414 79415 be729c 14 API calls 79414->79415 79416 becad5 79414->79416 79415->79416 79416->79409 79633 8a68460 79634 8a68479 79633->79634 79636 8a68483 79633->79636 79635 8a684c0 79634->79635 79638 8a6847e 79634->79638 79635->79636 79644 8a67c28 79635->79644 79638->79636 79640 8a67b88 79638->79640 79642 8a67b93 79640->79642 79641 8a6ab4f 79641->79636 79642->79641 79648 8a6056c 79642->79648 79645 8a67c33 79644->79645 79646 8a67b88 KiUserCallbackDispatcher 79645->79646 79647 8a6b5a0 79645->79647 79646->79647 79647->79636 79649 8a60577 79648->79649 79650 8a62150 79649->79650 79651 8a6213c KiUserCallbackDispatcher 79649->79651 79650->79641 79651->79650 79698 8a6be40 79699 8a6be85 GetClassInfoW 79698->79699 79701 8a6becb 79699->79701 79450 8649b28 79451 8649abb KiUserCallbackDispatcher 79450->79451 79454 8649b33 79450->79454 79453 8649adb 79451->79453 79262 8a6b3a8 79263 8a6b3b8 79262->79263 79266 befd48 79263->79266 79269 bef74c 79266->79269 79270 befd78 SetWindowLongW 79269->79270 79271 befd60 79270->79271 79575 8a6bc08 79576 8a6bc2f 79575->79576 79577 8a6bc90 79576->79577 79578 be729c 14 API calls 79576->79578 79580 becf77 79576->79580 79578->79577 79581 becf88 79580->79581 79582 bec2fc 14 API calls 79581->79582 79583 becfaf 79582->79583 79584 beae50 14 API calls 79583->79584 79585 becfc9 79584->79585 79585->79577 79652 8a68168 79654 8a681a1 79652->79654 79653 8a6823f 79655 8a6056c KiUserCallbackDispatcher 79653->79655 79654->79653 79665 bed168 3 API calls 79654->79665 79666 bed180 3 API calls 79654->79666 79658 8a682bd 79655->79658 79656 8a683c7 79662 bec1f8 14 API calls 79656->79662 79663 8a68428 79656->79663 79667 beca30 79656->79667 79657 8a6843c 79658->79656 79659 8a605ac SendMessageW 79658->79659 79659->79656 79662->79663 79671 8a620e8 79663->79671 79675 8a620f8 79663->79675 79665->79653 79666->79653 79668 beca5f 79667->79668 79669 becad5 79667->79669 79668->79669 79670 be729c 14 API calls 79668->79670 79669->79663 79670->79669 79672 8a62105 79671->79672 79673 8a6056c KiUserCallbackDispatcher 79672->79673 79674 8a6210c 79673->79674 79674->79657 79676 8a62105 79675->79676 79677 8a6056c KiUserCallbackDispatcher 79676->79677 79678 8a6210c 79677->79678 79678->79657 79702 8a6fd48 79703 8a6fd96 EnumThreadWindows 79702->79703 79704 8a6fd8c 79702->79704 79705 8a6fdc8 79703->79705 79704->79703 79586 8a10410 79587 8a1042a 79586->79587 79591 8a10488 79587->79591 79596 8a10498 79587->79596 79588 8a10452 79592 8a104b9 79591->79592 79593 8a104de 79592->79593 79601 8a11390 79592->79601 79607 8a11380 79592->79607 79593->79588 79597 8a104b9 79596->79597 79598 8a104de 79597->79598 79599 8a11380 2 API calls 79597->79599 79600 8a11390 2 API calls 79597->79600 79598->79588 79599->79598 79600->79598 79602 8a113d4 79601->79602 79603 8a1144e 79601->79603 79602->79603 79604 8a113e1 GetFocus 79602->79604 79603->79593 79605 8a11409 79604->79605 79605->79603 79606 8a11443 KiUserCallbackDispatcher 79605->79606 79606->79603 79608 8a113d4 79607->79608 79611 8a1144e 79607->79611 79609 8a113e1 GetFocus 79608->79609 79608->79611 79610 8a11409 79609->79610 79610->79611 79612 8a11443 KiUserCallbackDispatcher 79610->79612 79611->79593 79612->79611 79706 bed14d 79707 bed158 79706->79707 79708 8a6ef60 7 API calls 79706->79708 79709 8a6ef50 7 API calls 79706->79709 79708->79707 79709->79707 79455 7150040 79456 715006d 79455->79456 79464 715b510 2 API calls 79456->79464 79466 715b4c1 79456->79466 79470 715b4f0 79456->79470 79457 71504bc 79473 715d358 79457->79473 79477 715d368 79457->79477 79458 7150522 79480 8a61de8 79458->79480 79459 71511ab 79464->79457 79467 715b4ce 79466->79467 79468 7159250 2 API calls 79467->79468 79469 715b506 79468->79469 79469->79457 79471 7159250 2 API calls 79470->79471 79472 715b506 79471->79472 79472->79457 79474 715d368 79473->79474 79475 7159250 2 API calls 79474->79475 79476 715d37f 79475->79476 79476->79458 79478 7159250 2 API calls 79477->79478 79479 715d37f 79478->79479 79479->79458 79481 8a61dfd 79480->79481 79482 8a61e7e 79481->79482 79487 715fd36 79481->79487 79492 715fe48 79481->79492 79497 715db88 79481->79497 79502 715fe58 79481->79502 79482->79459 79488 715fd77 79487->79488 79506 715fe80 79488->79506 79509 715fe70 79488->79509 79489 715fe6c 79489->79482 79493 715fded 79492->79493 79493->79492 79495 715fe70 2 API calls 79493->79495 79496 715fe80 2 API calls 79493->79496 79494 715fe6c 79494->79482 79495->79494 79496->79494 79498 715db93 79497->79498 79500 715fe70 2 API calls 79498->79500 79501 715fe80 2 API calls 79498->79501 79499 715fe6c 79499->79482 79500->79499 79501->79499 79504 715fe70 2 API calls 79502->79504 79505 715fe80 2 API calls 79502->79505 79503 715fe6c 79503->79482 79504->79503 79505->79503 79507 715febe 79506->79507 79512 715ff62 79506->79512 79507->79489 79511 715ff62 2 API calls 79509->79511 79510 715febe 79510->79489 79511->79510 79513 715ff84 79512->79513 79515 715d358 2 API calls 79513->79515 79516 715d368 2 API calls 79513->79516 79514 715ff9a 79514->79507 79515->79514 79516->79514 79272 8a622b1 79273 8a622b6 79272->79273 79274 8a622da 79273->79274 79282 8a605ac 79273->79282 79276 8a605ac SendMessageW 79274->79276 79278 8a622e6 79276->79278 79277 8a622cc 79287 8a605bc 79277->79287 79280 8a605bc SendMessageW 79278->79280 79281 8a622f4 79280->79281 79283 8a605b7 79282->79283 79284 8a6a58e 79283->79284 79291 8a694f8 79283->79291 79284->79277 79288 8a605c7 79287->79288 79289 8a694f8 SendMessageW 79288->79289 79290 8a6a5f9 79289->79290 79290->79274 79292 8a6a610 SendMessageW 79291->79292 79293 8a6a5f9 79292->79293 79293->79277 79613 8646ad9 79614 8646ade 79613->79614 79619 8649018 79614->79619 79623 86490d8 79614->79623 79628 8649010 79614->79628 79615 8646d95 79620 864905e 79619->79620 79621 864906c GetForegroundWindow 79620->79621 79622 8649094 79621->79622 79622->79615 79624 8649063 79623->79624 79625 864906c GetForegroundWindow 79624->79625 79626 86490e6 79624->79626 79627 8649094 79625->79627 79626->79615 79627->79615 79629 8648f9b 79628->79629 79630 8649013 79628->79630 79629->79615 79631 864906c GetForegroundWindow 79630->79631 79632 8649094 79631->79632 79632->79615 79517 8a6def8 79526 8a6c9e0 79517->79526 79519 8a6df0f 79520 8a6df1d 79519->79520 79522 8a6df68 79519->79522 79523 8a6df42 79519->79523 79521 8a694f8 SendMessageW 79520->79521 79524 8a6df39 79521->79524 79523->79522 79525 8a694f8 SendMessageW 79523->79525 79525->79522 79527 8a6c9ec 79526->79527 79528 8a6c9f2 79527->79528 79532 8a6cab8 79527->79532 79537 8a6caa8 79527->79537 79528->79519 79529 8a6ca0c 79529->79519 79533 8a6cafc 79532->79533 79534 8a694f8 SendMessageW 79533->79534 79536 8a6cb33 79533->79536 79535 8a6cc09 79534->79535 79535->79529 79536->79529 79538 8a6cafc 79537->79538 79539 8a694f8 SendMessageW 79538->79539 79541 8a6cb33 79538->79541 79540 8a6cc09 79539->79540 79540->79529 79541->79529 79542 be77e0 DuplicateHandle 79543 be7876 79542->79543 79544 8a621d8 79546 8a62201 79544->79546 79545 8a622f4 79546->79545 79547 8a622f6 79546->79547 79557 8a62266 79546->79557 79563 8a6c5d0 79547->79563 79567 8a6c5e0 79547->79567 79548 8a622a1 79549 8a622da 79548->79549 79551 8a605ac SendMessageW 79548->79551 79552 8a605ac SendMessageW 79549->79552 79550 8a62307 79550->79545 79559 8a6c5e0 SendMessageW 79550->79559 79560 8a6c5d0 SendMessageW 79550->79560 79553 8a622cc 79551->79553 79554 8a622e6 79552->79554 79555 8a605bc SendMessageW 79553->79555 79556 8a605bc SendMessageW 79554->79556 79555->79549 79556->79545 79557->79548 79571 8a6059c SendMessageW 79557->79571 79559->79545 79560->79545 79564 8a6c5e0 79563->79564 79572 8a679d4 79564->79572 79568 8a6c5f0 79567->79568 79569 8a679d4 SendMessageW 79568->79569 79570 8a6c601 79569->79570 79570->79550 79571->79548 79573 8a6c618 SendMessageW 79572->79573 79574 8a6c601 79573->79574 79574->79550

                                                                                        Executed Functions

                                                                                        Function 0864D5F0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 558COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 66 864d5f0-864ed6d 69 864f255-864f2be call 8648448 66->69 70 864ed73-864ed80 66->70 73 864f2c5-864f31c call 8648448 69->73 70->73 74 864ed86-864ed90 70->74 80 864f323-864f37a call 8648448 73->80 79 864ed96-864eda0 74->79 74->80 81 864eda6-864edb0 79->81 82 864f381-864f3d8 call 8648448 79->82 80->82 84 864edb6-864edbd call 8645808 81->84 85 864f3df-864f43c call 8648448 81->85 82->85 95 864f443-864f4bc call 86485d8 84->95 96 864edc3-864edc7 84->96 85->95 233 864f4be call 8a672a0 95->233 234 864f4be call 8a672b0 95->234 100 864ee1e-864ee72 GetCapture 96->100 101 864edc9-864edfe 96->101 125 864ee74-864ee7a 100->125 126 864ee7b-864ee89 100->126 101->100 127 864ee00-864ee0f 101->127 125->126 132 864eeb5-864eeea 126->132 133 864ee8b-864eeb0 call 864d610 126->133 127->100 143 864ee11-864ee1b call 864d600 127->143 145 864eef3-864ef04 132->145 146 864eeec-864eef2 132->146 133->132 143->100 152 864ef06-864ef11 145->152 153 864ef13 145->153 146->145 157 864ef16-864ef48 152->157 153->157 165 864ef5d-864ef80 157->165 166 864ef4a-864ef50 157->166 163 864f4c3-864f4c7 171 864ef86-864ef90 165->171 172 864f048-864f052 165->172 166->165 167 864ef52-864ef58 call 864d61c 166->167 167->165 171->172 177 864ef96-864efc9 171->177 173 864f054 172->173 174 864f05d-864f080 172->174 230 864f057 call 864d5f0 173->230 231 864f057 call 864ece0 173->231 232 864f057 call 864f17f 173->232 180 864f082-864f085 174->180 181 864f088-864f096 174->181 186 864efcf-864f03e 177->186 187 864f19b-864f22a call 8648448 call 864d61c 177->187 180->181 184 864f0cc-864f0da 181->184 185 864f098-864f0a6 181->185 193 864f0dc-864f0ea 184->193 194 864f0f8-864f0ff 184->194 185->184 192 864f0a8-864f0ca call 864d62c 185->192 186->172 187->69 192->194 193->194 203 864f0ec-864f0f3 call 864d62c 193->203 235 864f105 call 8a67dbc 194->235 236 864f105 call 8a67dc8 194->236 198 864f108-864f118 207 864f16d-864f17c 198->207 208 864f11a-864f124 198->208 203->194 207->187 213 864f126-864f139 call 864d638 208->213 214 864f162-864f167 208->214 213->214 221 864f13b-864f15d call 864d648 213->221 214->207 221->214 230->174 231->174 232->174 233->163 234->163 235->198 236->198
                                                                                        APIs
                                                                                          • Part of subcall function 08645808: GetProcessWindowStation.USER32(?,?,?,?,00000E20,?,?,0864EDBB), ref: 08645865
                                                                                        • GetCapture.USER32 ref: 0864EE5E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CaptureProcessStationWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1147563846-4189684872
                                                                                        • Opcode ID: 71b4a4612b123ceb6a71765582d73641ce2a540b178312c6a199e0b9f6f2d6f5
                                                                                        • Instruction ID: 39e42b172d112b7f08cf0be15113460d2facc5ff484ecca27b38308758c4d09e
                                                                                        • Opcode Fuzzy Hash: 71b4a4612b123ceb6a71765582d73641ce2a540b178312c6a199e0b9f6f2d6f5
                                                                                        • Instruction Fuzzy Hash: BB226F70A002088FDB15EBB9C454BAEB7F6AFC8310F2581ADE409AB391DF759D42DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0864ECE0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 326COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 306 864ece0-864ed6d 308 864f255-864f2be call 8648448 306->308 309 864ed73-864ed80 306->309 312 864f2c5-864f31c call 8648448 308->312 309->312 313 864ed86-864ed90 309->313 319 864f323-864f37a call 8648448 312->319 318 864ed96-864eda0 313->318 313->319 320 864eda6-864edb0 318->320 321 864f381-864f3d8 call 8648448 318->321 319->321 323 864edb6-864edbd call 8645808 320->323 324 864f3df-864f43c call 8648448 320->324 321->324 334 864f443-864f4bc call 86485d8 323->334 335 864edc3-864edc7 323->335 324->334 472 864f4be call 8a672a0 334->472 473 864f4be call 8a672b0 334->473 339 864ee1e-864ee72 GetCapture 335->339 340 864edc9-864edfe 335->340 364 864ee74-864ee7a 339->364 365 864ee7b-864ee89 339->365 340->339 366 864ee00-864ee0f 340->366 364->365 371 864eeb5-864eeea 365->371 372 864ee8b-864eeb0 call 864d610 365->372 366->339 382 864ee11-864ee1b call 864d600 366->382 384 864eef3-864ef04 371->384 385 864eeec-864eef2 371->385 372->371 382->339 391 864ef06-864ef11 384->391 392 864ef13 384->392 385->384 396 864ef16-864ef48 391->396 392->396 404 864ef5d-864ef80 396->404 405 864ef4a-864ef50 396->405 402 864f4c3-864f4c7 410 864ef86-864ef90 404->410 411 864f048-864f052 404->411 405->404 406 864ef52-864ef58 call 864d61c 405->406 406->404 410->411 416 864ef96-864efc9 410->416 412 864f054 411->412 413 864f05d-864f080 411->413 469 864f057 call 864d5f0 412->469 470 864f057 call 864ece0 412->470 471 864f057 call 864f17f 412->471 419 864f082-864f085 413->419 420 864f088-864f096 413->420 425 864efcf-864f03e 416->425 426 864f19b-864f22a call 8648448 call 864d61c 416->426 419->420 423 864f0cc-864f0da 420->423 424 864f098-864f0a6 420->424 432 864f0dc-864f0ea 423->432 433 864f0f8-864f0ff 423->433 424->423 431 864f0a8-864f0ca call 864d62c 424->431 425->411 426->308 431->433 432->433 442 864f0ec-864f0f3 call 864d62c 432->442 474 864f105 call 8a67dbc 433->474 475 864f105 call 8a67dc8 433->475 437 864f108-864f118 446 864f16d-864f17c 437->446 447 864f11a-864f124 437->447 442->433 446->426 452 864f126-864f139 call 864d638 447->452 453 864f162-864f167 447->453 452->453 460 864f13b-864f15d call 864d648 452->460 453->446 460->453 469->413 470->413 471->413 472->402 473->402 474->437 475->437
                                                                                        APIs
                                                                                          • Part of subcall function 08645808: GetProcessWindowStation.USER32(?,?,?,?,00000E20,?,?,0864EDBB), ref: 08645865
                                                                                        • GetCapture.USER32 ref: 0864EE5E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CaptureProcessStationWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1147563846-4189684872
                                                                                        • Opcode ID: f56cf80bbd644d8b35c383984686fce52378e0671816734b46ff4fac5ebc8906
                                                                                        • Instruction ID: 59764586361b13ca3c4fa480ab3e6134d651e5ad493d4075e0b0de7e38cacf32
                                                                                        • Opcode Fuzzy Hash: f56cf80bbd644d8b35c383984686fce52378e0671816734b46ff4fac5ebc8906
                                                                                        • Instruction Fuzzy Hash: A4E10A74E00249CFDB25DFB5C584A9DBBF2AF89301F2591ADE405AB392DB719982CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085389B8 Relevance: 3.0, Instructions: 3003COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 77c5c922e5878539851a4dc8d0fdd2e042ac91f7ab6901eb4f76dbf2353b6e77
                                                                                        • Instruction ID: a9fed9b992da5fc6f383a344d387717dde2dfcd057d6a2bb5f780c232e4cf83e
                                                                                        • Opcode Fuzzy Hash: 77c5c922e5878539851a4dc8d0fdd2e042ac91f7ab6901eb4f76dbf2353b6e77
                                                                                        • Instruction Fuzzy Hash: E163B631C11A198EDB25EF68C954A99FBB1FF95301F11D6D9E48877221EB30AAC4CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08534278 Relevance: 1.9, Strings: 1, Instructions: 655COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $
                                                                                        • API String ID: 0-3993045852
                                                                                        • Opcode ID: c7847af0600bd27f8274fb42432b058ce2b6227917826388f8ba72f77e413258
                                                                                        • Instruction ID: 86d78cd65defb6948069fb78486b8d29c2017f90b86236563e72545babfcc911
                                                                                        • Opcode Fuzzy Hash: c7847af0600bd27f8274fb42432b058ce2b6227917826388f8ba72f77e413258
                                                                                        • Instruction Fuzzy Hash: 4A429C74A00228CFDB28DF68C854B6E7BF2FF98311F1545A9E416AB391DB359C81CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08530448 Relevance: .9, Instructions: 876COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7007fb7a6c0d3d3b15ffddba5a6d7290444f492f178904e91e84ee37a60ee9e7
                                                                                        • Instruction ID: 2bb38b53d3aafb362d068317d5015f28f79c4c315fde57d897298b051018d775
                                                                                        • Opcode Fuzzy Hash: 7007fb7a6c0d3d3b15ffddba5a6d7290444f492f178904e91e84ee37a60ee9e7
                                                                                        • Instruction Fuzzy Hash: 1C92B674A01229CFDB64DF64D898BADBBB2FF4A311F1085A9E409A7395DB315E81CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853ECA0 Relevance: .5, Instructions: 518COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7670f1883890ad240fd280318e10072fe5a23e0f7c9f0a97a7d89544a3d9caed
                                                                                        • Instruction ID: a011d3f15249f3625eee7fbb17d77cc488dc6028d50eb90331b126103b833cb3
                                                                                        • Opcode Fuzzy Hash: 7670f1883890ad240fd280318e10072fe5a23e0f7c9f0a97a7d89544a3d9caed
                                                                                        • Instruction Fuzzy Hash: F3328F74E01228CFDB68DFA9D944B9DBBF2BF89301F1480A9D809A7355DB345A82CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853C260 Relevance: .4, Instructions: 364COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c03470846e215d81f69b0b1bc648171d3a1e267f08b238edcc4729f9fd569789
                                                                                        • Instruction ID: e40ec21de9399bb60edb621bc8e2b34b51aa214bee221c241d016cac9766d37e
                                                                                        • Opcode Fuzzy Hash: c03470846e215d81f69b0b1bc648171d3a1e267f08b238edcc4729f9fd569789
                                                                                        • Instruction Fuzzy Hash: F1F1C274E01219CFDB14DFA9C584AADBBF2BF88311F6481A9E408AB355D731AD81CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08537D08 Relevance: .3, Instructions: 344COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de2f78a77b4683bfc2be7eeabe1d8a22ae8e0f35514ae271a3ee6496844526ae
                                                                                        • Instruction ID: e6299ac75db7f20dd79e3985e24f854602c35e132f8d372372924bda5f43f73b
                                                                                        • Opcode Fuzzy Hash: de2f78a77b4683bfc2be7eeabe1d8a22ae8e0f35514ae271a3ee6496844526ae
                                                                                        • Instruction Fuzzy Hash: 07F1B174D01228CFDB68DFA9D844B9DBBB2FF89302F1085AAE409A7355DB355A85CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08538438 Relevance: .3, Instructions: 310COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4d382a61d2033f3081a3df1e4e8399c75fb43646d49d141ffb68a964688bee53
                                                                                        • Instruction ID: 989b7ffd548a200e9548bd1bcbec99f830e4fba54bcc8446db165062f6f7e046
                                                                                        • Opcode Fuzzy Hash: 4d382a61d2033f3081a3df1e4e8399c75fb43646d49d141ffb68a964688bee53
                                                                                        • Instruction Fuzzy Hash: F7D13670D00258CFEB28DFA8C448B9DBBF1FF45306F1481A9E409AB3A2DB749985CB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08538448 Relevance: .3, Instructions: 305COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: deae1360409a0e05b1d54484bce6efcd508c93d2a2ee01af2cec52e0f658289c
                                                                                        • Instruction ID: 5626ae8a786a45848bde1642f9ae3f0522127955cfd06371646fbb8866c02156
                                                                                        • Opcode Fuzzy Hash: deae1360409a0e05b1d54484bce6efcd508c93d2a2ee01af2cec52e0f658289c
                                                                                        • Instruction Fuzzy Hash: 11D12674D00218CFEB28DFA8C448B9DBBF1FF49316F1481A9E409AB3A1DB749985CB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08535EF0 Relevance: .3, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ab97eeae50541fc9505579f437dae788e7084304e1a4f55b58813b1eb31db04
                                                                                        • Instruction ID: a0420261a364e6e47f4728b1108cf96c4c8a177911852d904fc3d2027498007c
                                                                                        • Opcode Fuzzy Hash: 6ab97eeae50541fc9505579f437dae788e7084304e1a4f55b58813b1eb31db04
                                                                                        • Instruction Fuzzy Hash: 86C1D374D01228CFDB64EFAAD845B9DBBF2BF89301F2085AAD409B7254DB345986CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853EC98 Relevance: .1, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3ebe9dda91a3cf13adeec7ae4689a57af355f476dfa74e365a34ef2177f6dfdc
                                                                                        • Instruction ID: c8287b256f7146f572684398ba16c76688f490edf11c7fe42fc5c51f02440fe5
                                                                                        • Opcode Fuzzy Hash: 3ebe9dda91a3cf13adeec7ae4689a57af355f476dfa74e365a34ef2177f6dfdc
                                                                                        • Instruction Fuzzy Hash: 76513B71E016598BEB58CF6B894579EFBF3AFC9300F14C07A851CAB264EB3409468F51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08537CF8 Relevance: .1, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: efa8488497914e7b81a34124fb5d53964c3915ad0f550824e4028ad7f6b30862
                                                                                        • Instruction ID: b25d5d8c7366fecf0faaa1a0e8bf6f8b7d6429171a41c1bb47c759d5b99bae83
                                                                                        • Opcode Fuzzy Hash: efa8488497914e7b81a34124fb5d53964c3915ad0f550824e4028ad7f6b30862
                                                                                        • Instruction Fuzzy Hash: D64173B5E016288FDB68CF6AD94069DFBF2AFC9301F14C1BAD458AB215DB300985CF11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEC59C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 bec59c-befb96 2 befb98-befb9e 0->2 3 befba1-befba8 0->3 2->3 4 befbaa-befbb0 3->4 5 befbb3-befc52 CreateWindowExW 3->5 4->5 7 befc5b-befc93 5->7 8 befc54-befc5a 5->8 12 befc95-befc98 7->12 13 befca0 7->13 8->7 12->13
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00BEFC42
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID: ~ww\$~ww\
                                                                                        • API String ID: 716092398-3334627353
                                                                                        • Opcode ID: ff5e4e5e3e71586e193c3b2aa101e124f92b739c5894b31b485dc997c6503b16
                                                                                        • Instruction ID: 2efbc7474795375603b3784274d7221907433737378fb97f65dc4843b4c43643
                                                                                        • Opcode Fuzzy Hash: ff5e4e5e3e71586e193c3b2aa101e124f92b739c5894b31b485dc997c6503b16
                                                                                        • Instruction Fuzzy Hash: 26519FB1D103499FDB14CFAAC984ADEBBF5FF48310F24816AE819AB210D775A845CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A11390 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 14 8a11390-8a113d2 15 8a113d4-8a113df 14->15 16 8a1144e-8a11451 14->16 15->16 23 8a113e1-8a11407 GetFocus 15->23 17 8a11476-8a11478 16->17 19 8a11485-8a11487 17->19 20 8a1147a-8a11483 17->20 21 8a114a7-8a114b4 19->21 22 8a11489-8a11492 19->22 20->19 27 8a11453-8a1145f 20->27 22->21 31 8a11494-8a114a1 22->31 25 8a11410-8a11419 23->25 26 8a11409-8a1140f 23->26 28 8a11430-8a1144c KiUserCallbackDispatcher 25->28 29 8a1141b-8a1142e 25->29 26->25 27->19 37 8a11461-8a11474 27->37 28->21 29->21 29->28 31->21 37->17
                                                                                        APIs
                                                                                        • GetFocus.USER32 ref: 08A113F6
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08A11447
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherFocusUser
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1077007772-4189684872
                                                                                        • Opcode ID: 4c3f94a371a2d3ca89e397003e402fefd9a55ba5847a149d5e4984849cff5121
                                                                                        • Instruction ID: d1e73d3d684577ee3fa1e4e14271889824191b769845103c358b71f0cb179b87
