Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe

Overview

General Information

Sample name:PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
Analysis ID:1465559
MD5:3fab44c211a6c5519aa034184aca3fdb
SHA1:4d4618e371726bd5f7cca66659fd67ecb9b1d9cf
SHA256:afb3c2222365641951a91bb0a55a1cdd2774539475a79c0deb8fa6bbd3d56f53
Tags:exe
Infos:

Detection

AgentTesla, DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe" MD5: 3FAB44C211A6C5519AA034184ACA3FDB)
    • cmd.exe (PID: 7996 cmdline: "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 8048 cmdline: ping 127.0.0.1 -n 26 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • reg.exe (PID: 5576 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
    • cmd.exe (PID: 8184 cmdline: "cmd" /c ping 127.0.0.1 -n 34 > nul && copy "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe" "C:\Users\user\AppData\Roaming\Zeew.exe" && ping 127.0.0.1 -n 34 > nul && "C:\Users\user\AppData\Roaming\Zeew.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 7224 cmdline: ping 127.0.0.1 -n 34 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • PING.EXE (PID: 5592 cmdline: ping 127.0.0.1 -n 34 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • Zeew.exe (PID: 7824 cmdline: "C:\Users\user\AppData\Roaming\Zeew.exe" MD5: 3FAB44C211A6C5519AA034184ACA3FDB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2192134157.0000000002A3A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
    00000000.00000002.2210039009.0000000005220000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      0000000E.00000002.2909435521.00000000044FE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
        00000000.00000002.2196335827.0000000004219000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
          00000000.00000002.2196335827.0000000004505000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
            Click to see the 22 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            14.2.Zeew.exe.4523510.1.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
              0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.39b44c0.8.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                14.2.Zeew.exe.4523510.1.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                  0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.5220000.11.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                    0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.5220000.11.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                      Click to see the 42 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Zeew.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 5576, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Zeews
                      Sigma detected: Direct Autorun Keys Modification
                      Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", CommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7996, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", ProcessId: 5576, ProcessName: reg.exe
                      Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", CommandLine: "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe", ParentImage: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, ParentProcessId: 7440, ParentProcessName: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, ProcessCommandLine: "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe", ProcessId: 7996, ProcessName: cmd.exe

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeReversingLabs: Detection: 34%
                      Multi AV Scanner detection for submitted file
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeReversingLabs: Detection: 34%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeJoe Sandbox ML: detected
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 4x nop then mov eax, dword ptr [ebp-1Ch]0_2_00BB47C8
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 4x nop then mov eax, dword ptr [ebp-1Ch]14_2_017747C8

                      Networking

                      barindex
                      Uses ping.exe to check the status of other devices and networks
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 26
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPE
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_00BB6B200_2_00BB6B20
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_00BBBEDF0_2_00BBBEDF
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_00BBE0480_2_00BBE048
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_05CD40400_2_05CD4040
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_05CDC3440_2_05CDC344
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_05CD40300_2_05CD4030
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_05CDDF280_2_05CDDF28
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_06F5B4880_2_06F5B488
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_06F540180_2_06F54018
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_06F5EE000_2_06F5EE00
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_06F5EDF20_2_06F5EDF2
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_06F