                                                                                        • Opcode Fuzzy Hash: 4c3f94a371a2d3ca89e397003e402fefd9a55ba5847a149d5e4984849cff5121
                                                                                        • Instruction Fuzzy Hash: 4C316DB4A00665CFCF10DFA9C484BAEBBF9EF44A11F1550A8D905AB755CB34E840CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A11380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 40 8a11380-8a113d2 41 8a113d4-8a113df 40->41 42 8a1144e-8a11451 40->42 41->42 49 8a113e1-8a11407 GetFocus 41->49 43 8a11476-8a11478 42->43 45 8a11485-8a11487 43->45 46 8a1147a-8a11483 43->46 47 8a114a7-8a114b4 45->47 48 8a11489-8a11492 45->48 46->45 53 8a11453-8a1145f 46->53 48->47 57 8a11494-8a114a1 48->57 51 8a11410-8a11419 49->51 52 8a11409-8a1140f 49->52 54 8a11430-8a1144c KiUserCallbackDispatcher 51->54 55 8a1141b-8a1142e 51->55 52->51 53->45 63 8a11461-8a11474 53->63 54->47 55->47 55->54 57->47 63->43
                                                                                        APIs
                                                                                        • GetFocus.USER32 ref: 08A113F6
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08A11447
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherFocusUser
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1077007772-4189684872
                                                                                        • Opcode ID: bfb823b6f46c1a130190d28bb966814db7875df58fb6300add11c9cf101ed198
                                                                                        • Instruction ID: 90610ea3a45e1a4e735e7378b6dc35217d4be282b81df8b99843a1fdce6bb955
                                                                                        • Opcode Fuzzy Hash: bfb823b6f46c1a130190d28bb966814db7875df58fb6300add11c9cf101ed198
                                                                                        • Instruction Fuzzy Hash: 3F218DB4900799CFCB11CFA9D484BAEBBB4FF09A11F1544A9D904ABB51C334A844CFE2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BED528 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 476 bed528-bed547 477 bed549-bed556 call bec3d4 476->477 478 bed573-bed577 476->478 484 bed56c 477->484 485 bed558 477->485 480 bed58b-bed5cc 478->480 481 bed579-bed583 478->481 487 bed5ce-bed5d6 480->487 488 bed5d9-bed5e7 480->488 481->480 484->478 533 bed55e call bed7c2 485->533 534 bed55e call bed7d0 485->534 487->488 489 bed60b-bed60d 488->489 490 bed5e9-bed5ee 488->490 495 bed610-bed617 489->495 492 bed5f9 490->492 493 bed5f0-bed5f7 call bec3e0 490->493 491 bed564-bed566 491->484 494 bed6a8-bed768 491->494 497 bed5fb-bed609 492->497 493->497 526 bed76a-bed76d 494->526 527 bed770-bed79b GetModuleHandleW 494->527 498 bed619-bed621 495->498 499 bed624-bed62b 495->499 497->495 498->499 502 bed62d-bed635 499->502 503 bed638-bed641 call bec3f0 499->503 502->503 507 bed64e-bed653 503->507 508 bed643-bed64b 503->508 509 bed655-bed65c 507->509 510 bed671-bed675 507->510 508->507 509->510 512 bed65e-bed66e call bec1a8 call bec400 509->512 531 bed678 call bedab0 510->531 532 bed678 call bedaa0 510->532 512->510 515 bed67b-bed67e 517 bed680-bed69e 515->517 518 bed6a1-bed6a7 515->518 517->518 526->527 528 bed79d-bed7a3 527->528 529 bed7a4-bed7b8 527->529 528->529 531->515 532->515 533->491 534->491
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00BED78E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 4139908857-4189684872
                                                                                        • Opcode ID: 148eaf55a3f587bab67eae6104f52577eca6f2c87c89f6476e691ac150bf3ac9
                                                                                        • Instruction ID: 3d1ba5217b90b7721ddb40cbc304678049a0cfb8ed0a1faf554ef31e5014bed5
                                                                                        • Opcode Fuzzy Hash: 148eaf55a3f587bab67eae6104f52577eca6f2c87c89f6476e691ac150bf3ac9
                                                                                        • Instruction Fuzzy Hash: A0816870A00B458FE724DF6AD44179ABBF1FF88304F00896DD49ADBA50DBB5E846CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08642E19 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 535 8642e19-8642e33 536 8642e35-8642e5c call 8641484 535->536 537 8642e5d-8642e7c call 8641490 535->537 543 8642e82-8642ee1 537->543 544 8642e7e-8642e81 537->544 551 8642ee7-8642f74 GlobalMemoryStatusEx 543->551 552 8642ee3-8642ee6 543->552 555 8642f76-8642f7c 551->555 556 8642f7d-8642fa5 551->556 555->556
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 0-4189684872
                                                                                        • Opcode ID: d9bdc348c4d55169f9a8ce813687b90bb835fab139178525aefe044f6f867ffd
                                                                                        • Instruction ID: 0bd759d0957af8d269b1294c9fa018be19ab2fe17de1186abf8fd5defd720297
                                                                                        • Opcode Fuzzy Hash: d9bdc348c4d55169f9a8ce813687b90bb835fab139178525aefe044f6f867ffd
                                                                                        • Instruction Fuzzy Hash: CC413271D043858FCB04CFB9D85029EBBF0AF8A210F2585AED448AB751DB748886CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6BE09 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 559 8a6be09-8a6be83 560 8a6be85-8a6be88 559->560 561 8a6be8b-8a6be94 559->561 560->561 562 8a6be96 561->562 563 8a6be99-8a6bec9 GetClassInfoW 561->563 562->563 564 8a6bed2-8a6bef3 563->564 565 8a6becb-8a6bed1 563->565 565->564
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(?,00000000), ref: 08A6BEBC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfo
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3534257612-4189684872
                                                                                        • Opcode ID: 53f1f8cd74b4a194de4cab5c3600be305d62e51f24eb52be11497f896bf6eedb
                                                                                        • Instruction ID: acc7771ec25c1cc3f7333d983a90b5d617c4c9bc4d3d771a749062f473c83cd7
                                                                                        • Opcode Fuzzy Hash: 53f1f8cd74b4a194de4cab5c3600be305d62e51f24eb52be11497f896bf6eedb
                                                                                        • Instruction Fuzzy Hash: A1318D719053899FDB15CFA9C4447DAFFF0EF49220F14819ED498A7602D374A40ACB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08649010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 567 8649010-8649011 568 8649013-8649092 call 8648fe8 GetForegroundWindow 567->568 569 8648f9b-8648fb3 567->569 574 8649094-864909a 568->574 575 864909b-86490ad 568->575 574->575 578 86490c3 575->578 579 86490af-86490bd 575->579 580 86490c5-86490d2 578->580 579->578 582 86490bf-86490c1 579->582 582->580
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32 ref: 08649081
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: ForegroundWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2020703349-4189684872
                                                                                        • Opcode ID: d4686ef58f1cab17f13e3007c4b0842a4570bcd2c54ac8c770f07b8fcb727f58
                                                                                        • Instruction ID: e21c3d22c74a1e370996f9dcfb64143035dca1d9d4c3dd677591b32aa6a20866
                                                                                        • Opcode Fuzzy Hash: d4686ef58f1cab17f13e3007c4b0842a4570bcd2c54ac8c770f07b8fcb727f58
                                                                                        • Instruction Fuzzy Hash: 0921B8B5A00309CEDB25DFAA90006EFFBF1EB88321F10882ED109A7350DB769445CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE77D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 583 be77d8-be77dd 584 be77e0-be7874 DuplicateHandle 583->584 585 be787d-be789a 584->585 586 be7876-be787c 584->586 586->585
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BE7867
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3793708945-4189684872
                                                                                        • Opcode ID: c4c05a1089227147bd30d4c3e56d28b25d594008d0f538091d3aeb9befe93dd0
                                                                                        • Instruction ID: 6a01ab7a1e3fbe6402a52df56a8d057795fa09928c3c5754daf0c02712ceaedf
                                                                                        • Opcode Fuzzy Hash: c4c05a1089227147bd30d4c3e56d28b25d594008d0f538091d3aeb9befe93dd0
                                                                                        • Instruction Fuzzy Hash: 1A2105B5900249EFDB10CFAAD484BDEBBF5EB48710F14801AE914A3350C379A941CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6FD40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 589 8a6fd40-8a6fd8a 591 8a6fd96-8a6fdc6 EnumThreadWindows 589->591 592 8a6fd8c-8a6fd94 589->592 593 8a6fdcf-8a6fdfc 591->593 594 8a6fdc8-8a6fdce 591->594 592->591 594->593
                                                                                        APIs
                                                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 08A6FDB9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumThreadWindows
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2941952884-4189684872
                                                                                        • Opcode ID: c9d7f8cfa9a88747afc5bee490fe5bf829eef476d615814a77b61bf72835054d
                                                                                        • Instruction ID: c0213226fa2c255d5d8674ab15dea75f99652bc82a85e0ef172997281af1ad0d
                                                                                        • Opcode Fuzzy Hash: c9d7f8cfa9a88747afc5bee490fe5bf829eef476d615814a77b61bf72835054d
                                                                                        • Instruction Fuzzy Hash: E42135B1900209CFDB14CF9AC884BEEFBF4EB89320F14842AD418A7750D778A945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE77E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 598 be77e0-be7874 DuplicateHandle 599 be787d-be789a 598->599 600 be7876-be787c 598->600 600->599
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BE7867
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3793708945-4189684872
                                                                                        • Opcode ID: 897a9c39e2b3ad31427c0c9428187af19f060537bd93f2485ae3e22301d719c6
                                                                                        • Instruction ID: 6195141760aeccdc5a03bb89492c6e95a2cac56da40d85cf638fb5e19a84599e
                                                                                        • Opcode Fuzzy Hash: 897a9c39e2b3ad31427c0c9428187af19f060537bd93f2485ae3e22301d719c6
                                                                                        • Instruction Fuzzy Hash: E421C4B5900249EFDB10CFAAD884ADEFBF8EB48710F14845AE914A7350D378A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6BE40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(?,00000000), ref: 08A6BEBC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfo
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3534257612-4189684872
                                                                                        • Opcode ID: deaf8fdcd9ea2c01306010b85725fd908f8ab593bc5c219bb5e54a02a4497bc4
                                                                                        • Instruction ID: 552f7e7bfc3122e94a40bd3f9733fd1bdd052098063b2703c5ba878e8eb559c6
                                                                                        • Opcode Fuzzy Hash: deaf8fdcd9ea2c01306010b85725fd908f8ab593bc5c219bb5e54a02a4497bc4
                                                                                        • Instruction Fuzzy Hash: C52104B5D017099FDB10CF9AC884BDEFBF4BB48220F14802ED518A7640E374A905CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6FD48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 08A6FDB9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumThreadWindows
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2941952884-4189684872
                                                                                        • Opcode ID: cca3c4ea9af004e117b0104a59e9599f923b8e634353fe93e521e31a14003b56
                                                                                        • Instruction ID: d0fec8f0768281c61fb31fd36d65eec41ca8a62198bd1e0c146280513a95bdcd
                                                                                        • Opcode Fuzzy Hash: cca3c4ea9af004e117b0104a59e9599f923b8e634353fe93e521e31a14003b56
                                                                                        • Instruction Fuzzy Hash: 602108B1900209DFDB14CF9AD844BEEFBF5EB88320F14842AD454A7750D778A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08649018 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32 ref: 08649081
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: ForegroundWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2020703349-4189684872
                                                                                        • Opcode ID: bfb535bc8141de88358c30b623838936df705fda235054221cc2ad3b354bae47
                                                                                        • Instruction ID: 45c97a90f6464c88e006818705418206d1a2cd8cb29c83b0b065ca6d40f9b5a2
                                                                                        • Opcode Fuzzy Hash: bfb535bc8141de88358c30b623838936df705fda235054221cc2ad3b354bae47
                                                                                        • Instruction Fuzzy Hash: E1119A759003098FDB249FAAD0047AFBBF5EB88721F10882ED509A7350DB75A841CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEC428 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00BED809,00000800,00000000,00000000), ref: 00BEDA1A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1029625771-4189684872
                                                                                        • Opcode ID: 83096c9d53aa7cb0aaeced0e219bae9c489ebbbe03636a5f4fef568d02c80aad
                                                                                        • Instruction ID: 789ea10a8a20b9c8b95cfd3ab3cc0eaf7da42f3ab85714cedec32ab1e7d82a18
                                                                                        • Opcode Fuzzy Hash: 83096c9d53aa7cb0aaeced0e219bae9c489ebbbe03636a5f4fef568d02c80aad
                                                                                        • Instruction Fuzzy Hash: CE1114B68003499FDB20CF9AC844BDEFBF4EB88310F14846AD519A7200C3B9A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BED9A8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00BED809,00000800,00000000,00000000), ref: 00BEDA1A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1029625771-4189684872
                                                                                        • Opcode ID: 955dfd8d585e4786b7e83c8555335db467486f3cf0f28f5152c91e85da8c52e9
                                                                                        • Instruction ID: 02b386cabef78df387f75a53911004659a3362e8abe506002e2079c4426a2746
                                                                                        • Opcode Fuzzy Hash: 955dfd8d585e4786b7e83c8555335db467486f3cf0f28f5152c91e85da8c52e9
                                                                                        • Instruction Fuzzy Hash: C011D3B69003499FDB10CF9AD844ADEFBF8EB48710F14846AD919A7210C3B9A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A15E9C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,08A17ED2,00000000,00000000,03A14358,02A3059C), ref: 08A18320
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2222842502-4189684872
                                                                                        • Opcode ID: b46d836d027a59e50847b86d1cbdf330c903048eb1937a61702769afbd2a52c3
                                                                                        • Instruction ID: e93117ae71f3c49b776e1a4c0494dbb683203240fd117cbf1b74adf99c543d5f
                                                                                        • Opcode Fuzzy Hash: b46d836d027a59e50847b86d1cbdf330c903048eb1937a61702769afbd2a52c3
                                                                                        • Instruction Fuzzy Hash: EF1129B5800249DFDB10CF9AD444BDEFBF8EB08350F148029E958A7651C378A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A68D31 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 08A68DA2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 530164218-4189684872
                                                                                        • Opcode ID: c16354c8c3a72ad912dd9f2dd247328db51b354d07ba60d492c8a2698dbc1c7b
                                                                                        • Instruction ID: cfa5b65ecd42b3e28a5f2395c32dd8c66a40f7cecaf2e4532153228573609945
                                                                                        • Opcode Fuzzy Hash: c16354c8c3a72ad912dd9f2dd247328db51b354d07ba60d492c8a2698dbc1c7b
                                                                                        • Instruction Fuzzy Hash: 8D21F2B68006498FDB24CF9AC444BDEFBF4EF88360F14802AD869A7650D378A555CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A182B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,08A17ED2,00000000,00000000,03A14358,02A3059C), ref: 08A18320
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2222842502-4189684872
                                                                                        • Opcode ID: c385e27da0abb1051bdc8529cdb0cae536293ff8866e452c39e10327c44fc490
                                                                                        • Instruction ID: 49b2486589052999fd87ff8d60a978622249447d1fc797f5bbd2b6dc37c1ade4
                                                                                        • Opcode Fuzzy Hash: c385e27da0abb1051bdc8529cdb0cae536293ff8866e452c39e10327c44fc490
                                                                                        • Instruction Fuzzy Hash: 132117B5C00249DFDB20CF9AD444BDEFBF4EB48310F14842AE858A7651C378A544DFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A1745C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,08A17F5F,00000000,03A14358,02A3059C,00000000,?), ref: 08A186BD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2492992576-4189684872
                                                                                        • Opcode ID: e167ee4302d97e2f0a4abc2dce32c231b44570ef5d74010aa591058b54aeb4e3
                                                                                        • Instruction ID: 1f6c5e743792a4fdcb72e5433f59d3539285ddc416783ba0a87a98521d9acfd2
                                                                                        • Opcode Fuzzy Hash: e167ee4302d97e2f0a4abc2dce32c231b44570ef5d74010aa591058b54aeb4e3
                                                                                        • Instruction Fuzzy Hash: C811F6B5800349DFDB10DF9AD844BEEFBF8EB48310F10846AE568A7651D378A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A68D38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 08A68DA2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 530164218-4189684872
                                                                                        • Opcode ID: c1a70c7b3ed9cacc53104005c27901dc3a1460d4fa67e7ce30d9dcf707f24126
                                                                                        • Instruction ID: 5274255a33407ac9cca405f376d57eea99d7e70d17632dc81d0ea038dac4d0bc
                                                                                        • Opcode Fuzzy Hash: c1a70c7b3ed9cacc53104005c27901dc3a1460d4fa67e7ce30d9dcf707f24126
                                                                                        • Instruction Fuzzy Hash: 8D11F6B6800649CFDB14CF9AC444BDEFBF9EF88320F14842AD858A7650D378A545CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A18650 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,08A17F5F,00000000,03A14358,02A3059C,00000000,?), ref: 08A186BD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2492992576-4189684872
                                                                                        • Opcode ID: fc5d4c3ec9caacc149cb09375d642e6cabb4409f5b08e10a6cc949d440f541cb
                                                                                        • Instruction ID: 0a267a5e45d6ca339a7f43a515a55128eb5cb664ffda1cd2bfd548b7d13429dc
                                                                                        • Opcode Fuzzy Hash: fc5d4c3ec9caacc149cb09375d642e6cabb4409f5b08e10a6cc949d440f541cb
                                                                                        • Instruction Fuzzy Hash: E71126B5C00249DFDB10CF9AD884BDEFBF8EB48310F14842AE468A7610C378A544CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08642F00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 08642F67
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalMemoryStatus
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1890195054-4189684872
                                                                                        • Opcode ID: 92465110ae27d76f22e8a97626d7569a313806bc5f7040360979f7fcd2161d52
                                                                                        • Instruction ID: a83dcc5fe3e923a58e5102fedaa41e19747eeb27e3bcb36039b1331bd4921e84
                                                                                        • Opcode Fuzzy Hash: 92465110ae27d76f22e8a97626d7569a313806bc5f7040360979f7fcd2161d52
                                                                                        • Instruction Fuzzy Hash: BE11E2B1C006599BDB10DFAAD444B9EFBF4EB48620F15816AE818A7340D378A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A679D4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000018,00000001,?), ref: 08A6C675
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3850602802-4189684872
                                                                                        • Opcode ID: 73ed3fb90dcad550904518c96e6130a2fec47c1b6a97f442d4586df573389c9e
                                                                                        • Instruction ID: 75c59d994225b62780d4fa68716a4b04f02b06fc4662cfbcdcfde9f285930141
                                                                                        • Opcode Fuzzy Hash: 73ed3fb90dcad550904518c96e6130a2fec47c1b6a97f442d4586df573389c9e
                                                                                        • Instruction Fuzzy Hash: 741133B5800348DFDB20CF9AC844BDEFBF8EB48320F10941AE558A7611C375A950CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A694F8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,00000000), ref: 08A6A66D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3850602802-4189684872
                                                                                        • Opcode ID: 7a8a4e76609260bfd605146a69dd25fd5b44d54c6758220eefbafadbb238ad22
                                                                                        • Instruction ID: 554c28b8c4aa868d9d159adbae78ec76b61c48d5076536cb0775f62f2a53e810
                                                                                        • Opcode Fuzzy Hash: 7a8a4e76609260bfd605146a69dd25fd5b44d54c6758220eefbafadbb238ad22
                                                                                        • Instruction Fuzzy Hash: 8E1122B9800349DFDB20DF9AC444BDEFBF8EB48320F108419E518A7600D375A950CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6A608 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,00000000), ref: 08A6A66D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3850602802-4189684872
                                                                                        • Opcode ID: 7cba042ec69762c321d477456e8b36794757000165f61a1f6591391966be3524
                                                                                        • Instruction ID: 9ad0b24caa4713385bb1af603f371be83f0ba5e954691090e1c42f974a1dc902
                                                                                        • Opcode Fuzzy Hash: 7cba042ec69762c321d477456e8b36794757000165f61a1f6591391966be3524
                                                                                        • Instruction Fuzzy Hash: 981106B5800249DFDB10DF99D844BDEFBF8FB48320F108459E518A7610C3756554CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6C611 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000018,00000001,?), ref: 08A6C675
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 3850602802-4189684872
                                                                                        • Opcode ID: bd9b6993fc4980dd3e617e1c59ee2fa9fc88380a053da6c052eee486baa07a86
                                                                                        • Instruction ID: 2b0ab896ffa590a6286116359dba89094f17ed0b8db9d083da6417b2f2fdddb6
                                                                                        • Opcode Fuzzy Hash: bd9b6993fc4980dd3e617e1c59ee2fa9fc88380a053da6c052eee486baa07a86
                                                                                        • Instruction Fuzzy Hash: 5C1125B5800289DFDB11CF9AC484BDEFFF4EB48320F20845AD458A7610C375A544CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BED728 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00BED78E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 4139908857-4189684872
                                                                                        • Opcode ID: 41a3bfbabaec208f5cdf2f6b1524cddcb736ba13e78b8a6124afcca34aeaf485
                                                                                        • Instruction ID: 4d6a3c9174156426891939dbc35791201c138a546581ad384bcb9a136800c4dc
                                                                                        • Opcode Fuzzy Hash: 41a3bfbabaec208f5cdf2f6b1524cddcb736ba13e78b8a6124afcca34aeaf485
                                                                                        • Instruction Fuzzy Hash: 2511D2B6C006498FDB10CF9AD444B9EFBF5EB48314F14845AD419A7610C3B5A945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEF74C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,00BEFD60,?,?,?,?), ref: 00BEFDD5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3895584809.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_be0000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 1378638983-4189684872
                                                                                        • Opcode ID: d920e30ee665c7746a2341711ac51af2cf37715807eeac0a767c677432384118
                                                                                        • Instruction ID: 316e3cd9c03240497d6c69efac9ad73c11d180a320641d88474f0b2ee9bcb1fd
                                                                                        • Opcode Fuzzy Hash: d920e30ee665c7746a2341711ac51af2cf37715807eeac0a767c677432384118
                                                                                        • Instruction Fuzzy Hash: 07110AB5800649DFDB10CF9AD445BEEFBF4EB48310F208559D514A7740C375A944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A17490 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,08A18017), ref: 08A18B85
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2061451462-4189684872
                                                                                        • Opcode ID: 9aab779a47fa2f491d783675fc132b9d3cb6b162af05cb0301f2fedb7f83a429
                                                                                        • Instruction ID: dc640d6452a998fc329bae1a01aae922c67bed5e2b204b3da07f4cab82f616be
                                                                                        • Opcode Fuzzy Hash: 9aab779a47fa2f491d783675fc132b9d3cb6b162af05cb0301f2fedb7f83a429
                                                                                        • Instruction Fuzzy Hash: 6411FEB5D04649CFDB20DF9AD844B9EFBF4EB48324F10846AE518B7610D378A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A18B20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,08A18017), ref: 08A18B85
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3968058981.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a10000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 2061451462-4189684872
                                                                                        • Opcode ID: 7ecbde2f4839d668953365773b508f65a0750d07327e8c809a50125ccbc5ec69
                                                                                        • Instruction ID: b21e610034c56deabfb7cb8d0bd956557ff3837384cf4afa821e2411cc265d8d
                                                                                        • Opcode Fuzzy Hash: 7ecbde2f4839d668953365773b508f65a0750d07327e8c809a50125ccbc5ec69
                                                                                        • Instruction Fuzzy Hash: C6112EB4C046888FDB20CFAAD444BDEFBF0EB48320F14856AD469A7610C378A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0715B520 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000014,?,?,03A14358,02A3059C,?,00000000), ref: 0715B67E
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3959076346.0000000007150000.00000040.00000800.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7150000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: e9bc42df6cfb75af08d477788880bc452b87b4e4c3b102798a41acff76a2c1f2
                                                                                        • Instruction ID: 7d2cbb63e90dec1b8e042982576d0b524ee85ceaedd8799aaa1de3900fefe6b7
                                                                                        • Opcode Fuzzy Hash: e9bc42df6cfb75af08d477788880bc452b87b4e4c3b102798a41acff76a2c1f2
                                                                                        • Instruction Fuzzy Hash: CC716EB4A11209EFCB19DF69D884DAEBBB6BF48714F114099F911AB361DB31EC81CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08619E58 Relevance: 1.7, APIs: 1, Instructions: 162libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 4a6613f125946db22dd89b50f3ed1f45dd09db9526eed1919b30a0a1e8234afc
                                                                                        • Instruction ID: 27e70e4dd4fc9e7fdf39d40199247ca3bb3fbb6cd8a864042c0b856ae2c52ac8
                                                                                        • Opcode Fuzzy Hash: 4a6613f125946db22dd89b50f3ed1f45dd09db9526eed1919b30a0a1e8234afc
                                                                                        • Instruction Fuzzy Hash: 1661CF74E01258CFCB14DFA9D480A9DBBF2FF89301F24816AD418AB365DB359842CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08619E68 Relevance: 1.7, APIs: 1, Instructions: 153libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 11daaf66378a38932726a2c881fc055425d154d874f4c9e9b370be3bdcb9072e
                                                                                        • Instruction ID: 2793d2fb83d1928cb9aecb34d8774b6f69c09a95914dd0270c240a4cf49b84b5
                                                                                        • Opcode Fuzzy Hash: 11daaf66378a38932726a2c881fc055425d154d874f4c9e9b370be3bdcb9072e
                                                                                        • Instruction Fuzzy Hash: 0661AE74E01218CFCB54DFA9D580A9DBBF2FF88301F248169D818AB365EB35A842CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08619557 Relevance: 1.6, APIs: 1, Instructions: 127libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 662fc4638da8570a29c0b8ad1190e3df5fe5f767f8203073ed9089c3356dc124
                                                                                        • Instruction ID: bb3fffe224ec25a7e1288322973b16d9d229c8c07f9d2ad0a3945c2b2eb1525d
                                                                                        • Opcode Fuzzy Hash: 662fc4638da8570a29c0b8ad1190e3df5fe5f767f8203073ed9089c3356dc124
                                                                                        • Instruction Fuzzy Hash: 00510474E00348CFCB55DFA9D494AADBBB2FF89305F648569E405AB368DB356842CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08619568 Relevance: 1.6, APIs: 1, Instructions: 122libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2cd224e4c8b5e15b36882303417dfc2562431574ad7f27c5414ac3c1b5a56249
                                                                                        • Instruction ID: 5c2fcc5953561a1e63a4bee45cab692866114a2e07c4c99aa577a403b194e628
                                                                                        • Opcode Fuzzy Hash: 2cd224e4c8b5e15b36882303417dfc2562431574ad7f27c5414ac3c1b5a56249
                                                                                        • Instruction Fuzzy Hash: B751E574E00248DFCB54DFA9D494AADBBB2FF89305F648569E405AB368DB35AC42CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08619CDA Relevance: 1.6, APIs: 1, Instructions: 105libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: bf94feff8fd1a7cb879e0ccb6b0cad31aa3f978ad2dd92b433ff976e4e6fc2fe
                                                                                        • Instruction ID: 3d9e4ac570d1b3d44c656a4b99d14f04cd02a357c31acfa47d04b1272c579806
                                                                                        • Opcode Fuzzy Hash: bf94feff8fd1a7cb879e0ccb6b0cad31aa3f978ad2dd92b433ff976e4e6fc2fe
                                                                                        • Instruction Fuzzy Hash: 15412774E01248CFCB14DFB9E494AADBBB2FF89301F248569D405AB364EB359842CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0861A660 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000000,03A14358,02A3059C), ref: 0861A6E7
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 1ca6ac174f6655d15cfa8b65666d7d898225915f58ca54fb374a064b3bb088f1
                                                                                        • Instruction ID: dfd76c7c69231ae5b0f2808fc05e960c3d648a8324544d76c7d3f4481dcc0011
                                                                                        • Opcode Fuzzy Hash: 1ca6ac174f6655d15cfa8b65666d7d898225915f58ca54fb374a064b3bb088f1
                                                                                        • Instruction Fuzzy Hash: 40318D343002119FD714EBBDE440B5A73E6EFC5B11B48C968E2168B7A9DF70AD0A9B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08619CE8 Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 8c4be8ba36a5624efa9e02acc0e67d5785683f3cc0d3e251a6de11bccfa82647
                                                                                        • Instruction ID: 4114b33b4b4b0b5ca56a543edce27cca06d9b5c6462ba06366fa849c73d24b7a
                                                                                        • Opcode Fuzzy Hash: 8c4be8ba36a5624efa9e02acc0e67d5785683f3cc0d3e251a6de11bccfa82647
                                                                                        • Instruction Fuzzy Hash: CF411A74E00248CFCB14DFA9E4946ADBBB2FF89301F248569E405AB364EB35AC42CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0861A652 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000000,03A14358,02A3059C), ref: 0861A6E7
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963142199.0000000008610000.00000040.00000800.00020000.00000000.sdmp, Offset: 08610000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8610000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 154dc548470dbbda0dc5a75cfc2882a96c964a145a02a8426be7cc03db16c4f1
                                                                                        • Instruction ID: 83e90fd9eea8bd58faf9e1b63e5d9a85bddc969540e6c410b6f87e2a5e261925
                                                                                        • Opcode Fuzzy Hash: 154dc548470dbbda0dc5a75cfc2882a96c964a145a02a8426be7cc03db16c4f1
                                                                                        • Instruction Fuzzy Hash: 4C31DF303002109FC315EBA9D440B5A7BF2FFC5A11B098999E1168F7A6DB71ED0ADB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08649A58 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000003,00000000,00000000,?,?,?,00000000), ref: 08649AD6
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 5afea7492d5a57bb190607d8f67f6ddac65987dab745bbd6a2ecf17a3c9e14d5
                                                                                        • Instruction ID: 6360461b315d9fbf8240b406a1fd2c5e1a91238ed4eed31bf0b23aed5ae04691
                                                                                        • Opcode Fuzzy Hash: 5afea7492d5a57bb190607d8f67f6ddac65987dab745bbd6a2ecf17a3c9e14d5
                                                                                        • Instruction Fuzzy Hash: 3121D131B401159FEB14EB5ADC00BAEBB76EFC8315F058178E509973A5CB70E966CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086490D8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32 ref: 08649081
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: ForegroundWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2020703349-0
                                                                                        • Opcode ID: 33d75a7b494e1fe46e76131f91f598c1febe45a13372bed3b3a8af8d91636897
                                                                                        • Instruction ID: c0b723a1127de3370a6b4b10dc12da26a4f95257b39e3f190f63799fc9adb3fc
                                                                                        • Opcode Fuzzy Hash: 33d75a7b494e1fe46e76131f91f598c1febe45a13372bed3b3a8af8d91636897
                                                                                        • Instruction Fuzzy Hash: A211DF316047408FDB259B6AA4047AEBFE1DFC5726F1554AED109DB362CA7AC802CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08649B28 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000003,00000000,00000000,?,?,?,00000000), ref: 08649AD6
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3963633600.0000000008640000.00000040.00000800.00020000.00000000.sdmp, Offset: 08640000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8640000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 894b553f78c45bf78e00415ac1e06c3b09f290c5551dc7fc4a54c9dbc750a54f
                                                                                        • Instruction ID: 0aa40c9e3dccc13b0638d88907a7bab4005aaa163d6064d4a309b0690fc0f6c0
                                                                                        • Opcode Fuzzy Hash: 894b553f78c45bf78e00415ac1e06c3b09f290c5551dc7fc4a54c9dbc750a54f
                                                                                        • Instruction Fuzzy Hash: 7E110435B00245AFEB05EBA8DC40BAEBF72EFC5300F0180A5D505AB3A6C6745917CB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6056C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08A62142
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: c99a7e1c1479988e06ac800cfa56c009e0065ae88051bdfaf2362d82f0952a0a
                                                                                        • Instruction ID: a016409d5e7784d5b4eae9d62002e27b59fba7f20263444545ea58bb80c0f1b7
                                                                                        • Opcode Fuzzy Hash: c99a7e1c1479988e06ac800cfa56c009e0065ae88051bdfaf2362d82f0952a0a
                                                                                        • Instruction Fuzzy Hash: 51E026703002144B9618BB799854A3F37AEEF88921300485EF906EB3A0CF20EC01C3D4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6211E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08A62142
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 143d0d8ae2baee661df40174cd8adb6c90660b9da92199533843821bcb514f59
                                                                                        • Instruction ID: 63ca92856c125f9e2cd47bd77db600e122ed4783b02eaf1f6aa74d0d778c5610
                                                                                        • Opcode Fuzzy Hash: 143d0d8ae2baee661df40174cd8adb6c90660b9da92199533843821bcb514f59
                                                                                        • Instruction Fuzzy Hash: 00E0C2717002204B8B1CBB79E85496B3BAADF889A1300446DE90ADB3A4CE61CC02C7D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08531C40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: ad6444b187b0449cff7dc9a27b636b032b99366db3c876ebd47dfee6eda13c5d
                                                                                        • Instruction ID: a8f1469b7e3b81ea3eb50793674facb3236392b3d34b1f9cfa8bb42c7561a7b1
                                                                                        • Opcode Fuzzy Hash: ad6444b187b0449cff7dc9a27b636b032b99366db3c876ebd47dfee6eda13c5d
                                                                                        • Instruction Fuzzy Hash: 5971E130704B548FDB15AF7894583AE3BA2FF86321F14459AE9568B3D2DF348C86C792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08531CA8 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 48b48bbd23a24b1e6be3ccb3c4162891927c98c16ef65da33042d02897d64d06
                                                                                        • Instruction ID: 5e9f497243d82b516d89650b2c06e0569821c9379255172f3f680a4db78dfab8
                                                                                        • Opcode Fuzzy Hash: 48b48bbd23a24b1e6be3ccb3c4162891927c98c16ef65da33042d02897d64d06
                                                                                        • Instruction Fuzzy Hash: B071B030700A149BDB256F78945836D3792FBC6322F24866EF9269B3D1CF358D86CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853FE78 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 0-4189684872
                                                                                        • Opcode ID: 708a49bebdf83b4e87877a02b9530622dc561afeb2963bdc27ceaea68a13c001
                                                                                        • Instruction ID: 97b9529acba48630101993af254c88939217a8b87b4a882523d4a88ce34c16a8
                                                                                        • Opcode Fuzzy Hash: 708a49bebdf83b4e87877a02b9530622dc561afeb2963bdc27ceaea68a13c001
                                                                                        • Instruction Fuzzy Hash: F21122B1800349CFDB20CF9AD445BEEBBF4EB48320F10846AE558A7751C378A944CFA6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853FE80 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 0-4189684872
                                                                                        • Opcode ID: 15d66901501f627675cb756da287429ce2a3ef6773754376680dcffbe1613f7b
                                                                                        • Instruction ID: c9a84c5a03133741048249ce8e70ec4e66d9552d89664b9d183a1055eebff6f8
                                                                                        • Opcode Fuzzy Hash: 15d66901501f627675cb756da287429ce2a3ef6773754376680dcffbe1613f7b
                                                                                        • Instruction Fuzzy Hash: CD1115B5800649CFDB10CF9AD445BDEFBF4EB48320F10845AD558A7751D378A544CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08537399 Relevance: .5, Instructions: 495COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c04ed2573b72809ab0bc693c84bbd01a8b8c3a6156d50ba3c0c497578961dff1
                                                                                        • Instruction ID: 578f9b99f1a6a388a55ba4bd524eef4deb72c80cbd8564cbb6e5630b8d7ccfd9
                                                                                        • Opcode Fuzzy Hash: c04ed2573b72809ab0bc693c84bbd01a8b8c3a6156d50ba3c0c497578961dff1
                                                                                        • Instruction Fuzzy Hash: 34427374A01269CFCB65DF24D990BE9B7B2FB59300F5085EAD809A7758DB319E82CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853097B Relevance: .5, Instructions: 477COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b0d28b2c97d16fca84495029769bd6dd8687bb42660258655ac2fefab298a137
                                                                                        • Instruction ID: 961fe3deea1e67f22580f48e025729d547619994863a16517aa586c532e3cabc
                                                                                        • Opcode Fuzzy Hash: b0d28b2c97d16fca84495029769bd6dd8687bb42660258655ac2fefab298a137
                                                                                        • Instruction Fuzzy Hash: 7F22B234A01229CFDB64DF24D898BA9BBB1FF8A311F5055E9E40AA7761DB315E81CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532310 Relevance: .4, Instructions: 393COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 04826511830136fb0d7b985c2fa0984c0a685a17afa05cf5817904b5995a2da9
                                                                                        • Instruction ID: 70426a457521a91a0c81190ddbe6f9afff69cd29110ab08072099e5bd7c85493
                                                                                        • Opcode Fuzzy Hash: 04826511830136fb0d7b985c2fa0984c0a685a17afa05cf5817904b5995a2da9
                                                                                        • Instruction Fuzzy Hash: 3BD106347046548FDB15DB68D450BAE7BB2FF89322F2841A9E105DF3A1CA70DD86CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08533168 Relevance: .4, Instructions: 363COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67eba08b569e14434e0a7f23802257fc1074db3df966d7ff876710cce029124a
                                                                                        • Instruction ID: a1c8e904d2c922be8d6267639a4aac1408840c12ba52bd806ffb7ef1c6f70b58
                                                                                        • Opcode Fuzzy Hash: 67eba08b569e14434e0a7f23802257fc1074db3df966d7ff876710cce029124a
                                                                                        • Instruction Fuzzy Hash: 59E15F34A00219DFDB05EBA9E444BAEBBB2FBC8710F508068E406A7354DF35AD46DF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08535180 Relevance: .3, Instructions: 313COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d416daf3e72447f2bdb8664852d9be043f2175fb97a560c223481171cd1b8d3
                                                                                        • Instruction ID: f9c73e9543c254e6247173c136a49f0ddb2f9ab5e9e2cce7b18648ae88d5e14d
                                                                                        • Opcode Fuzzy Hash: 1d416daf3e72447f2bdb8664852d9be043f2175fb97a560c223481171cd1b8d3
                                                                                        • Instruction Fuzzy Hash: 0CA128346043159FDB1C5B39D84433E7BEABFC2622F18996DE842DB295EE34C845C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532D90 Relevance: .2, Instructions: 248COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 307549f10721d4d6eb60b71c8ef701e1a538974785818cdbf54e4110724961bd
                                                                                        • Instruction ID: c2ef505745cea4cf415df5c35c742cce3fac3cf0ebcc2aaccf2ac52360823578
                                                                                        • Opcode Fuzzy Hash: 307549f10721d4d6eb60b71c8ef701e1a538974785818cdbf54e4110724961bd
                                                                                        • Instruction Fuzzy Hash: 93714372B04B519FCB148B78D844AAABFB5FBC5322F18856EE059CB711C631D8068B60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08534614 Relevance: .2, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 844b29ad9db02dba9207edd24ca7e77f8e8f3f0a266f970ad0bd84fb44bf9f3c
                                                                                        • Instruction ID: 436d6cc4098d278012f0c6aedde825d462ca4603819ab4eed405d62df00ebb58
                                                                                        • Opcode Fuzzy Hash: 844b29ad9db02dba9207edd24ca7e77f8e8f3f0a266f970ad0bd84fb44bf9f3c
                                                                                        • Instruction Fuzzy Hash: D9814170B003149FDB099BB8C45876F7BE6EFD5210F18459DE486AB382CB399C85CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08530438 Relevance: .2, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 25a8d082d36f217458dbf573f9e248a89e39739121c2f048fefef3c6c5787bc1
                                                                                        • Instruction ID: 7e1246cfc761855aaa7b8073497bfea29060b6550038eb782537f39c6b199f68
                                                                                        • Opcode Fuzzy Hash: 25a8d082d36f217458dbf573f9e248a89e39739121c2f048fefef3c6c5787bc1
                                                                                        • Instruction Fuzzy Hash: 17A1E974D002188FDB24DF64D958B9DBBB2FF49322F1082A9E419A7295DB705D85CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853018C Relevance: .2, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6b1abe57aed3e5d70b2436bde10a39c52fb2c7176758a9a9009a92c9611ae3ba
                                                                                        • Instruction ID: 26072c062cd37dfdb3615210757c95ff961c8dedc88ea601f897570c87e7ea89
                                                                                        • Opcode Fuzzy Hash: 6b1abe57aed3e5d70b2436bde10a39c52fb2c7176758a9a9009a92c9611ae3ba
                                                                                        • Instruction Fuzzy Hash: 9E71BD74901229CFDB29DF69C854BEEBBB2BB89301F1085E9D849A7361DB355E81CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08536BD0 Relevance: .2, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c3f5217569214f0f3ac7cd2383d6b301ef8e446bd13ae31058145c12d646601
                                                                                        • Instruction ID: 531a2af293f1a8400cf6ece4ae381ec0d233cd1d57fd121afee2ced6f30a558a
                                                                                        • Opcode Fuzzy Hash: 7c3f5217569214f0f3ac7cd2383d6b301ef8e446bd13ae31058145c12d646601
                                                                                        • Instruction Fuzzy Hash: F881BA74A01228CFEB65DF64C854BEAB7B2BB8A300F5085E9D849A7350DB359EC1CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08534267 Relevance: .2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f19ea0b621e29dd2f74e479bc338ec1d5685df1b188a4b2bd0bf3ccb4496d38e
                                                                                        • Instruction ID: bcb751bf104483562c830e506af3328eff0889d6b021b6037206b147c8d29af6
                                                                                        • Opcode Fuzzy Hash: f19ea0b621e29dd2f74e479bc338ec1d5685df1b188a4b2bd0bf3ccb4496d38e
                                                                                        • Instruction Fuzzy Hash: 51613B75E01228CFDB24CF64CC94B99B7B2BF98326F1582A9D819AB390D7319D81CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532A48 Relevance: .2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 69df52cd2975fad0db02ecc58b0a40784636fa096427f3df9367074ef88bce3e
                                                                                        • Instruction ID: e45d5b6aa1e8a6055d4fa9b8e5027f1a37a5d7f0d0277078f69459e3c43c8096
                                                                                        • Opcode Fuzzy Hash: 69df52cd2975fad0db02ecc58b0a40784636fa096427f3df9367074ef88bce3e
                                                                                        • Instruction Fuzzy Hash: F751F531B056449FCB15EBB8D81466E3FF6BF86202F1440BEE545CB352DA748D46CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085305CD Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e15e6ce6bd510a5975c05f05f75b2d3d8597b9a1620f2eb89153521b80a4ad91
                                                                                        • Instruction ID: dd14968b03fdd7a7718ab87b08ba4efac5fa96e76a290b548f7619e5c41bf037
                                                                                        • Opcode Fuzzy Hash: e15e6ce6bd510a5975c05f05f75b2d3d8597b9a1620f2eb89153521b80a4ad91
                                                                                        • Instruction Fuzzy Hash: 3151E974E00218DFDB24DF64D998BADBBB2FB49321F108299E429A72D6CB705D85CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08538299 Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4b1e369fa4d02c3e263858324e308866624535ca6c871bc29b8ca067fb19e6f2
                                                                                        • Instruction ID: e37f335e0faebc038ba504533e969d76847dca2cb21e994cbe481b251a451144
                                                                                        • Opcode Fuzzy Hash: 4b1e369fa4d02c3e263858324e308866624535ca6c871bc29b8ca067fb19e6f2
                                                                                        • Instruction Fuzzy Hash: 7C51F074E01219DFCB18CFA9D580AEEBBB2BF89311F24816AE415B7350DB349942CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085325F8 Relevance: .1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 680654ce007e80c339c708bafe8d932a8c736861696352550e1ce17793467a2c
                                                                                        • Instruction ID: 4b37f3d768f28b9062d98c26d298b1db959c3107d0a38ed5100421db749e0a50
                                                                                        • Opcode Fuzzy Hash: 680654ce007e80c339c708bafe8d932a8c736861696352550e1ce17793467a2c
                                                                                        • Instruction Fuzzy Hash: 61412835A002188FDB04DBA8D980EDDBBF6BF8C321F155194E501AB3A1DB71ED85CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08535D38 Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7bc2e73f64a289b17ebb704d6e87bb808ba6932dcc8a0eade24fb285b64781ea
                                                                                        • Instruction ID: 6f4a20a8273cf90a09d907ca44027b6bf2b925fc606f5267d6924cb4ed767cdc
                                                                                        • Opcode Fuzzy Hash: 7bc2e73f64a289b17ebb704d6e87bb808ba6932dcc8a0eade24fb285b64781ea
                                                                                        • Instruction Fuzzy Hash: A0411678E01249DFCB04DFA9D4849AEBBF2FF89311F2484A9D414AB364DB349942CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532679 Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2d38070392fa84dee64ae0a35787d1d5a551b151bf6d461ca3cdefd03a6f2286
                                                                                        • Instruction ID: b288ebd33cb592b581815c26df75c18ae26bd5553a17fef3451abca86f466bb5
                                                                                        • Opcode Fuzzy Hash: 2d38070392fa84dee64ae0a35787d1d5a551b151bf6d461ca3cdefd03a6f2286
                                                                                        • Instruction Fuzzy Hash: 36311775B002198FDB44DFA8C490EDDBBF2BF88621F195084E505AB361DB71ED85CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085326AD Relevance: .1, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 79d8cfde005fd2ba29f86e3ceab84ce148c03d1f22d283a2577be723eca2c448
                                                                                        • Instruction ID: 279d0c15e107d921fdf002ec1549899c92d4d2e70339e9222c4226a58e98d46d
                                                                                        • Opcode Fuzzy Hash: 79d8cfde005fd2ba29f86e3ceab84ce148c03d1f22d283a2577be723eca2c448
                                                                                        • Instruction Fuzzy Hash: 2A314835B002098FDB44DFA8D880EDD7BF2BF88621F194094E501AB361DB71EC89CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532BF8 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cc1a10f4ec678d34030292ecb436e876b3003ecbce3dd74f0ea290fe81cefc16
                                                                                        • Instruction ID: 910feefd2211c9667e3919c98e870459e92146db0b3c7f30f4574138eab0cefe
                                                                                        • Opcode Fuzzy Hash: cc1a10f4ec678d34030292ecb436e876b3003ecbce3dd74f0ea290fe81cefc16
                                                                                        • Instruction Fuzzy Hash: B131F930605788AFCB16DB78C454A6E7FB2FF85211F2480EED4459B662CE314D86D792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085330A4 Relevance: .1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ba99a5e715a6b8613cf36420a2626eda544e4c41214293a89d390b48285905aa
                                                                                        • Instruction ID: a904f1fd6120557c60acf2160231b9a9e256e18bd34df4149a56100092365d79
                                                                                        • Opcode Fuzzy Hash: ba99a5e715a6b8613cf36420a2626eda544e4c41214293a89d390b48285905aa
                                                                                        • Instruction Fuzzy Hash: 8D21B735B00610CFD718DF6AE444AAABBF1FF89712B0485ADD549CB731DB319905CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532D10 Relevance: .1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4f1b083890e0829b0fddd3fe3c9d1e58aa3443681ca1f616a456ee6d53073be5
                                                                                        • Instruction ID: e60c0a65119de375f70c093c7408d8e1fa55c71792225f136d39f2fa8d8dba6d
                                                                                        • Opcode Fuzzy Hash: 4f1b083890e0829b0fddd3fe3c9d1e58aa3443681ca1f616a456ee6d53073be5
                                                                                        • Instruction Fuzzy Hash: 3C21D63120A7D49FCB035B349858A5D7FB2FF96222B1940EFE145CB662CA748C4AD711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085340F0 Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 64ed6c97ed9745c1706890a8006be145c9ed21e51e89e2a8ac95292225e05997
                                                                                        • Instruction ID: 0076c8106ed569b0316fbf041349dbff7ea7a80c544912cbf6c93222bb791adb
                                                                                        • Opcode Fuzzy Hash: 64ed6c97ed9745c1706890a8006be145c9ed21e51e89e2a8ac95292225e05997
                                                                                        • Instruction Fuzzy Hash: 8621FC317002199FCF119FA5AC40ABFBBB6FF98761F144129F525D3291CB318922D7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08531458 Relevance: .1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a4dc07f8393fc4d641c4bbfa4e22d240f5665925c3f52557df16b7c697cb51ee
                                                                                        • Instruction ID: 0d3b3bf40a1b91d2dace7b22c9acf0abc86e6a8030dddd867867bdd4d2ab825f
                                                                                        • Opcode Fuzzy Hash: a4dc07f8393fc4d641c4bbfa4e22d240f5665925c3f52557df16b7c697cb51ee
                                                                                        • Instruction Fuzzy Hash: 9721E73090A7C89FCB138F34D8548AD7FB4FF4A21170540EEE485DB163C6744919DB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D690 Relevance: .1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 244ed8b3dc61cfb4073f6779615a83f60748628fa1cbe82a5c566c5c1a84f037
                                                                                        • Instruction ID: c11dd1b883e5cb94a7bdcbc4e78eac1d8887ea137249f1b962dfea793e37e1d3
                                                                                        • Opcode Fuzzy Hash: 244ed8b3dc61cfb4073f6779615a83f60748628fa1cbe82a5c566c5c1a84f037
                                                                                        • Instruction Fuzzy Hash: E921F1B2504244EFDB099F50D9C0B26BBB5FF88354F24C6A9E90D0B256C336D816CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D3EC Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41848962d972813a7a13cc30fa5567cc98c99aa33be5fb0d88874d8eca3b363c
                                                                                        • Instruction ID: 02a54f68558d8dcda15782334c721cac4474238c7a14c3ade1db8a4fa97831f8
                                                                                        • Opcode Fuzzy Hash: 41848962d972813a7a13cc30fa5567cc98c99aa33be5fb0d88874d8eca3b363c
                                                                                        • Instruction Fuzzy Hash: 852125B2504204EFDB04DF14D9C0B26BBB5FF94364F24C5A9E90D0B356C336E856CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D4D8 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 078a1425dd8f38c537712d9e3d5f3726c5860dfce835f3575f02232d52b9645f
                                                                                        • Instruction ID: 11256a3455e9392b19a66e61548dd40b3503c48556d2b5e04556d8948b3a22de
                                                                                        • Opcode Fuzzy Hash: 078a1425dd8f38c537712d9e3d5f3726c5860dfce835f3575f02232d52b9645f
                                                                                        • Instruction Fuzzy Hash: 77210671504204DFDB04DF14D9C0B16BFB5FFA8358F24C5A9E8090B256C336D856CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085367C8 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d8284832b50f768c086c8863d6e74cf87f89194068a18ce584829bdf36452439
                                                                                        • Instruction ID: f9fd5096e7f9989ef7f479f68f2460cd3902307c842129a1363bb7f318c31a7a
                                                                                        • Opcode Fuzzy Hash: d8284832b50f768c086c8863d6e74cf87f89194068a18ce584829bdf36452439
                                                                                        • Instruction Fuzzy Hash: AE213970D00629DFDB28CF66C9047EEBBF2BF89301F1084AAD848B7260DB745A858F50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08536AA6 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5289d7ba634e0150d4aa52df39d94bbce51886804769421a102736ead107c369
                                                                                        • Instruction ID: a335e75e158f3dee5ab87178dcad599449eddb25fd4ed6cd95d60b904a5fa8c5
                                                                                        • Opcode Fuzzy Hash: 5289d7ba634e0150d4aa52df39d94bbce51886804769421a102736ead107c369
                                                                                        • Instruction Fuzzy Hash: 8E31C234900229CFCB64DF64C854AEEBBB1BF8A301F6054E9D849AB351DB769A85CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B8D2D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3892518326.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b8d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83441c490a88939f27a54967cf6ba0c89b6d557090f846275b7af714f20b3056
                                                                                        • Instruction ID: ab53acecaffaad17446f3bc05cfa38f1c8f4a1f2e3df39cf440d21f1dde23ba8
                                                                                        • Opcode Fuzzy Hash: 83441c490a88939f27a54967cf6ba0c89b6d557090f846275b7af714f20b3056
                                                                                        • Instruction Fuzzy Hash: 7321F9B1504244EFDB10EF14D5C0B1ABBA5FB84714F24C5AAD8494B296C336D846CB63
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B8D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3892518326.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b8d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: debb1bbfc1c4c87d1ab259bfa05fc311f8755a25f477c3322c75063e332f4692
                                                                                        • Instruction ID: 81c196a3581dd1ced1dca594794b5101d71c0cd45f8069b8d279dcd3d0982e07
                                                                                        • Opcode Fuzzy Hash: debb1bbfc1c4c87d1ab259bfa05fc311f8755a25f477c3322c75063e332f4692
                                                                                        • Instruction Fuzzy Hash: 0521D771604344EFDB15EF54D9C0B25BBA5FB84314F24C5AEE8494B2E6C336D846CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B8D01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3892518326.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b8d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 653a45788adc868247411ec0c98f49c51903564d02dde1860a892e572077c64d
                                                                                        • Instruction ID: 6b54c5d29b59476a611187d860b130c66ecc059a12caeda14ef98514c7d053d7
                                                                                        • Opcode Fuzzy Hash: 653a45788adc868247411ec0c98f49c51903564d02dde1860a892e572077c64d
                                                                                        • Instruction Fuzzy Hash: FA21F571504344EFDB14EF24D9D0B16BBA5FB84314F24C5AED8494B2A6C336D847CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085341B8 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 960041cdddfbc55f765ffba363920401feda89b960b331dd2106003b268e6231
                                                                                        • Instruction ID: ec70d25f98088c1cb1e079fdb322fb460c5091973cbdb97d37b6ccd645ea139a
                                                                                        • Opcode Fuzzy Hash: 960041cdddfbc55f765ffba363920401feda89b960b331dd2106003b268e6231
                                                                                        • Instruction Fuzzy Hash: 0311E6313056449FCB16AF78984496E7FA2FF8A250B1440AEF945CB362DA718852DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853284D Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff528508e7fd639d0c021d1c36ded0fe097bdc7b52edd8f2ea59134e7423e205
                                                                                        • Instruction ID: e8ba83be6be478285464bd30653f5d0bf6864436d3bd5e70c880334a61843973
                                                                                        • Opcode Fuzzy Hash: ff528508e7fd639d0c021d1c36ded0fe097bdc7b52edd8f2ea59134e7423e205
                                                                                        • Instruction Fuzzy Hash: E811F9B6B007108BEB5A2B70D01C32D36A2EB89216B95087CD80BD7781DE398DC6CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085327F8 Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e43cbb9b0373493ba9e6d9631bc5d9bf75cd97b19ce1f3a8a879e32390428631
                                                                                        • Instruction ID: f624f5c7f370382549cab738f71639f8b44e4fbe5b904957022c02b442247336
                                                                                        • Opcode Fuzzy Hash: e43cbb9b0373493ba9e6d9631bc5d9bf75cd97b19ce1f3a8a879e32390428631
                                                                                        • Instruction Fuzzy Hash: 5411E632A002489FCB11EFADD440ADEBFF2BF88260F140169D145DB611D7709945CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085330B0 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d47ae07f89ec662310ff851e183c3e8db6d2caad0888550170f698616bff329d
                                                                                        • Instruction ID: 73434f117e2b1ce8847e53f7f67d6cbc387866cae8e6d72e20817bc7df3c80e6
                                                                                        • Opcode Fuzzy Hash: d47ae07f89ec662310ff851e183c3e8db6d2caad0888550170f698616bff329d
                                                                                        • Instruction Fuzzy Hash: AA11A730B002249BDB299A79AC007BA77F6FFC4BA1F04852DE41697350EA308D4197D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B8D006 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3892518326.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b8d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a9ec774b9a1becc54d2afdc9a43b1deae510d7e42e987e26e63b966b7a5dda91
                                                                                        • Instruction ID: e3c911210b1063ad486978be5879f67d20e0b206177f684863b77b362d3f914a
                                                                                        • Opcode Fuzzy Hash: a9ec774b9a1becc54d2afdc9a43b1deae510d7e42e987e26e63b966b7a5dda91
                                                                                        • Instruction Fuzzy Hash: 90219275509380DFCB02DF20D990715BFB1EB45314F28C5DBD8498B6A7C33A980ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532968 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cb6883671b47030574f4d1711d2e44f4491c12a875b0713bcbb6835597dd7e8b
                                                                                        • Instruction ID: 3c54157a747e02e7fb36f6e6ed82364d6fb9742c5cd742e86dcc2bb3842bdb6e
                                                                                        • Opcode Fuzzy Hash: cb6883671b47030574f4d1711d2e44f4491c12a875b0713bcbb6835597dd7e8b
                                                                                        • Instruction Fuzzy Hash: 07113D36300624CFD714DB69E944A56B7E6FF89722F11846EE54A8B361CA71EC41CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D68B Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                                        • Instruction ID: cef10863b9407c137bedadc896cacf03ef131f14a7b0cafca048ce28dc555dd8
                                                                                        • Opcode Fuzzy Hash: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                                        • Instruction Fuzzy Hash: 4F219D76504280DFCB0ACF10D9C4B16BFB2FF88314F24C6A9D9494B656C33AD866CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532F28 Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4b0570256d9ea08eb625ce57f9ce68bdbd4eeacb6f4d32505495cf62156f6b3d
                                                                                        • Instruction ID: 11ff025ce9b405004670ad70602e9e4ebe2dab7cd4f9a457c950a1d5455dd11d
                                                                                        • Opcode Fuzzy Hash: 4b0570256d9ea08eb625ce57f9ce68bdbd4eeacb6f4d32505495cf62156f6b3d
                                                                                        • Instruction Fuzzy Hash: 92112E76E00A259FCB24EFB894456AEBBF5BB88252F544529D405E3708DB319C428BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction ID: e4bdaa48aa7811cbadc330972c38011b5af5ad12b266f508f7f44f640bbcd249
                                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction Fuzzy Hash: D611AF76504240DFCB05CF10D9C4B16BFB2FF94324F24C6A9D8090B656C33AE856CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D4D3 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction ID: dad6a0286c1a46aeada3d463b6b24404bef6f29ca97e948d8d6589720ed2334a
                                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                                        • Instruction Fuzzy Hash: C5118176504240DFCB15CF14D9C4B16BFB1FF94328F24C6A9D9094B656C33AD856CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532FBF Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 60a2aac39462e0175d9d29aa33f410cc5a9aa3635d0ad50b2d3c04d26f80c3b7
                                                                                        • Instruction ID: 968db2eda4faa804e3abf873fdbe58f01a1aa04ebb58f5e677e808628e7afbd2
                                                                                        • Opcode Fuzzy Hash: 60a2aac39462e0175d9d29aa33f410cc5a9aa3635d0ad50b2d3c04d26f80c3b7
                                                                                        • Instruction Fuzzy Hash: FB017B37B01A718FCB218A6CE0828EDFBB1FBC5163B08417AE849E7705C6318C038790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B8D1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3892518326.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b8d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction ID: dc93aeaf2e6b337f47a005dce9b96560fc0af66f38e45cd8f8c4b5eb76bb216d
                                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                                        • Instruction Fuzzy Hash: BD118B75904284DFCB15DF14D5C4B15FBA1FB84314F24C6AAD8494B6A6C33AD84ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B8D2CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3892518326.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b8d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                                        • Instruction ID: 2a365aab95c16c28f2cbd8f32247c00a4f4a8ed5627ec54421be66355a2879d8
                                                                                        • Opcode Fuzzy Hash: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                                        • Instruction Fuzzy Hash: EF11C176504680DFDB11DF10D5C4B19FFB1FB84324F24C6AAD8494B696C33AD84ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532958 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4228c2d78871aca4cd7c3e369fb92a98b4599558ff04e4329b566040789e7227
                                                                                        • Instruction ID: 775c6ea89729bb07226d8f7df9d58ec3ca9fcf956777dfad8d969aa4a36f1361
                                                                                        • Opcode Fuzzy Hash: 4228c2d78871aca4cd7c3e369fb92a98b4599558ff04e4329b566040789e7227
                                                                                        • Instruction Fuzzy Hash: E411AD32304610CFC714CB69D844A6AB7E6BF8A722F1584AEE08ACB361CA70DC44CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08533018 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 22adc3c283c7b9a2e475496581d78ff688f9ecea1471318248673200aa84d81e
                                                                                        • Instruction ID: a7850fbe752f8a55292ffdbaeaf33524a74ca3e97f885851a1d5c2955111652a
                                                                                        • Opcode Fuzzy Hash: 22adc3c283c7b9a2e475496581d78ff688f9ecea1471318248673200aa84d81e
                                                                                        • Instruction Fuzzy Hash: CE01F93120A6F05FC727836DA4158AA7F75ED8727271901DFE049CB623C6514C06C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08534067 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e28e76b0be57dd9659a8e510a71e8a6953a56fd7633894f5793f0f1f1e4a66d
                                                                                        • Instruction ID: e8c03d1f4d7ee0f0a397a4cee5745a7be81af1f6e82f9940b80f26a7e51d1561
                                                                                        • Opcode Fuzzy Hash: 0e28e76b0be57dd9659a8e510a71e8a6953a56fd7633894f5793f0f1f1e4a66d
                                                                                        • Instruction Fuzzy Hash: 9001DF71A04149AFCB50DFADA8809EFBFF4FF89211B104069F519D7212C670C9218B61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085314A0 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 603dcea655d73111466e16ee1e4075cf5339ab2967a5436d6a9fb2a30f624f15
                                                                                        • Instruction ID: 25dfefa20138975aba7be24646e47a3acaa62beb508918b7873afb7dcaa1a6c0
                                                                                        • Opcode Fuzzy Hash: 603dcea655d73111466e16ee1e4075cf5339ab2967a5436d6a9fb2a30f624f15
                                                                                        • Instruction Fuzzy Hash: A0015E72E002199FCF14AFB4D858AAE7BB5FF88252B004439F91AD3241DB348D51CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08533F10 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54104f7ca0ad1c9b7ec951a06efacade0cb69d08f9ff7eb34a1cdc3f91ef3f14
                                                                                        • Instruction ID: 2af4d3ebc1f61b6a5a12b510cd927de0c56692f703f66f9924c6f7d9d69d0315
                                                                                        • Opcode Fuzzy Hash: 54104f7ca0ad1c9b7ec951a06efacade0cb69d08f9ff7eb34a1cdc3f91ef3f14
                                                                                        • Instruction Fuzzy Hash: 1D0129B4D00209DFCB44DFA9D9446AEBBF1FF48310F1085A9D819A7350EB305A41CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0853632F Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e2295133b7d5a099464e5e0f3661ddf60c6068e19439465a41e03925b8634ba
                                                                                        • Instruction ID: 265883992dbe78d9dc4ebf6902ccf18aa4518ae610a2bb74fbe4840ad5d00a9a
                                                                                        • Opcode Fuzzy Hash: 7e2295133b7d5a099464e5e0f3661ddf60c6068e19439465a41e03925b8634ba
                                                                                        • Instruction Fuzzy Hash: BD01C878A12119DFDB84DF64D994E9DB7B2FF89710F204295E809A73A4CB30AD45CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532B98 Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 291b7b85fb2bf8704566755b16b1e6a3a7f55ed0356ec17815dab95b9e407f38
                                                                                        • Instruction ID: 8376c3d98e5ea0ab78c2d59c1b3a13ed4ea33840418d621d36b06c8d0f62507d
                                                                                        • Opcode Fuzzy Hash: 291b7b85fb2bf8704566755b16b1e6a3a7f55ed0356ec17815dab95b9e407f38
                                                                                        • Instruction Fuzzy Hash: 55F06271A00219AFCB40EF69DC44DAFBBF9FF88211F00406AF519D7211DA31D911CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D61B Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1e0e969e4d13e97cff357119954e73993972c1e7147b9003d11cea4680727312
                                                                                        • Instruction ID: d8eeed8bccf355e1e8eafbce1c9e8efd94c94dd3141601aef070d9a41fb95c47
                                                                                        • Opcode Fuzzy Hash: 1e0e969e4d13e97cff357119954e73993972c1e7147b9003d11cea4680727312
                                                                                        • Instruction Fuzzy Hash: 64F0F476200604AF97248F0AD885C27FBFDEFD57B0719C59AE85A4B612C671FC42CEA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085362B2 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b59188f045c2b6825025f96e6757f801e9e7b21e0c938e13b9e730abfa9e40a5
                                                                                        • Instruction ID: 307ccb8ccb57426af2c6153ac6f506cad58251099ce7f62b65b6945ce1ed037a
                                                                                        • Opcode Fuzzy Hash: b59188f045c2b6825025f96e6757f801e9e7b21e0c938e13b9e730abfa9e40a5
                                                                                        • Instruction Fuzzy Hash: 6101FB78A12118DFDB84DF68E994E9DB7B2FF89710F204295E809A73A4CB30AD41CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532FD0 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 07ae6753f400c3a3d03638f1355e1d1ccb8c06f4d43e7d6ca2df18a1a075680a
                                                                                        • Instruction ID: f2adea4351e50008a5717e5fac3bfb21f647ffddf7c1a142c8e4de730f8e318d
                                                                                        • Opcode Fuzzy Hash: 07ae6753f400c3a3d03638f1355e1d1ccb8c06f4d43e7d6ca2df18a1a075680a
                                                                                        • Instruction Fuzzy Hash: 46F0A736B00A259BC7155669F41495EB7AAEFC5632B1440BEE509D7350CE31DC02C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B7D60C Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3890874872.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_b7d000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d6d03c4acbf9fdeb0ce9ea9de66b7f0007378a37ed12978f09bbe9a1359fc234
                                                                                        • Instruction ID: 03537c56fcab8e505b3aa53978d0f878c1042aa87e29f6022dc4d8b352d16566
                                                                                        • Opcode Fuzzy Hash: d6d03c4acbf9fdeb0ce9ea9de66b7f0007378a37ed12978f09bbe9a1359fc234
                                                                                        • Instruction Fuzzy Hash: E9F03C75104680AFD7258F15C884C23BFF9EF8A760719C489E89A4B262C671FC42CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532CB8 Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0185c9933279e50498b74e60243e2cf32c3e54a0f2b64f2d13ad9a36a04b1d61
                                                                                        • Instruction ID: 0ea94b7fada72fade93553c75fe3b0eee6e60648d2e2512032ab00fb263f42d7
                                                                                        • Opcode Fuzzy Hash: 0185c9933279e50498b74e60243e2cf32c3e54a0f2b64f2d13ad9a36a04b1d61
                                                                                        • Instruction Fuzzy Hash: D6F05E35300615DFC700DF69D884D5ABBEAFF88726B608069E90987331CB71AC51CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08535558 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8eb25bad493eefd204c49213f6b9e4f2c0dea69b415b5cbf8813f13a05a0cfab
                                                                                        • Instruction ID: bcdd05dfeabb300ba16c23b9e9f30c8f8f986632b3e71e6b64ad8d5954a3756b
                                                                                        • Opcode Fuzzy Hash: 8eb25bad493eefd204c49213f6b9e4f2c0dea69b415b5cbf8813f13a05a0cfab
                                                                                        • Instruction Fuzzy Hash: 03E0922520D7D45BC312872D641466A7FE16BCB214F2801AED48ACB753C6A5480583A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532D68 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0878f46ef987f19279cd7f9ca16c2a1ac90b9c1f46d992fd83b4edbec5741e8f
                                                                                        • Instruction ID: 721196cf4ad02bbfa61c26f4bcace0de58d3a23632b0278b9873dc8a4d502aab
                                                                                        • Opcode Fuzzy Hash: 0878f46ef987f19279cd7f9ca16c2a1ac90b9c1f46d992fd83b4edbec5741e8f
                                                                                        • Instruction Fuzzy Hash: 89D0A736300114A74B451A49A4048FE3B6EDBE8731300802AF90583300CE714C5697D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08533028 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 34a7b9425fe976d91bbb3fdfbbed9443240f33232fd2f5adbb30dcaa77e26814
                                                                                        • Instruction ID: 75f595810e0cb64a37396c633135a76e5154f972f0f692872345ff75e85a79fa
                                                                                        • Opcode Fuzzy Hash: 34a7b9425fe976d91bbb3fdfbbed9443240f33232fd2f5adbb30dcaa77e26814
                                                                                        • Instruction Fuzzy Hash: 22D0C9353116248FC718DBA9E4588A9B7E8EF4967234541AEE90AC7721CB61EC018B84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08532B08 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3962214153.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8530000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6657ebb9f46f322939b691b0917709eb5916cdc58538c9b9b1a58b3f16c60203
                                                                                        • Instruction ID: dc6d2a670c8f6ebe67a3da93ee44e4694aed4b4bf7b43c4fea5621d4ffdd49df
                                                                                        • Opcode Fuzzy Hash: 6657ebb9f46f322939b691b0917709eb5916cdc58538c9b9b1a58b3f16c60203
                                                                                        • Instruction Fuzzy Hash: 80C02B3612530913CE0CBAA15C1382A335C9580103F4003FD5C0E0A202EA41A42946D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 08A6A349 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(00000031), ref: 08A6A3A6
                                                                                        • GetSystemMetrics.USER32(00000032), ref: 08A6A3E0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 4116985748-4189684872
                                                                                        • Opcode ID: fb2348ab9e95f3d4091be3e77b817b79168ed450a9e8a5b62d67661073a7482d
                                                                                        • Instruction ID: acdf5512d0d77aa9cdb45a3b5db9e2122f99dcef48f0d31d45357e47365f2144
                                                                                        • Opcode Fuzzy Hash: fb2348ab9e95f3d4091be3e77b817b79168ed450a9e8a5b62d67661073a7482d
                                                                                        • Instruction Fuzzy Hash: 572187B1804349CFEB11CFAAC44979EBFF0EB08324F24805AD459AB750C3B86544CFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07157F10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(00000005), ref: 07157F6E
                                                                                        • GetSystemMetrics.USER32(00000006), ref: 07157FA8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3959076346.0000000007150000.00000040.00000800.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7150000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 4116985748-4189684872
                                                                                        • Opcode ID: 8e5604b6b52e13841c6d5371696834ff070db8de39e093cc943a5d6359f204f8
                                                                                        • Instruction ID: 73f42f05be518235ee214aeeeae648895f1d622395b2ac6044af65a394914eb1
                                                                                        • Opcode Fuzzy Hash: 8e5604b6b52e13841c6d5371696834ff070db8de39e093cc943a5d6359f204f8
                                                                                        • Instruction Fuzzy Hash: 0E2123B1804749CFEB10CF9AC14A79AFFF0EB08324F24844AD428AB291C3785544CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08A6A358 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(00000031), ref: 08A6A3A6
                                                                                        • GetSystemMetrics.USER32(00000032), ref: 08A6A3E0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3969264927.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_8a60000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 4116985748-4189684872
                                                                                        • Opcode ID: 9c7e50163e7da94a5c94bae1ead66f30a8b94b25df64a28dbd38c5c8a9be8dc6
                                                                                        • Instruction ID: 0a5c90e8bd758b9a82644095f01be558a828204c0c7b8c54a5e664e9935bae38
                                                                                        • Opcode Fuzzy Hash: 9c7e50163e7da94a5c94bae1ead66f30a8b94b25df64a28dbd38c5c8a9be8dc6
                                                                                        • Instruction Fuzzy Hash: 562133B5804749CFEB20CF9AC44979EBFF4EB08325F24845AD519AB750C3B86584CFA6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07157F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(00000005), ref: 07157F6E
                                                                                        • GetSystemMetrics.USER32(00000006), ref: 07157FA8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.3959076346.0000000007150000.00000040.00000800.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7150000_LUHgPxjH.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID: ~ww\
                                                                                        • API String ID: 4116985748-4189684872
                                                                                        • Opcode ID: fee1e4bf5f98adb3548f00fd8f9c40ea7f86d041f49862cb086fc576e83ca51a
                                                                                        • Instruction ID: fe6d1aeb344b3520df03559ece4d86ebb798d58f5974a4bd7d5c4631faaac1cb
                                                                                        • Opcode Fuzzy Hash: fee1e4bf5f98adb3548f00fd8f9c40ea7f86d041f49862cb086fc576e83ca51a
                                                                                        • Instruction Fuzzy Hash: 702134B1804749CFEB20CF9AC44A79EBFF4EB08314F24845AD428AB390C3786544CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:11.5%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:3
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 14291 7ffb4ac4ad24 14292 7ffb4ac4ad2d LoadLibraryW 14291->14292 14294 7ffb4ac4addd 14292->14294

                                                                                        Executed Functions

                                                                                        Function 00007FFB4AC4AD24 Relevance: 1.6, APIs: 1, Instructions: 117libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 800 7ffb4ac4ad24-7ffb4ac4ad2b 801 7ffb4ac4ad2d-7ffb4ac4ad35 800->801 802 7ffb4ac4ad36-7ffb4ac4ad9f 800->802 801->802 805 7ffb4ac4ada1-7ffb4ac4ada6 802->805 806 7ffb4ac4ada9-7ffb4ac4addb LoadLibraryW 802->806 805->806 807 7ffb4ac4addd 806->807 808 7ffb4ac4ade3-7ffb4ac4ae0a 806->808 807->808
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000E.00000002.1535624528.00007FFB4AC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_14_2_7ffb4ac40000_Zip.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 464fa30326236cbe4e67fff26b32e20b88b9626b853050d2985e66214acadded
                                                                                        • Instruction ID: a1eb15160c01f70728382b518c49d5ee364c30155d4c6a27ef0e523ed142c590
                                                                                        • Opcode Fuzzy Hash: 464fa30326236cbe4e67fff26b32e20b88b9626b853050d2985e66214acadded
                                                                                        • Instruction Fuzzy Hash: 5431E17190CA5C8FDB59DFA8C845BE9BBE0EF56321F10826FD009C3652DB74A8068B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFB4AB2F130 Relevance: .1, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000E.00000002.1535294966.00007FFB4AB2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AB2D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_14_2_7ffb4ab2d000_Zip.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d41e6465bc6806701c2987c73d58f168cb5f5ef3a9751174c3b8f7fa19c569d
                                                                                        • Instruction ID: 7ce7ab1ad1464df2c3749904ee65aefcd8745715953fe37aaeb0f5054cd389e7
                                                                                        • Opcode Fuzzy Hash: 9d41e6465bc6806701c2987c73d58f168cb5f5ef3a9751174c3b8f7fa19c569d
                                                                                        • Instruction Fuzzy Hash: BB41037140DBC44FE7569F38D8559523FF0EF46320B1501EFE088CB5A3D629A84AC7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:9.8%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:59
                                                                                        Total number of Limit Nodes:3
                                                                                        execution_graph 14527 260d520 14528 260d566 14527->14528 14532 260d700 14528->14532 14535 260d6ef 14528->14535 14529 260d653 14533 260d72e 14532->14533 14538 260d0b0 14532->14538 14533->14529 14536 260d0b0 DuplicateHandle 14535->14536 14537 260d72e 14536->14537 14537->14529 14539 260d768 DuplicateHandle 14538->14539 14540 260d7fe 14539->14540 14540->14533 14541 260b190 14542 260b19f 14541->14542 14545 260b279 14541->14545 14556 260b288 14541->14556 14546 260b282 14545->14546 14549 260b23e 14545->14549 14550 260b2bc 14546->14550 14566 260ac2c 14546->14566 14549->14542 14550->14542 14551 260b2b4 14551->14550 14552 260b4c0 GetModuleHandleW 14551->14552 14553 260b4ed 14552->14553 14553->14542 14557 260b299 14556->14557 14560 260b2bc 14556->14560 14558 260ac2c GetModuleHandleW 14557->14558 14559 260b2a4 14558->14559 14559->14560 14564 260b520 2 API calls 14559->14564 14565 260b510 2 API calls 14559->14565 14560->14542 14561 260b2b4 14561->14560 14562 260b4c0 GetModuleHandleW 14561->14562 14563 260b4ed 14562->14563 14563->14542 14564->14561 14565->14561 14567 260b478 GetModuleHandleW 14566->14567 14569 260b2a4 14567->14569 14569->14550 14570 260b510 14569->14570 14575 260b520 14569->14575 14571 260ac2c GetModuleHandleW 14570->14571 14572 260b534 14570->14572 14571->14572 14574 260b559 14572->14574 14580 260ac90 14572->14580 14574->14551 14576 260ac2c GetModuleHandleW 14575->14576 14577 260b534 14576->14577 14578 260b559 14577->14578 14579 260ac90 LoadLibraryExW 14577->14579 14578->14551 14579->14578 14581 260b700 LoadLibraryExW 14580->14581 14583 260b779 14581->14583 14583->14574 14584 2604668 14585 2604672 14584->14585 14587 2604759 14584->14587 14588 260477d 14587->14588 14592 2604868 14588->14592 14596 2604859 14588->14596 14593 260488f 14592->14593 14595 260496c 14593->14595 14600 26044c4 14593->14600 14598 260488f 14596->14598 14597 260496c 14597->14597 14598->14597 14599 26044c4 CreateActCtxA 14598->14599 14599->14597 14601 26058f8 CreateActCtxA 14600->14601 14603 26059bb 14601->14603

                                                                                        Executed Functions

                                                                                        Function 0260B288 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: d0f2d6cfe056691b7bb1b9f01644341665e9245558560175c34bde1725e7744a
                                                                                        • Instruction ID: fb45b5bbbc0cda01c62ae32a446afa8831daea1c0ee57069216324d4d8ceeaaf
                                                                                        • Opcode Fuzzy Hash: d0f2d6cfe056691b7bb1b9f01644341665e9245558560175c34bde1725e7744a
                                                                                        • Instruction Fuzzy Hash: 5C710370A00B058FD728DF6AD08479BBBF2BF88208F10892DD45AD7B90DB75E945CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 026044C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 59 26044c4-26059b9 CreateActCtxA 62 26059c2-2605a1c 59->62 63 26059bb-26059c1 59->63 70 2605a2b-2605a2f 62->70 71 2605a1e-2605a21 62->71 63->62 72 2605a40-2605a70 70->72 73 2605a31-2605a3d 70->73 71->70 77 2605a22-2605a27 72->77 78 2605a72-2605af4 72->78 73->72 77->70
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 026059A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 9bd5e6510a718186b3bd6e063ddb0be0255c381706cd2fcd7dfffedac88e4b61
                                                                                        • Instruction ID: 658bf6f8cade0fe457ac3c8114c0955c2e30e6c5b9770d8b480dd8d04be95180
                                                                                        • Opcode Fuzzy Hash: 9bd5e6510a718186b3bd6e063ddb0be0255c381706cd2fcd7dfffedac88e4b61
                                                                                        • Instruction Fuzzy Hash: CC41C370C00719DFEB24CFAAC884BDEBBB5BF49304F60816AD419AB251DB756949CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 026058EC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 81 26058ec-26059b9 CreateActCtxA 83 26059c2-2605a1c 81->83 84 26059bb-26059c1 81->84 91 2605a2b-2605a2f 83->91 92 2605a1e-2605a21 83->92 84->83 93 2605a40-2605a70 91->93 94 2605a31-2605a3d 91->94 92->91 98 2605a22-2605a27 93->98 99 2605a72-2605af4 93->99 94->93 98->91
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 026059A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 08d622e5996f6989a9dbb12ac64621dcea2a7a3ee7f31cb0816b964c0de5126e
                                                                                        • Instruction ID: 7835e7714586aeb85b4e07d1d501d0fc6ba49089b8e5881dbaaa37f2a2e08af4
                                                                                        • Opcode Fuzzy Hash: 08d622e5996f6989a9dbb12ac64621dcea2a7a3ee7f31cb0816b964c0de5126e
                                                                                        • Instruction Fuzzy Hash: 0041E3B0D00719CFEB24CFA9C8847CEBBB2BF45304F20815AD449AB291DB756949CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0260D0B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 102 260d0b0-260d7fc DuplicateHandle 104 260d805-260d822 102->104 105 260d7fe-260d804 102->105 105->104
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0260D72E,?,?,?,?,?), ref: 0260D7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 842b7f58f0d8d43c983206659872c2e6d8ca77a9b9644d23a580e63d50ff8fae
                                                                                        • Instruction ID: 212cade8630209d67b478090f5e02a2bc6a21cb29c53b01fcd2a4978ab1dc1f3
                                                                                        • Opcode Fuzzy Hash: 842b7f58f0d8d43c983206659872c2e6d8ca77a9b9644d23a580e63d50ff8fae
                                                                                        • Instruction Fuzzy Hash: CD21E4B5901348EFDB10CFAAD984ADEBBF4EB48310F14805AE918A7350D374A954CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0260D760 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 108 260d760-260d7fc DuplicateHandle 109 260d805-260d822 108->109 110 260d7fe-260d804 108->110 110->109
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0260D72E,?,?,?,?,?), ref: 0260D7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 514f5eab277d4b23e49acd4639042ab94bf8bfa2c475a54bd12cbfe49c52ab3a
                                                                                        • Instruction ID: 41c1c9be850c395f4d8b8c8d5345eb51b3458fc2790c2a68047b525b58e922e5
                                                                                        • Opcode Fuzzy Hash: 514f5eab277d4b23e49acd4639042ab94bf8bfa2c475a54bd12cbfe49c52ab3a
                                                                                        • Instruction Fuzzy Hash: 822125B5900349DFDB10CFA9D584ADEBBF5FB48310F14805AE958A3350D374AA54CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0260AC90 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 113 260ac90-260b740 115 260b742-260b745 113->115 116 260b748-260b777 LoadLibraryExW 113->116 115->116 117 260b780-260b79d 116->117 118 260b779-260b77f 116->118 118->117
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0260B559,00000800,00000000,00000000), ref: 0260B76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: fefcb9a60d89df1734cc7b19de90d359b05c496acafb0b32c26555e7fe40154a
                                                                                        • Instruction ID: 9e9f021f546e9486f6185182fd83139665744d8ad9edfa1a568680c7dc3b2c23
                                                                                        • Opcode Fuzzy Hash: fefcb9a60d89df1734cc7b19de90d359b05c496acafb0b32c26555e7fe40154a
                                                                                        • Instruction Fuzzy Hash: 331114B6900349DFDB24CF9AD884B9EFBF4EB88314F10842AE429A7340C375A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0260AC2C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 121 260ac2c-260b4b8 123 260b4c0-260b4eb GetModuleHandleW 121->123 124 260b4ba-260b4bd 121->124 125 260b4f4-260b508 123->125 126 260b4ed-260b4f3 123->126 124->123 126->125
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0260B2A4), ref: 0260B4DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 17b0d1b9d3dbc5a131db02886b85f8ca1722b4726bdb3a28d08c80c41dd264d7
                                                                                        • Instruction ID: 8fa545a0e86ced26347b5153dfb968a998b5bb87d8960365d09da8c5d4c532ee
                                                                                        • Opcode Fuzzy Hash: 17b0d1b9d3dbc5a131db02886b85f8ca1722b4726bdb3a28d08c80c41dd264d7
                                                                                        • Instruction Fuzzy Hash: DE1120B1800749CFDB24CF9AD484B9FFBF4AB88218F10C41AD828A7300D374A605CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0260B6F8 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 128 260b6f8-260b740 129 260b742-260b745 128->129 130 260b748-260b777 LoadLibraryExW 128->130 129->130 131 260b780-260b79d 130->131 132 260b779-260b77f 130->132 132->131
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0260B559,00000800,00000000,00000000), ref: 0260B76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629874130.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_2600000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 57d957681d7d470bcd7af734eb8b2cab7a005b623e7fa17c8dd24e581a45d1d0
                                                                                        • Instruction ID: 43081f15f572f5a6b085a15fefda333209a84e7d1f7ecce82f0a60f586891d14
                                                                                        • Opcode Fuzzy Hash: 57d957681d7d470bcd7af734eb8b2cab7a005b623e7fa17c8dd24e581a45d1d0
                                                                                        • Instruction Fuzzy Hash: 391123B6900349CFDB24CFAAD484BDEFBF5AB48314F14842ED969A7240C378A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0247D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1628987939.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_247d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 518a81128353f95af68df0ee53577e49f49df7902caa7c93b40aadc770fea04e
                                                                                        • Instruction ID: e91e8babda8447f07c5dd07052551c0f679974140996fff25285752615f51f20
                                                                                        • Opcode Fuzzy Hash: 518a81128353f95af68df0ee53577e49f49df7902caa7c93b40aadc770fea04e
                                                                                        • Instruction Fuzzy Hash: E1210371910244EFDB15DF14D9C0B67BF65FF88318F24C56AE8090B246C336D456CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0247D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1628987939.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_247d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 693d6b8112deaf47ead0cb351f564aa6da59da3723e54ab6b78329670f2f752f
                                                                                        • Instruction ID: a7283769c883eb8f17438c004fb9f978ca8f836c7d7dfb66a9e48319aafe23e6
                                                                                        • Opcode Fuzzy Hash: 693d6b8112deaf47ead0cb351f564aa6da59da3723e54ab6b78329670f2f752f
                                                                                        • Instruction Fuzzy Hash: 4B2103B2910204EFDB18DF14D9C0B66BB65FF84324F24C57AE80A0B246C336E456CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0248D01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629097336.000000000248D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_248d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 25179a208cd5b50c73f87d960aa65fda888891cd380ac6bac31ad25657867186
                                                                                        • Instruction ID: c97e44abf01988e52cd83f37b82d8818e28df874de04c26826c3a139ada2305d
                                                                                        • Opcode Fuzzy Hash: 25179a208cd5b50c73f87d960aa65fda888891cd380ac6bac31ad25657867186
                                                                                        • Instruction Fuzzy Hash: 7F21F571915344EFDB14EF24D980B1ABB61FB85318F24C56AD84A4B386C736D447CE62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0248D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629097336.000000000248D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_248d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fa45da598066b98acc6979656f721d39cde891548d0975623e4029be763996bc
                                                                                        • Instruction ID: d24814c19d5c20357b9c76a719e2d9912af1e55d07134b527524212cd018ec88
                                                                                        • Opcode Fuzzy Hash: fa45da598066b98acc6979656f721d39cde891548d0975623e4029be763996bc
                                                                                        • Instruction Fuzzy Hash: F321F571914204EFDB05EF64D9C0B2ABB61FB84314F24C56EE8094F382C736D846CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0248D006 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629097336.000000000248D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_248d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58f576db69ba609f40463839dbaeac1367b5caa9a7293b9ef5ede4552eff3ca6
                                                                                        • Instruction ID: a243eece6faee53cdda44f1d5c1c687bb232753ec49508e30fd1bf966eb80614
                                                                                        • Opcode Fuzzy Hash: 58f576db69ba609f40463839dbaeac1367b5caa9a7293b9ef5ede4552eff3ca6
                                                                                        • Instruction Fuzzy Hash: D2218075509380DFCB02CF20D990716BF71EB46218F28C5DBD8498F6A7C33A944ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0247D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1628987939.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_247d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2cc3685e068279a190e42b499643c5e7f8b6eca1fa68e05296391cfaf933024f
                                                                                        • Instruction ID: ec09b86bb09b292124cd68a8da120f8a625c830ac0ab3de31e38743482cf8489
                                                                                        • Opcode Fuzzy Hash: 2cc3685e068279a190e42b499643c5e7f8b6eca1fa68e05296391cfaf933024f
                                                                                        • Instruction Fuzzy Hash: 2611AF76904240DFCB15CF10D9C4B56BF61FF84324F24C6AAD8090B656C33AE45ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0247D4BF Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1628987939.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_247d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2cc3685e068279a190e42b499643c5e7f8b6eca1fa68e05296391cfaf933024f
                                                                                        • Instruction ID: 42c8716b973a0d3c35d9d1ab9cd3163fbec9bb2abb4a21e043623cf4404eeaf3
                                                                                        • Opcode Fuzzy Hash: 2cc3685e068279a190e42b499643c5e7f8b6eca1fa68e05296391cfaf933024f
                                                                                        • Instruction Fuzzy Hash: BB118176904280DFCB15CF14D9C4B56BF71FF84328F24C6AAD8494B656C336D45ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0248D1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1629097336.000000000248D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_248d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41d2b595ca004fa49e9a84987a23ba6be5cb867d1cdf692839024123544a8f32
                                                                                        • Instruction ID: 95df28b49fc576c4f2e8b67e763ae3bc47cf656042d7c19c699ad62dabe999e4
                                                                                        • Opcode Fuzzy Hash: 41d2b595ca004fa49e9a84987a23ba6be5cb867d1cdf692839024123544a8f32
                                                                                        • Instruction Fuzzy Hash: FC118B75904284DFCB15DF24D5C4B1AFBA1FB84318F24C6AAD8494F796C33AD44ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0247D745 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1628987939.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_247d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4a534eaa3c562d862358005ca8f538514e9c92c54e084af3b9adecdce1efa6b3
                                                                                        • Instruction ID: 7aad43a01e705b187a2d57412d5ca1681b1a7ab65009c07d89ca94bf2bd084a6
                                                                                        • Opcode Fuzzy Hash: 4a534eaa3c562d862358005ca8f538514e9c92c54e084af3b9adecdce1efa6b3
                                                                                        • Instruction Fuzzy Hash: EC01F771814B44EBE7204F65CD84BA7BB98EF81634F14C51BED280E246D7399841CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0247D744 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.1628987939.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_18_2_247d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 31a37d5727d96b1c8de0fee5bf76bbb1add6c8002eb5c8b7ad83d0cc1b0faa99
                                                                                        • Instruction ID: 51dcb3f8c56772983632b396a64084891eea11ae862c2178f062abc0666002b3
                                                                                        • Opcode Fuzzy Hash: 31a37d5727d96b1c8de0fee5bf76bbb1add6c8002eb5c8b7ad83d0cc1b0faa99
                                                                                        • Instruction Fuzzy Hash: 4CF06D75405744EEEB208E1ADD88BA7FFD8EF81634F18C45BED184A286C3799844CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:11%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:434
                                                                                        Total number of Limit Nodes:17
                                                                                        execution_graph 66734 8b072b0 66735 8b072d8 66734->66735 66738 8b06090 66735->66738 66737 8b072ed 66743 8b0609b 66738->66743 66739 8b07616 66740 8b07771 66739->66740 66741 8b0630c 9 API calls 66739->66741 66742 8b077ab 66740->66742 66752 85ff668 66740->66752 66756 85ff678 66740->66756 66741->66740 66742->66737 66743->66739 66743->66742 66747 8b0630c 66743->66747 66748 8b06317 66747->66748 66760 8b07dba 66748->66760 66768 8b07dc8 66748->66768 66749 8b079ac 66749->66739 66754 85ff6dd 66752->66754 66753 85ff288 PeekMessageW 66753->66754 66754->66753 66755 85ff72a 66754->66755 66755->66742 66758 85ff6dd 66756->66758 66757 85ff72a 66757->66742 66758->66757 66759 85ff288 PeekMessageW 66758->66759 66759->66758 66762 8b07dee 66760->66762 66761 8b07e02 66761->66749 66762->66761 66776 e1b3a0 66762->66776 66769 8b07dee 66768->66769 66774 8b07e02 66769->66774 66775 e1b3a0 8 API calls 66769->66775 66770 8b07eed 66771 8b07f22 66770->66771 66770->66774 66905 8b079d4 PostMessageW 66771->66905 66773 8b07f3d 66773->66774 66774->66749 66775->66770 66777 e1b3ce 66776->66777 66779 e1b3f7 66777->66779 66783 e1b6aa 66777->66783 66790 e1a0fc GetFocus 66777->66790 66780 e1b49f 66779->66780 66782 e1b49a KiUserCallbackDispatcher 66779->66782 66784 e1b50b 66779->66784 66780->66784 66791 e1729c 66780->66791 66782->66780 66784->66783 66786 e1c058 66784->66786 66787 e1c075 66786->66787 66788 e1729c 6 API calls 66787->66788 66789 e1c0b9 66787->66789 66788->66789 66789->66783 66790->66779 66792 e172a7 66791->66792 66795 e1c2fc 66792->66795 66794 e1cfaf 66794->66784 66797 e1c307 66795->66797 66796 e1d158 66796->66794 66797->66796 66799 e1d082 66797->66799 66806 e1d180 66797->66806 66812 8b0bd58 66797->66812 66815 8b0bd49 66797->66815 66798 e1d121 66818 8b0ef50 66798->66818 66824 8b0ef60 66798->66824 66799->66798 66800 e1c2fc 6 API calls 66799->66800 66800->66799 66808 e1d1b1 66806->66808 66809 e1d1fe 66806->66809 66807 e1d1bd 66807->66799 66808->66807 66830 e1d4d8 66808->66830 66833 e1d4e8 66808->66833 66814 e1d180 2 API calls 66812->66814 66813 8b0bd85 66814->66813 66816 8b0bd85 66815->66816 66817 e1d180 2 API calls 66815->66817 66817->66816 66820 8b0ef72 66818->66820 66819 8b0efaf 66819->66796 66820->66819 66852 8b0f280 66820->66852 66859 8b0f270 66820->66859 66866 8b0f4a9 66820->66866 66826 8b0ef72 66824->66826 66825 8b0efaf 66825->66796 66826->66825 66827 8b0f280 4 API calls 66826->66827 66828 8b0f270 4 API calls 66826->66828 66829 8b0f4a9 GetCurrentThreadId 66826->66829 66827->66825 66828->66825 66829->66825 66831 e1d4f2 66830->66831 66836 e1d53b 66830->66836 66831->66809 66835 e1d53b 2 API calls 66833->66835 66834 e1d4f2 66834->66809 66835->66834 66837 e1d549 66836->66837 66838 e1d56c 66836->66838 66837->66838 66844 e1d7c3 66837->66844 66848 e1d7d0 66837->66848 66838->66831 66839 e1d770 GetModuleHandleW 66841 e1d79d 66839->66841 66840 e1d564 66840->66838 66840->66839 66841->66831 66845 e1d7e4 66844->66845 66846 e1c428 LoadLibraryExW 66845->66846 66847 e1d809 66845->66847 66846->66847 66847->66840 66849 e1d7e4 66848->66849 66850 e1d809 66849->66850 66851 e1c428 LoadLibraryExW 66849->66851 66850->66840 66851->66850 66853 8b0f2a3 66852->66853 66855 8b0f3d8 66853->66855 66870 d5d60c 66853->66870 66876 d5d61b 66853->66876 66854 8b0f4a2 66854->66819 66855->66854 66882 85fa4e8 66855->66882 66860 8b0f2a3 66859->66860 66862 8b0f3d8 66860->66862 66863 d5d60c 3 API calls 66860->66863 66864 d5d61b 3 API calls 66860->66864 66861 8b0f4a2 66861->66819 66862->66861 66865 85fa4e8 GetCurrentThreadId 66862->66865 66863->66862 66864->66862 66865->66861 66868 8b0f464 66866->66868 66867 8b0f4a2 66867->66819 66868->66867 66869 85fa4e8 GetCurrentThreadId 66868->66869 66869->66867 66871 d5d61b 66870->66871 66872 d5d662 66871->66872 66886 85f05cd 66871->66886 66891 85f0448 66871->66891 66896 85f0438 66871->66896 66872->66855 66877 d5d644 66876->66877 66878 d5d662 66877->66878 66879 85f05cd 3 API calls 66877->66879 66880 85f0448 3 API calls 66877->66880 66881 85f0438 3 API calls 66877->66881 66878->66855 66879->66877 66880->66877 66881->66877 66883 85fa50f 66882->66883 66901 85f97ec 66883->66901 66887 85f05df 66886->66887 66889 85f07b7 66887->66889 66890 85f5789 PostThreadMessageW GetCurrentThreadId GetCurrentThreadId 66887->66890 66888 85f07af 66888->66871 66890->66888 66892 85f0478 66891->66892 66894 85f07b7 66892->66894 66895 85f5789 PostThreadMessageW GetCurrentThreadId GetCurrentThreadId 66892->66895 66893 85f07af 66893->66871 66895->66893 66897 85f0478 66896->66897 66899 85f07b7 66897->66899 66900 85f5789 PostThreadMessageW GetCurrentThreadId GetCurrentThreadId 66897->66900 66898 85f07af 66898->66871 66900->66898 66902 85f97f7 66901->66902 66903 85fa71f GetCurrentThreadId 66902->66903 66904 85fa533 66902->66904 66903->66904 66905->66773 66906 8b022b1 66908 8b022b6 66906->66908 66907 8b022da 66910 8b005bc SendMessageW 66907->66910 66908->66907 66912 8b005bc 66908->66912 66911 8b022f4 66910->66911 66913 8b005c7 66912->66913 66916 8b094f8 66913->66916 66917 8b0a610 SendMessageW 66916->66917 66918 8b0a5f9 66917->66918 66918->66907 66947 8b0c611 PostMessageW 66948 8b0c684 66947->66948 66959 e178a0 66960 e17853 DuplicateHandle 66959->66960 66962 e178a3 66959->66962 66961 e17876 66960->66961 67068 86e6208 67069 86e621c 67068->67069 67075 86e6330 67069->67075 67078 86e6e08 67069->67078 67083 86e6df1 67069->67083 67088 86e6360 67069->67088 67070 86e62ee 67076 86e636e 67075->67076 67091 86e63b8 67075->67091 67076->67070 67080 86e6e16 67078->67080 67145 86e6c30 67078->67145 67082 86e6e28 67080->67082 67136 86e6820 67080->67136 67082->67070 67084 86e6c30 3 API calls 67083->67084 67085 86e6e16 67084->67085 67086 86e6820 SendMessageW 67085->67086 67087 86e6e28 67085->67087 67086->67087 67087->67070 67090 86e63b8 3 API calls 67088->67090 67089 86e636e 67089->67070 67090->67089 67092 86e63da 67091->67092 67093 86e642f 67092->67093 67096 86e6518 67092->67096 67101 86e6508 67092->67101 67093->67076 67098 86e6527 67096->67098 67097 86e6593 67097->67093 67098->67097 67106 86e6620 67098->67106 67111 86e6610 67098->67111 67103 86e6527 67101->67103 67102 86e6593 67102->67093 67103->67102 67104 86e6620 3 API calls 67103->67104 67105 86e6610 3 API calls 67103->67105 67104->67102 67105->67102 67107 86e663d 67106->67107 67109 86e6661 67107->67109 67116 85f58a1 67107->67116 67109->67097 67112 86e663d 67111->67112 67114 86e6661 67112->67114 67115 85f58a1 3 API calls 67112->67115 67113 86e6659 67113->67097 67114->67097 67115->67113 67120 85f58d0 67116->67120 67126 85f58bf 67116->67126 67117 85f58ba 67117->67097 67121 85f592d 67120->67121 67122 85f596b 67121->67122 67123 85f5978 GetCurrentThreadId 67121->67123 67125 85f5973 67121->67125 67132 85f1b8c 67122->67132 67123->67125 67127 85f58d1 67126->67127 67128 85f596b 67127->67128 67129 85f5978 GetCurrentThreadId 67127->67129 67131 85f5973 67127->67131 67130 85f1b8c PostThreadMessageW 67128->67130 67129->67131 67130->67131 67133 85f1b97 PostThreadMessageW 67132->67133 67135 85f5c3b 67133->67135 67135->67125 67137 86e682b 67136->67137 67138 86e6eed 67137->67138 67141 86e6efc 67137->67141 67149 86e6830 67138->67149 67140 86e6f2d 67140->67082 67141->67140 67143 86e6830 SendMessageW 67141->67143 67144 86e6f2a 67143->67144 67144->67082 67146 86e6c47 67145->67146 67147 86e63b8 3 API calls 67146->67147 67148 86e6c79 67147->67148 67148->67080 67150 86e683b 67149->67150 67156 86e6840 67150->67156 67152 86e6ef9 67152->67082 67153 86e6f72 67153->67152 67154 86e68a4 SendMessageW 67153->67154 67155 86e7104 67154->67155 67157 86e684b 67156->67157 67160 86e68a4 67157->67160 67161 86e7188 SendMessageW 67160->67161 67163 86e726c 67161->67163 66919 8b08d38 66920 8b08d80 SetWindowTextW 66919->66920 66921 8b08d7a 66919->66921 66922 8b08db1 66920->66922 66921->66920 66963 8b0def8 66965 8b0df0f 66963->66965 66972 8b0c9e0 66963->66972 66966 8b0df68 66965->66966 66967 8b0df42 66965->66967 66968 8b0df1d 66965->66968 66967->66966 66970 8b094f8 SendMessageW 66967->66970 66969 8b094f8 SendMessageW 66968->66969 66971 8b0df39 66969->66971 66970->66966 66973 8b0c9ec 66972->66973 66974 8b0c9f2 66973->66974 66978 8b0cbe8 66973->66978 66982 8b0cbc1 66973->66982 66974->66965 66975 8b0ca0c 66975->66965 66979 8b0cbf8 66978->66979 66980 8b094f8 SendMessageW 66979->66980 66981 8b0cc09 66980->66981 66981->66975 66983 8b0cbf8 66982->66983 66984 8b094f8 SendMessageW 66983->66984 66985 8b0cc09 66984->66985 66985->66975 67164 8b021d8 67169 8b02201 67164->67169 67165 8b022f4 67166 8b022da 67168 8b005bc SendMessageW 67166->67168 67167 8b005bc SendMessageW 67167->67166 67168->67165 67169->67165 67169->67166 67169->67167 67170 500dfe9 67171 500df1d 67170->67171 67172 500dff2 67170->67172 67176 500f1b8 67172->67176 67180 500f1a8 67172->67180 67173 500e0d5 67177 500f200 67176->67177 67179 500f209 67177->67179 67185 500ed5c 67177->67185 67179->67173 67181 500f146 67180->67181 67182 500f1b2 67180->67182 67183 500ed5c LoadLibraryW 67182->67183 67184 500f209 67182->67184 67183->67184 67184->67173 67186 500f300 LoadLibraryW 67185->67186 67188 500f375 67186->67188 67188->67179 66949 e1d14d 66950 e1d158 66949->66950 66951 8b0ef60 4 API calls 66949->66951 66952 8b0ef50 4 API calls 66949->66952 66951->66950 66952->66950 66923 86e8260 66924 86e82ae EnumThreadWindows 66923->66924 66925 86e82a4 66923->66925 66926 86e82e0 66924->66926 66925->66924 66927 71f1910 66928 71f1932 66927->66928 66930 e1726c 66927->66930 66931 e17277 66930->66931 66932 e18f93 66931->66932 66935 71f8b30 66931->66935 66940 71f8b20 66931->66940 66932->66928 66936 71f8b58 66935->66936 66937 71f8b9b 66936->66937 66938 e1d7d0 LoadLibraryExW 66936->66938 66939 e1d7c3 LoadLibraryExW 66936->66939 66937->66932 66938->66937 66939->66937 66941 71f8b30 66940->66941 66942 71f8b9b 66941->66942 66943 e1d7d0 LoadLibraryExW 66941->66943 66944 e1d7c3 LoadLibraryExW 66941->66944 66942->66932 66943->66942 66944->66942 66986 8b08460 66987 8b08479 66986->66987 66992 8b08483 66986->66992 66988 8b084c0 66987->66988 66989 8b0847e 66987->66989 66988->66992 66997 8b07c28 66988->66997 66989->66992 66993 8b07b88 66989->66993 66995 8b07b93 66993->66995 66994 8b0ab4f 66994->66992 66995->66994 67001 8b0056c 66995->67001 66998 8b07c33 66997->66998 66999 8b07b88 KiUserCallbackDispatcher 66998->66999 67000 8b0b5a0 66998->67000 66999->67000 67000->66992 67003 8b00577 67001->67003 67002 8b02150 67002->66994 67003->67002 67004 8b0213c KiUserCallbackDispatcher 67003->67004 67004->67002 67189 8b0be40 67190 8b0be85 GetClassInfoW 67189->67190 67192 8b0becb 67190->67192 66953 e1fed0 DispatchMessageW 66954 e1ff3c 66953->66954 67005 e1fb30 67006 e1fb98 CreateWindowExW 67005->67006 67008 e1fc54 67006->67008 67193 85fa8ab 67194 85fa8be 67193->67194 67198 85fab60 PostMessageW 67194->67198 67200 85fab88 PostMessageW 67194->67200 67195 85fa8e1 67199 85fabf4 67198->67199 67199->67195 67201 85fabf4 67200->67201 67201->67195 67202 86e4a18 67203 86e4a37 67202->67203 67208 86e8161 67203->67208 67204 86e4a6b 67212 86e40c8 GetCurrentThreadId 67204->67212 67206 86e4a7a 67209 86e81bf GetCurrentThreadId 67208->67209 67211 86e8205 67209->67211 67211->67204 67212->67206 66955 8b0bc08 66956 8b0bc2f 66955->66956 66957 8b0bc90 66956->66957 66958 e1729c 6 API calls 66956->66958 66958->66957 67009 8b08168 67010 8b081a1 67009->67010 67011 8b0823f 67010->67011 67016 e1d180 2 API calls 67010->67016 67012 8b0056c KiUserCallbackDispatcher 67011->67012 67014 8b082bd 67012->67014 67013 8b08428 67029 8b020e8 67013->67029 67033 8b020f8 67013->67033 67014->67013 67021 e1c1f8 67014->67021 67025 e1ca30 67014->67025 67015 8b0843c 67016->67011 67023 e1c203 67021->67023 67022 e1cad5 67022->67013 67023->67022 67024 e1729c 6 API calls 67023->67024 67024->67022 67026 e1cad5 67025->67026 67027 e1ca5f 67025->67027 67026->67013 67027->67026 67028 e1729c 6 API calls 67027->67028 67028->67026 67030 8b02105 67029->67030 67031 8b0056c KiUserCallbackDispatcher 67030->67031 67032 8b0210c 67031->67032 67032->67015 67034 8b02105 67033->67034 67035 8b0056c KiUserCallbackDispatcher 67034->67035 67036 8b0210c 67035->67036 67036->67015 66945 e1fd78 SetWindowLongW 66946 e1fde4 66945->66946 67213 e16d98 67214 e16da8 67213->67214 67215 e16db9 67214->67215 67218 e16ecf 67214->67218 67224 e16e08 67214->67224 67219 e16ed4 67218->67219 67230 e170d0 67219->67230 67235 e17069 67219->67235 67239 e17078 67219->67239 67220 e16f39 67220->67215 67225 e16e42 67224->67225 67227 e170d0 8 API calls 67225->67227 67228 e17069 8 API calls 67225->67228 67229 e17078 8 API calls 67225->67229 67226 e16f39 67226->67215 67227->67226 67228->67226 67229->67226 67232 e17089 67230->67232 67233 e170de 67230->67233 67231 e170bf 67231->67220 67232->67231 67243 e16ad0 67232->67243 67233->67220 67236 e17072 67235->67236 67237 e170bf 67236->67237 67238 e16ad0 8 API calls 67236->67238 67237->67220 67238->67237 67240 e17085 67239->67240 67241 e16ad0 8 API calls 67240->67241 67242 e170bf 67240->67242 67241->67242 67242->67220 67244 e16ad5 67243->67244 67245 e17dd8 67244->67245 67247 e1725c 67244->67247 67248 e17267 67247->67248 67249 e1726c LoadLibraryExW 67248->67249 67250 e17e47 67249->67250 67257 e1b3a0 8 API calls 67250->67257 67260 e1b5a4 67250->67260 67251 e17e56 67264 e1728c 67251->67264 67254 e1729c 6 API calls 67255 e17e77 67254->67255 67259 e1d180 2 API calls 67255->67259 67256 e17e81 67256->67245 67257->67251 67259->67256 67262 e1b5c1 67260->67262 67261 e1b6aa 67262->67261 67263 e1c058 6 API calls 67262->67263 67263->67261 67265 e17297 67264->67265 67266 e1c1f8 6 API calls 67265->67266 67268 e1c8f1 67265->67268 67267 e17e70 67266->67267 67267->67254 67037 71f0040 67038 71f006d 67037->67038 67042 8b00840 67038->67042 67053 8b00850 67038->67053 67039 71f0fdf 67044 8b00850 67042->67044 67043 8b008eb 67045 8b008f5 67043->67045 67051 8b00850 GetCurrentThreadId 67043->67051 67052 8b00840 GetCurrentThreadId 67043->67052 67044->67043 67046 8b00920 67044->67046 67045->67039 67050 8b00a24 67046->67050 67064 8b00464 67046->67064 67049 8b00464 GetCurrentThreadId 67049->67050 67050->67039 67051->67045 67052->67045 67055 8b00865 67053->67055 67054 8b008eb 67061 8b00850 GetCurrentThreadId 67054->67061 67062 8b00840 GetCurrentThreadId 67054->67062 67063 8b008f5 67054->67063 67055->67054 67056 8b00920 67055->67056 67057 8b00464 GetCurrentThreadId 67056->67057 67060 8b00a24 67056->67060 67058 8b00a48 67057->67058 67059 8b00464 GetCurrentThreadId 67058->67059 67059->67060 67060->67039 67061->67063 67062->67063 67063->67039 67065 8b0046f 67064->67065 67066 8b00d6f GetCurrentThreadId 67065->67066 67067 8b00a48 67065->67067 67066->67067 67067->67049

                                                                                        Executed Functions

                                                                                        Function 00E17589 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 00E17616
                                                                                        • GetCurrentThread.KERNEL32 ref: 00E17653
                                                                                        • GetCurrentProcess.KERNEL32 ref: 00E17690
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00E176E9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID: H3
                                                                                        • API String ID: 2063062207-940333313
                                                                                        • Opcode ID: 8ce4128fbd136890a5955bb13f345c66b5655f51564ec8b1db32d812e00beea0
                                                                                        • Instruction ID: 2b83fcce2aca380bcf33807055d745ed4774f5cc8b0fe46d76ab8897e7351c38
                                                                                        • Opcode Fuzzy Hash: 8ce4128fbd136890a5955bb13f345c66b5655f51564ec8b1db32d812e00beea0
                                                                                        • Instruction Fuzzy Hash: 705175B0D00749CFDB54CFAAD548BDEBBF1AF88304F248459E449A7391DB749984CB26
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E17598 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 00E17616
                                                                                        • GetCurrentThread.KERNEL32 ref: 00E17653
                                                                                        • GetCurrentProcess.KERNEL32 ref: 00E17690
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00E176E9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID: H3
                                                                                        • API String ID: 2063062207-940333313
                                                                                        • Opcode ID: 131937a3ac983849c3ad9c4e029e82e9f3baeec812752577ec5eca8601186448
                                                                                        • Instruction ID: e94ac886464a6f0d6743057fcceb1fa26758d36acb04727e3c2c5fff2c5d8ae5
                                                                                        • Opcode Fuzzy Hash: 131937a3ac983849c3ad9c4e029e82e9f3baeec812752577ec5eca8601186448
                                                                                        • Instruction Fuzzy Hash: EC5145B0D00709CFDB54CFAAD548BDEBBF1AB88314F248459E449B7390DB749984CB66
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E17768 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 44 e17768-e17771 45 e17723 44->45 46 e17773-e177a1 call e16b30 44->46 47 e176b0-e176c2 45->47 48 e17724-e17765 45->48 50 e177a6-e177cc 46->50 54 e176cb-e176fa GetCurrentThreadId 47->54 61 e176c5 call e17768 47->61 55 e17703-e1771a 54->55 56 e176fc-e17702 54->56 55->48 56->55 61->54
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: H3
                                                                                        • API String ID: 0-940333313
                                                                                        • Opcode ID: 8b975c04dbd75c26be234dbe0428b3066ca6eaa4f0b3c7fbe546707fc3e58413
                                                                                        • Instruction ID: 1695116e34d08c82791b8b77a6f32491d9a5a75e4aedf77f3cac71f2a587f8e7
                                                                                        • Opcode Fuzzy Hash: 8b975c04dbd75c26be234dbe0428b3066ca6eaa4f0b3c7fbe546707fc3e58413
                                                                                        • Instruction Fuzzy Hash: 4631D3B5A042489FCB01CF98D844AEEBBF1FF89310F14819AE915AB3A2C6319915CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1A289 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 62 e1a289-e1a290 63 e1a230-e1a232 62->63 64 e1a292-e1a2e4 62->64 65 e1a280-e1a281 63->65 66 e1a234 63->66 68 e1a332-e1a34b 64->68 69 e1a2e6-e1a30e GetSystemMetrics 64->69 70 e1a23a-e1a24e 66->70 71 e1a310-e1a316 69->71 72 e1a317-e1a32b 69->72 73 e1a250-e1a263 call e1a050 70->73 74 e1a279 70->74 71->72 72->68 73->74 78 e1a265-e1a272 call e14b68 73->78 74->65 78->74 81 e1a274 78->81 81->74
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(0000004B), ref: 00E1A2FD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID: H3
                                                                                        • API String ID: 4116985748-940333313
                                                                                        • Opcode ID: 0a5fcb3d0b88b9c33ce529232fbbb686f02da70a9fda6ffe10bd3f4bd9588e63
                                                                                        • Instruction ID: 1987ebacc8bfbe7be590937ba0dd44b7419887bff5859ccd1056810f55789e57
                                                                                        • Opcode Fuzzy Hash: 0a5fcb3d0b88b9c33ce529232fbbb686f02da70a9fda6ffe10bd3f4bd9588e63
                                                                                        • Instruction Fuzzy Hash: B431CF71505394CEDB12CFA6D8053EE7FE4AB15314F0840ABD484B72A2C3399A89CF62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1D53B Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 590 e1d53b-e1d547 591 e1d573-e1d577 590->591 592 e1d549-e1d556 call e1c3d4 590->592 594 e1d579-e1d583 591->594 595 e1d58b-e1d5cc 591->595 599 e1d558 592->599 600 e1d56c 592->600 594->595 601 e1d5d9-e1d5e7 595->601 602 e1d5ce-e1d5d6 595->602 647 e1d55e call e1d7d0 599->647 648 e1d55e call e1d7c3 599->648 600->591 603 e1d5e9-e1d5ee 601->603 604 e1d60b-e1d60d 601->604 602->601 606 e1d5f0-e1d5f7 call e1c3e0 603->606 607 e1d5f9 603->607 609 e1d610-e1d617 604->609 605 e1d564-e1d566 605->600 608 e1d6a8-e1d768 605->608 613 e1d5fb-e1d609 606->613 607->613 641 e1d770-e1d79b GetModuleHandleW 608->641 642 e1d76a-e1d76d 608->642 610 e1d624-e1d62b 609->610 611 e1d619-e1d621 609->611 614 e1d638-e1d641 call e1c3f0 610->614 615 e1d62d-e1d635 610->615 611->610 613->609 621 e1d643-e1d64b 614->621 622 e1d64e-e1d653 614->622 615->614 621->622 623 e1d671-e1d678 call e1dab0 622->623 624 e1d655-e1d65c 622->624 627 e1d67b-e1d67e 623->627 624->623 626 e1d65e-e1d66e call e1c1a8 call e1c400 624->626 626->623 630 e1d6a1-e1d6a7 627->630 631 e1d680-e1d69e 627->631 631->630 643 e1d7a4-e1d7b8 641->643 644 e1d79d-e1d7a3 641->644 642->641 644->643 647->605 648->605
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00E1D78E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: d6a8675edf34a3741c605ded4ed46c06e6ea79ec7ece781b5a1f1f70121ef6a7
                                                                                        • Instruction ID: 38849d0130f0d7a6889cf0d543210f666746624730839eec37fb56e49630553c
                                                                                        • Opcode Fuzzy Hash: d6a8675edf34a3741c605ded4ed46c06e6ea79ec7ece781b5a1f1f70121ef6a7
                                                                                        • Instruction Fuzzy Hash: 16712870A00B058FDB24DF69D44179ABBF1FF88308F108A2ED45AEBA50D775E985CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085F58D0 Relevance: 1.7, APIs: 1, Instructions: 157threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 765 85f58d0-85f592b 766 85f592d 765->766 767 85f5932-85f594e 765->767 766->767 769 85f5954-85f5969 767->769 770 85f5b41-85f5b6e 767->770 771 85f596b-85f596e call 85f1b8c 769->771 772 85f5978-85f59a4 GetCurrentThreadId 769->772 780 85f5b6f 770->780 779 85f5973 771->779 774 85f59ad-85f59c2 772->774 775 85f59a6-85f59ac 772->775 777 85f5a1d-85f5a56 774->777 778 85f59c4-85f59cb 774->778 775->774 786 85f5a6b-85f5a72 777->786 787 85f5a58-85f5a68 777->787 783 85f59cd 778->783 784 85f59d5-85f59d8 call 85f1b9c 778->784 785 85f5b39 779->785 780->780 783->784 791 85f59dd-85f5a04 784->791 785->770 789 85f5a7a-85f5aa0 786->789 790 85f5a74 786->790 787->786 795 85f5aa7-85f5af0 789->795 796 85f5aa2 789->796 790->789 799 85f5a1a 791->799 800 85f5a06-85f5a0c 791->800 806 85f5afa 795->806 807 85f5af2 795->807 796->795 799->777 800->799 801 85f5a0e-85f5a15 call 85f1bac 800->801 801->799 806->785 807->806
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 085F5990
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentThread
                                                                                        • String ID:
                                                                                        • API String ID: 2882836952-0
                                                                                        • Opcode ID: 4a78cea83ddbcaa0857f8e59b7319749c0dc5bc7c70df2020569dffad1637770
                                                                                        • Instruction ID: 9a1e01fc4126baaa6ab27fd6697f264ae94e22c13055fd8504a961e2a95fe4fc
                                                                                        • Opcode Fuzzy Hash: 4a78cea83ddbcaa0857f8e59b7319749c0dc5bc7c70df2020569dffad1637770
                                                                                        • Instruction Fuzzy Hash: 88614A74E00209DFDB14DFA9D594BADBBB1FF48316F14806AE901AB392EB749885CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1FB30 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 924 e1fb30-e1fb96 925 e1fba1-e1fba8 924->925 926 e1fb98-e1fb9e 924->926 927 e1fbb3-e1fc52 CreateWindowExW 925->927 928 e1fbaa-e1fbb0 925->928 926->925 930 e1fc54-e1fc5a 927->930 931 e1fc5b-e1fc93 927->931 928->927 930->931 935 e1fca0 931->935 936 e1fc95-e1fc98 931->936 936->935
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00E1FC42
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 716092398-0
                                                                                        • Opcode ID: 0af5bf18ce527e8f1a07d6fc0e4d47f15a185a060160e764de14415675f85d3b
                                                                                        • Instruction ID: e51f695b56cc7c590a231499df34344c21c589a2dd7d768b9e35e9d50e2d0aeb
                                                                                        • Opcode Fuzzy Hash: 0af5bf18ce527e8f1a07d6fc0e4d47f15a185a060160e764de14415675f85d3b
                                                                                        • Instruction Fuzzy Hash: E041B0B1D00349DFDB14CF9AC884ADEFBB5BF88314F64812AE818AB210D7759885CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086E7171 Relevance: 1.6, APIs: 1, Instructions: 109windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 937 86e7171-86e71e7 938 86e71e9-86e7205 937->938 939 86e7206-86e720a 937->939 938->939 940 86e720c-86e7222 939->940 941 86e722a-86e726a SendMessageW 939->941 940->941 942 86e726c-86e7272 941->942 943 86e7273-86e72a4 941->943 942->943 946 86e72b9-86e72bd 943->946 947 86e72a6-86e72aa 943->947 949 86e72ce 946->949 950 86e72bf-86e72cb 946->950 947->946 948 86e72ac-86e72af 947->948 948->946 952 86e72cf 949->952 950->949 952->952
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000044A,?,00000000), ref: 086E725A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643592129.00000000086E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_86e0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: ed6ad5b523971fe8cf7de711d1c378533957d78710c1521f6269d06d64495395
                                                                                        • Instruction ID: 951bed37a57cad185431e5a1bea1ae34f488543877fd9fbbb754f6ea21108712
                                                                                        • Opcode Fuzzy Hash: ed6ad5b523971fe8cf7de711d1c378533957d78710c1521f6269d06d64495395
                                                                                        • Instruction Fuzzy Hash: 494114B0D103499FDB14CFA9D885B9EBBF1AF49300F25812EE408AB350D7745485CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086E68A1 Relevance: 1.6, APIs: 1, Instructions: 104windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 953 86e68a1-86e71e7 955 86e71e9-86e7205 953->955 956 86e7206-86e720a 953->956 955->956 957 86e720c-86e7222 956->957 958 86e722a-86e726a SendMessageW 956->958 957->958 959 86e726c-86e7272 958->959 960 86e7273-86e72a4 958->960 959->960 963 86e72b9-86e72bd 960->963 964 86e72a6-86e72aa 960->964 966 86e72ce 963->966 967 86e72bf-86e72cb 963->967 964->963 965 86e72ac-86e72af 964->965 965->963 969 86e72cf 966->969 967->966 969->969
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000044A,?,00000000), ref: 086E725A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643592129.00000000086E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_86e0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: e44c008199d521b45a0e07b08ae7a869fdefab12d2d7f95eeb42c288dda3998c
                                                                                        • Instruction ID: 044bd5c49dd5a7a1401a37a87427735d45458827e126660bf0d064d69bae3cca
                                                                                        • Opcode Fuzzy Hash: e44c008199d521b45a0e07b08ae7a869fdefab12d2d7f95eeb42c288dda3998c
                                                                                        • Instruction Fuzzy Hash: 324114B0D10349DFDB24CFAAD885B9EBBF1AF49300F25812AE418AB390D7746845CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086E68A4 Relevance: 1.6, APIs: 1, Instructions: 103windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 970 86e68a4-86e71e7 972 86e71e9-86e7205 970->972 973 86e7206-86e720a 970->973 972->973 974 86e720c-86e7222 973->974 975 86e722a-86e726a SendMessageW 973->975 974->975 976 86e726c-86e7272 975->976 977 86e7273-86e72a4 975->977 976->977 980 86e72b9-86e72bd 977->980 981 86e72a6-86e72aa 977->981 983 86e72ce 980->983 984 86e72bf-86e72cb 980->984 981->980 982 86e72ac-86e72af 981->982 982->980 986 86e72cf 983->986 984->983 986->986
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000044A,?,00000000), ref: 086E725A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643592129.00000000086E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_86e0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: a578dfe8f15581a5df1b63497250f77c1613b3bf9c52e33fe4ad6a3ba033b86e
                                                                                        • Instruction ID: bc51a7eff5c7a4e78c4d022a71a7aaadd8f5bc91d7f06d13ffd8bc50b50ac11a
                                                                                        • Opcode Fuzzy Hash: a578dfe8f15581a5df1b63497250f77c1613b3bf9c52e33fe4ad6a3ba033b86e
                                                                                        • Instruction Fuzzy Hash: 704104B0D10349DFDB24CFAAD885B9EBBF1AF88301F25812AE414A7350D7745845CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E178A0 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E17867
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: b0fa879fd4355cb62393138ca7bf2d42ced86b581240f2fe59ecdd165b90f480
                                                                                        • Instruction ID: b4c060a21b7f4b09de762cdaef82068413a6a0e5c7135ce64c28bfa5beae73cb
                                                                                        • Opcode Fuzzy Hash: b0fa879fd4355cb62393138ca7bf2d42ced86b581240f2fe59ecdd165b90f480
                                                                                        • Instruction Fuzzy Hash: D741A074A403409FE700DFA1E94876A7BB5F789308F20882BE6119B7D0DB78491ACF32
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B0BE09 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(?,00000000), ref: 08B0BEBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfo
                                                                                        • String ID:
                                                                                        • API String ID: 3534257612-0
                                                                                        • Opcode ID: b09055e9caa4fea25b09ceb8db147c1870f12288b0ee2c8ea4b723c1a2e21633
                                                                                        • Instruction ID: b54619b96b3df3fbb0a16a2cd298025c3a4290091f2c2aa77c6da0277bb4b26a
                                                                                        • Opcode Fuzzy Hash: b09055e9caa4fea25b09ceb8db147c1870f12288b0ee2c8ea4b723c1a2e21633
                                                                                        • Instruction Fuzzy Hash: CB31C2719053859FDB15CFAAC844BDEBFF0EF49214F1880AED498AB242C3759409CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085FFC1D Relevance: 1.6, APIs: 1, Instructions: 74windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,085FF85A,00000000,00000000,03B34358,02B50300), ref: 085FFCA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID:
                                                                                        • API String ID: 2222842502-0
                                                                                        • Opcode ID: c54249e5e5a8cd9feab9e4d41d10d8f5828b85d24f3d1feff4af508746fe030d
                                                                                        • Instruction ID: 27e70403e6c9715820eb1df9fb2079646e07fbdab4535757da5d80c5b2e7b22c
                                                                                        • Opcode Fuzzy Hash: c54249e5e5a8cd9feab9e4d41d10d8f5828b85d24f3d1feff4af508746fe030d
                                                                                        • Instruction Fuzzy Hash: 1A2133B5804249DFDB10CFAAD884BEEBFF4FB48310F14846AE958A7651C378A945CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086E8161 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 086E81F2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643592129.00000000086E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_86e0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentThread
                                                                                        • String ID:
                                                                                        • API String ID: 2882836952-0
                                                                                        • Opcode ID: 5dec65609428b2cbbfe7ce19f9c7a5a9cee50d3bd6ca3027f597bf9057fabc3e
                                                                                        • Instruction ID: b67345733ad24684f649c77ebb9cd1bb20269f501ba16e1d48ebcdf993d1ff90
                                                                                        • Opcode Fuzzy Hash: 5dec65609428b2cbbfe7ce19f9c7a5a9cee50d3bd6ca3027f597bf9057fabc3e
                                                                                        • Instruction Fuzzy Hash: 253146B490024ACFDB40DF99D484ADEFBF0FB58305F15856AE418AB311D774A949CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E177D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E17867
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 320f7c5ae9a6c6307a4cd88f852aa32d631c2ddd9e7c1828bd1884081bddbeed
                                                                                        • Instruction ID: b9d3d65d1122113119a2414b8fea4d4fc107f1e80123fbfac5b834f66a31b65d
                                                                                        • Opcode Fuzzy Hash: 320f7c5ae9a6c6307a4cd88f852aa32d631c2ddd9e7c1828bd1884081bddbeed
                                                                                        • Instruction Fuzzy Hash: 9B2100B5900249EFDB10CFAAD884AEEFBF4AB48310F14801AE958A3350C378A944CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E177E0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E17867
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 5a2b674b54af1c0d95062b4822d80532ca01b32acb3b0da456c434c6c27e4c3a
                                                                                        • Instruction ID: a7fa6d09d5c2cd1bd7312699816d2374b40f8fc80a9fdd4187f7763b4d173706
                                                                                        • Opcode Fuzzy Hash: 5a2b674b54af1c0d95062b4822d80532ca01b32acb3b0da456c434c6c27e4c3a
                                                                                        • Instruction Fuzzy Hash: 1C21E3B5900249EFDB10CFAAD884ADEBBF4EB48710F14801AE958A3310D374A944CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086E8258 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 086E82D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643592129.00000000086E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_86e0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumThreadWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2941952884-0
                                                                                        • Opcode ID: b4e6650f50f5e6216e076bd0f05ed443890c4d6ff0c6decb860e5e718e6edf92
                                                                                        • Instruction ID: 41fa6c61761bda095d6d63ab602dd64a57c0b62c0a2396b17205429ddeda727c
                                                                                        • Opcode Fuzzy Hash: b4e6650f50f5e6216e076bd0f05ed443890c4d6ff0c6decb860e5e718e6edf92
                                                                                        • Instruction Fuzzy Hash: DB2134B1D006098FDB14CFAAC845BEEFBF4AB88310F14842AE459A7350D778A945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085FAB60 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 085FABE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: 74cc4ad50b6e3c9284f95b127ccde5cba390af64ec5c24f01c300fa6f8ff6639
                                                                                        • Instruction ID: 28309d6991d8c836c51c3bcc0642c9aed7232b2d0854d694f29c81fe90c237af
                                                                                        • Opcode Fuzzy Hash: 74cc4ad50b6e3c9284f95b127ccde5cba390af64ec5c24f01c300fa6f8ff6639
                                                                                        • Instruction Fuzzy Hash: BD217F718093858FDB12CFA9C845BDEBFF4EF49310F19449AD494E7252C2785544CFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B0BE40 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(?,00000000), ref: 08B0BEBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfo
                                                                                        • String ID:
                                                                                        • API String ID: 3534257612-0
                                                                                        • Opcode ID: f8cb817e4a4a3220e688114d5c1e4a8d3cf05c1e8b193d5b751e9dd3f60e38f4
                                                                                        • Instruction ID: 99345eb9119b93c07b6214288da26f59ff7ea5ebcb9c453de7a88f362475a168
                                                                                        • Opcode Fuzzy Hash: f8cb817e4a4a3220e688114d5c1e4a8d3cf05c1e8b193d5b751e9dd3f60e38f4
                                                                                        • Instruction Fuzzy Hash: 9621F0B29016099FDB10CF9AD884ADEFBF4EB48220F14846EE918A7240D374A944CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 086E8260 Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 086E82D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643592129.00000000086E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_86e0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumThreadWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2941952884-0
                                                                                        • Opcode ID: 7006ecfe72272ebd3b074c5ccc84888073390e14fdc466ff512dfce5a92bf8f8
                                                                                        • Instruction ID: c1589eceee4a879145e2be7a81d42f7ca0e70e97a5911793206298ef4b8f4410
                                                                                        • Opcode Fuzzy Hash: 7006ecfe72272ebd3b074c5ccc84888073390e14fdc466ff512dfce5a92bf8f8
                                                                                        • Instruction Fuzzy Hash: 0021E571D006098FDB14CF9AC845BEEFBF5AB88310F14842AE458A7350D778A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1C428 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00E1D809,00000800,00000000,00000000), ref: 00E1DA1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 6047826e59a5b13907b2a199d48abb880f4b3c9f22f1c5b18c9b7fc96ae998ac
                                                                                        • Instruction ID: 23ebe214f7baa45a25911efc3447b0bd98bb64c86cad127e4e44385251bcad9a
                                                                                        • Opcode Fuzzy Hash: 6047826e59a5b13907b2a199d48abb880f4b3c9f22f1c5b18c9b7fc96ae998ac
                                                                                        • Instruction Fuzzy Hash: 9811D3B69042599FDB10CF9AD844BDEFBF4EB88710F14842AE519B7200C3B9A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1D9A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00E1D809,00000800,00000000,00000000), ref: 00E1DA1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 3deeaf397df2eb8b2973f799ac09f054541824e4382fd6a3fdfe0a7c059dd545
                                                                                        • Instruction ID: b1ece79a8eb3a96d64d5a1e286b4f205009ddf77a2bf74082a30fd5304bc0f31
                                                                                        • Opcode Fuzzy Hash: 3deeaf397df2eb8b2973f799ac09f054541824e4382fd6a3fdfe0a7c059dd545
                                                                                        • Instruction Fuzzy Hash: 721112B6C043499FDB10CF9AD844ADEFBF4AB88710F14842AE919B7300C379A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085FFC38 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,085FF85A,00000000,00000000,03B34358,02B50300), ref: 085FFCA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID:
                                                                                        • API String ID: 2222842502-0
                                                                                        • Opcode ID: c5987a20851a7af43dec729f78af14e892f3e379f6960560b24deb87a23334a6
                                                                                        • Instruction ID: 2d0653c83fbe237114199e09cf40d2b5690013a09fac1cb8fc6fcfb67a56189f
                                                                                        • Opcode Fuzzy Hash: c5987a20851a7af43dec729f78af14e892f3e379f6960560b24deb87a23334a6
                                                                                        • Instruction Fuzzy Hash: BB2133B5800249DFDB10CF9AD884BEEBBF4FB48310F10842AE958A7211C378A545CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085FF288 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,085FF85A,00000000,00000000,03B34358,02B50300), ref: 085FFCA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID:
                                                                                        • API String ID: 2222842502-0
                                                                                        • Opcode ID: 16d22c1373b425fb0db8aeed155897240b180aa43ce85e2bd5eaf90147782799
                                                                                        • Instruction ID: 415eacaf47f6265a0bc313eb3e3eb0e908d917102de436911cfa8c389ae0954f
                                                                                        • Opcode Fuzzy Hash: 16d22c1373b425fb0db8aeed155897240b180aa43ce85e2bd5eaf90147782799
                                                                                        • Instruction Fuzzy Hash: 691103B5804209DFDB10CF9AD944BDEBBF4FB48310F10842AE918A3611C778A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B08D31 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 08B08DA2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 530164218-0
                                                                                        • Opcode ID: 01b4d7001b6cdd43b2e0486409092e9ab4d8520f7417bac650065d9d0a0e50c5
                                                                                        • Instruction ID: 0c51fec9634f6d83a9e650b7433bc6c679fe8ab41718fff17f099f09cf55204c
                                                                                        • Opcode Fuzzy Hash: 01b4d7001b6cdd43b2e0486409092e9ab4d8520f7417bac650065d9d0a0e50c5
                                                                                        • Instruction Fuzzy Hash: 402113B2C006498FDB24CF9AD844ADEBBF4EB88310F14816ED858A7650D374A645CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B08D38 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 08B08DA2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 530164218-0
                                                                                        • Opcode ID: 525c0639cec95f4024e96ada3581fc26a6956b7b02ddbf8214e38722865ce8fa
                                                                                        • Instruction ID: 7390537c101de5ef935d3b62abc3df22da7c16a2cf14279932121f72c5357dfd
                                                                                        • Opcode Fuzzy Hash: 525c0639cec95f4024e96ada3581fc26a6956b7b02ddbf8214e38722865ce8fa
                                                                                        • Instruction Fuzzy Hash: 711114B28006498FDB24CF9AD844BDEFBF4EF88310F14816ED858A7650D378A645CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0500ED5C Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E80,?,?,0500F25E), ref: 0500F366
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1638095756.0000000005000000.00000040.00000800.00020000.00000000.sdmp, Offset: 05000000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_5000000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 666a7492a6d7792f1abe3b37ae50741a08682871f0bf2757515f594a7dfb8753
                                                                                        • Instruction ID: d8cd3fabc09c55fbff4e08dd707d5a4905797f64b373a9c9d33fa1a1aea0da6a
                                                                                        • Opcode Fuzzy Hash: 666a7492a6d7792f1abe3b37ae50741a08682871f0bf2757515f594a7dfb8753
                                                                                        • Instruction Fuzzy Hash: 741120B5C007498BDB20CFAAD844B9EFBF4EF88620F14842AD819A7310D378A545CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0500F2F9 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E80,?,?,0500F25E), ref: 0500F366
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1638095756.0000000005000000.00000040.00000800.00020000.00000000.sdmp, Offset: 05000000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_5000000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: f6acd336f21f071d9c5203d8e867ad7ec27ec238ef1f853a1940cb5ff2f964e7
                                                                                        • Instruction ID: 36d1ba65994c5feff6898db992782ac00847091c79901489038a8c398fbd5c1e
                                                                                        • Opcode Fuzzy Hash: f6acd336f21f071d9c5203d8e867ad7ec27ec238ef1f853a1940cb5ff2f964e7
                                                                                        • Instruction Fuzzy Hash: 931123B1D003498BDB20CFAAD844B9EFBF4AF88220F14841AD419A7310C375A546CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B0C611 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000018,00000001,?), ref: 08B0C675
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: e99794c59ffc53abf18aeee0fb5b76ecb52832de0abb5ea867dc21a726b26247
                                                                                        • Instruction ID: 0a436647dfa01f21e2550a0a3f7dc61b8beb65aad555765b487c81b7abe4b37f
                                                                                        • Opcode Fuzzy Hash: e99794c59ffc53abf18aeee0fb5b76ecb52832de0abb5ea867dc21a726b26247
                                                                                        • Instruction Fuzzy Hash: 531122B5800648DFDB20CF9AD885BDEFFF4EB48310F20855AE958A7610C375A544CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B0A608 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000), ref: 08B0A66D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 5c0dbba2d532d41b0930a8422c560fbedf97a67414da9620127cca963871493e
                                                                                        • Instruction ID: 2fdaff22d7963dc92c502714ec34d16560245c47bc950c46ec63a4a958b6a769
                                                                                        • Opcode Fuzzy Hash: 5c0dbba2d532d41b0930a8422c560fbedf97a67414da9620127cca963871493e
                                                                                        • Instruction Fuzzy Hash: 601110B58002489FDB10CF9AD884BDEFFF8EB48720F208549E418A7310C3B5A544CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085FAB88 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 085FABE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: c03051b577f5617e327e7081a66d94c96649975dbdde5e788894aca1e48610fb
                                                                                        • Instruction ID: 0371236a3dd6d6633883f3d503e01a17b9bef45857f6bf0b341bd088aab9025f
                                                                                        • Opcode Fuzzy Hash: c03051b577f5617e327e7081a66d94c96649975dbdde5e788894aca1e48610fb
                                                                                        • Instruction Fuzzy Hash: 7611E3B58002499FDB10CF9AC885BDEBBF8EB48324F148419E558A3651D378A584CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B079D4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000018,00000001,?), ref: 08B0C675
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: b377fc1907b287399fe4df839bda3ca7a0f7479c145f5e0794670fd4eeae324e
                                                                                        • Instruction ID: a1362e6b44d98b4ae4db98ed8817fd927760863ce84851430da539bd07209e06
                                                                                        • Opcode Fuzzy Hash: b377fc1907b287399fe4df839bda3ca7a0f7479c145f5e0794670fd4eeae324e
                                                                                        • Instruction Fuzzy Hash: 9D11F2B5800349DFDB20CF9AD845BDEBFF8EB48310F248559E918A7251C375A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B094F8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000), ref: 08B0A66D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 1c4b9d276487127ff3189c5d171b24dc6c07584ad0c3691a7395c9c5670c1200
                                                                                        • Instruction ID: 39801b4ef43b20bb0639c3b2ca0a4156c52ebfa9a6326b3e880223c447ced7b6
                                                                                        • Opcode Fuzzy Hash: 1c4b9d276487127ff3189c5d171b24dc6c07584ad0c3691a7395c9c5670c1200
                                                                                        • Instruction Fuzzy Hash: CE1110B58003099FDB10CF8AD845BDEBFF8EB48710F108859E518A7200C375A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1D728 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00E1D78E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: ed266ea5ea388acb33b0159eb4a63ee11f5046aac457ca6ba14dde67c6a21934
                                                                                        • Instruction ID: a79c11138dd997e8aa5028f364daba5e74c41be59c038f04a6492f030b0e6d3d
                                                                                        • Opcode Fuzzy Hash: ed266ea5ea388acb33b0159eb4a63ee11f5046aac457ca6ba14dde67c6a21934
                                                                                        • Instruction Fuzzy Hash: 51110FB6C006498FDB10CF9AD844ADEFBF4AB88324F14842AD419A7210C375A545CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085F5BC0 Relevance: 1.5, APIs: 1, Instructions: 47threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 085F5C28
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: c6f7163f3913828acb9b2db6f75489d5a45aaf27af5f2579f413a3a507bbe51f
                                                                                        • Instruction ID: dde0272be8271c9a5b2bb9eee5f34fccd3720646fd6706f5f96454b7503267b6
                                                                                        • Opcode Fuzzy Hash: c6f7163f3913828acb9b2db6f75489d5a45aaf27af5f2579f413a3a507bbe51f
                                                                                        • Instruction Fuzzy Hash: E81132B58006498EDB20CF99D84ABDEBFF0FB08310F10844AE658B7251C3B56548CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085F1B8C Relevance: 1.5, APIs: 1, Instructions: 47threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 085F5C28
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 98dc6a03a5069c881f1d8b94cee9329267f9dbe897925622b037e2eb802b4d71
                                                                                        • Instruction ID: a5f984636f7bca333ab761161f0943f904d2a36b0c59f022dee693435c85d76e
                                                                                        • Opcode Fuzzy Hash: 98dc6a03a5069c881f1d8b94cee9329267f9dbe897925622b037e2eb802b4d71
                                                                                        • Instruction Fuzzy Hash: 951102B08002499FDB20CF9AD846BDEBFF4FB48710F10881AE659A7241D375A544CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1FD78 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,?,?), ref: 00E1FDD5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1378638983-0
                                                                                        • Opcode ID: 12ec2ebc6516515c234de6fcc2bd6e7c7c7032b521f86918057596a57045dd7d
                                                                                        • Instruction ID: ae390079a86f29f36494e66b31628dbe284337b3fdb2fed82455157cd58a617b
                                                                                        • Opcode Fuzzy Hash: 12ec2ebc6516515c234de6fcc2bd6e7c7c7032b521f86918057596a57045dd7d
                                                                                        • Instruction Fuzzy Hash: FF11E2B5800249DFDB10CF9AD485BDEFBF8EB88324F24845AE958A7740C375A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00E1FED0 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621826578.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_e10000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID:
                                                                                        • API String ID: 2061451462-0
                                                                                        • Opcode ID: 6e8349b3322d6b269947c755ae878017e992be93ad9e0824703bfb53ed319ecb
                                                                                        • Instruction ID: 157aa6da6cdfaf9c057e732871de07d5e40ddee572321ffb816837458b8c88d0
                                                                                        • Opcode Fuzzy Hash: 6e8349b3322d6b269947c755ae878017e992be93ad9e0824703bfb53ed319ecb
                                                                                        • Instruction Fuzzy Hash: 8411CEB5D046498FDB20CF9AE444BDEFBF4EB48314F14846AE418A7210D378A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B0056C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08B02142
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 152a0093fe621c0d3c442ee5d3ae2ef15404d7fb292c3a41a61a77b7ff7b4d60
                                                                                        • Instruction ID: ae699cdfd9b17a034c54b8b0e056cb6adbff4e7ced66f68d0cfd5b8676793297
                                                                                        • Opcode Fuzzy Hash: 152a0093fe621c0d3c442ee5d3ae2ef15404d7fb292c3a41a61a77b7ff7b4d60
                                                                                        • Instruction Fuzzy Hash: CDE086717102245B8618BA7DE85897F3B9EEF8CA52301849EF50ACB3E0CE64EC05CBD5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 08B0211E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 08B02142
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643938483.0000000008B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B00000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_8b00000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: d377c2a7de5f862e2287ed5c7d0a51c8d57c2813be27e5ef6e649294d97a8fa0
                                                                                        • Instruction ID: f813e9ec563d532d5dd447ee634299494f8480d010a2acd2d8b8a838d2e9ef07
                                                                                        • Opcode Fuzzy Hash: d377c2a7de5f862e2287ed5c7d0a51c8d57c2813be27e5ef6e649294d97a8fa0
                                                                                        • Instruction Fuzzy Hash: 80E086717005204BCB28AA79E4588BF7BAA9F88551300409DE44ACB3A1CE61DC03CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D5D690 Relevance: .1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621292189.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d5d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1598eb2609ffe74621944575abaa0ea912ac5f9ee35b1824e2a36c736a0ab7da
                                                                                        • Instruction ID: 66c48e8bb608c24321cfc9a9b455d287f651f6b7993832b2daaac1951a7a5b48
                                                                                        • Opcode Fuzzy Hash: 1598eb2609ffe74621944575abaa0ea912ac5f9ee35b1824e2a36c736a0ab7da
                                                                                        • Instruction Fuzzy Hash: 26210676500244EFDF25DF50D9C0B16BBA2FB88315F24C669ED4A0B246C336D81ACB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D5D4D8 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621292189.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d5d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d4b387a857558d6774f9020515c1c0287521859ac322d746e4cc4b035ed02cdd
                                                                                        • Instruction ID: 0755794d57f56cc60d9794f47cb84a43ec69d66fad92eac911691edfc7d5d8b3
                                                                                        • Opcode Fuzzy Hash: d4b387a857558d6774f9020515c1c0287521859ac322d746e4cc4b035ed02cdd
                                                                                        • Instruction Fuzzy Hash: 78210372504204DFDF25DF14D9C0B26BB66FB9831AF348169EC090B256D336D85ACAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D3B4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8332416dbfbfb3ed086189294b6fd7a78904e49fe4bb9d937bf862cef2357014
                                                                                        • Instruction ID: 8dd20c38b93d30f4ab423b47903575a2c28725134945b8bfbf636aec62a3ba40
                                                                                        • Opcode Fuzzy Hash: 8332416dbfbfb3ed086189294b6fd7a78904e49fe4bb9d937bf862cef2357014
                                                                                        • Instruction Fuzzy Hash: F721D4B1A04244EFDB10DF14E980B26BB66FB84314F24C569E8494B246C736FC46CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D2D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 07a4cba7c85b7d6edadfff2a5e2e9cee949b6777a41c6322a5dd9797fda65f3f
                                                                                        • Instruction ID: bf8485ee25fccc6cc3cd4516551093ee9da182882eabb43d22580316efee8c9b
                                                                                        • Opcode Fuzzy Hash: 07a4cba7c85b7d6edadfff2a5e2e9cee949b6777a41c6322a5dd9797fda65f3f
                                                                                        • Instruction Fuzzy Hash: 6121A7B5A04244EFDB14DF14E580B2ABB66FB84714F28C569D8494B346C736D846CA72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 80d9d15b4c36dd4f62343e3480f8e59ee112e74778e5bde66102fddd095c9d9f
                                                                                        • Instruction ID: 4b80551a5f3a14468a001a56d11007ada738a58f4b625bdbffcbec32dc520f25
                                                                                        • Opcode Fuzzy Hash: 80d9d15b4c36dd4f62343e3480f8e59ee112e74778e5bde66102fddd095c9d9f
                                                                                        • Instruction Fuzzy Hash: E3210771A04344EFDB15DF54E9D0B25BB62FB88314F34C56DE8494B246C336D84ACA72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c503c722aba44bea6b3fe9d77bcefb91a2df0693c650b73cb5c42cade175e297
                                                                                        • Instruction ID: bd64e164a22169b879930f2f90d364006e8cfee826a2b0cc33e117de0a77edbe
                                                                                        • Opcode Fuzzy Hash: c503c722aba44bea6b3fe9d77bcefb91a2df0693c650b73cb5c42cade175e297
                                                                                        • Instruction Fuzzy Hash: E521C575A04344DFDB14DF24E984B26BB66FB84314F24C569E8494B246C737D847CA72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D005 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 320c360137ab301f3e07c6269d2ae7115433b8187e0e71ff55ad2870fbb985b6
                                                                                        • Instruction ID: 53d1361e0bd96e24099db2bf718e6f0e729c159f38d5aec577acab811f40674b
                                                                                        • Opcode Fuzzy Hash: 320c360137ab301f3e07c6269d2ae7115433b8187e0e71ff55ad2870fbb985b6
                                                                                        • Instruction Fuzzy Hash: 642192755093C09FCB02CF20D990715BF72EB46314F29C5EAD8498F6A7C33A980ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D5D68B Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621292189.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d5d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: edde73853621e643e50c1925fb97340e8941b61291fb93529c4e09ac482f588b
                                                                                        • Instruction ID: 2982e6e4a86742ce0a0ad3325dcb7c36066529eb4fa288e6a51a991f7b4fe41c
                                                                                        • Opcode Fuzzy Hash: edde73853621e643e50c1925fb97340e8941b61291fb93529c4e09ac482f588b
                                                                                        • Instruction Fuzzy Hash: 9B219076504280DFCF16CF10D9C4B16BF62FB88314F28C6A9DD494B656C33AD85ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D5D4D3 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621292189.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d5d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2cc3685e068279a190e42b499643c5e7f8b6eca1fa68e05296391cfaf933024f
                                                                                        • Instruction ID: 15bc94ac3b95802bcf843f675149ba463d7f5598611bf29c3cbb92b2db364413
                                                                                        • Opcode Fuzzy Hash: 2cc3685e068279a190e42b499643c5e7f8b6eca1fa68e05296391cfaf933024f
                                                                                        • Instruction Fuzzy Hash: 7B119D76504240DFCF16CF10D9C4B16BF62FB95319F2886A9DC090A656C33AD85ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41d2b595ca004fa49e9a84987a23ba6be5cb867d1cdf692839024123544a8f32
                                                                                        • Instruction ID: c14ff7924c3c7dd7f0f7f63bdad24f72d57017a50d3b887818696532afaea449
                                                                                        • Opcode Fuzzy Hash: 41d2b595ca004fa49e9a84987a23ba6be5cb867d1cdf692839024123544a8f32
                                                                                        • Instruction Fuzzy Hash: F0119D75A04280DFCB15CF10D5D4B15FFA2FB88314F28C6ADD8494B656C33AD84ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D2CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b49967b0cfbcbcd3151e44b15270f675955ec111627b1f72fb9d0a3571a40682
                                                                                        • Instruction ID: 0b837ef54e113a60812bde94abe1755b92cb23307069737c8ca762947be7561c
                                                                                        • Opcode Fuzzy Hash: b49967b0cfbcbcd3151e44b15270f675955ec111627b1f72fb9d0a3571a40682
                                                                                        • Instruction Fuzzy Hash: 59119475A04684DFDB11CF14E5C4B19FF62FB84324F28C6A9D8494B756C33AD84ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D6D3AF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621384629.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d6d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b49967b0cfbcbcd3151e44b15270f675955ec111627b1f72fb9d0a3571a40682
                                                                                        • Instruction ID: 908600b5076509592ee7726e3fb678e825c376a0616b2107616050614b5806f2
                                                                                        • Opcode Fuzzy Hash: b49967b0cfbcbcd3151e44b15270f675955ec111627b1f72fb9d0a3571a40682
                                                                                        • Instruction Fuzzy Hash: 98119475904284DFDB11CF14E5C4B15FF62FB84324F28C6A9D8494B656C33AE84ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D5D61B Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621292189.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d5d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f695b639e5f0edb304224bd23f4b2bc9dce47464a9bd385d233acb4d29bf53f2
                                                                                        • Instruction ID: baeec3b0df0447630eabfc645fef6e2c238a877b0a7d6a56512cb783a4af3ae8
                                                                                        • Opcode Fuzzy Hash: f695b639e5f0edb304224bd23f4b2bc9dce47464a9bd385d233acb4d29bf53f2
                                                                                        • Instruction Fuzzy Hash: ACF0F976200604AF97248F0AD885C27FBA9EFD5770759C55AEC4A4B712C671FC42CEB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00D5D60C Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1621292189.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_d5d000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 589ee87c2b382142a8da2b38563cc8c476ccaac6932a7d9d54bfe07cb40c9b68
                                                                                        • Instruction ID: e67f79b8dbf4b7af4b24ccbd7d7877cad48918b3c999a8d3e9b3a6e8deb17326
                                                                                        • Opcode Fuzzy Hash: 589ee87c2b382142a8da2b38563cc8c476ccaac6932a7d9d54bfe07cb40c9b68
                                                                                        • Instruction Fuzzy Hash: B6F03775104A80AFD7258F06C884C23BFB9EF8A7607198489EC9A4B322C671FC46CB70
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 085F9F2B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108keyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetKeyState.USER32(00000001), ref: 085F9F75
                                                                                        • GetKeyState.USER32(00000002), ref: 085F9FBA
                                                                                        • GetKeyState.USER32(00000004), ref: 085F9FFF
                                                                                        • GetKeyState.USER32(00000005), ref: 085FA044
                                                                                        • GetKeyState.USER32(00000006), ref: 085FA089
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000018.00000002.1643192454.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_24_2_85f0000_update_232312.jbxd
                                                                                        Similarity
                                                                                        • API ID: State
                                                                                        • String ID: t
                                                                                        • API String ID: 1649606143-1810194760
                                                                                        • Opcode ID: 27ccc3bb914b1a51d99e463b42007998cdd5fd234158aa480e598003baa74887
                                                                                        • Instruction ID: 0179a7df0fcbe7dcdf45dad95e5c59a1803f05e6639af890327f571479c5317f
                                                                                        • Opcode Fuzzy Hash: 27ccc3bb914b1a51d99e463b42007998cdd5fd234158aa480e598003baa74887
                                                                                        • Instruction Fuzzy Hash: BB418070801B56CEEB11CF5AD5483AFBFF4AB45309F20841AD249B7391C3B95646CFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%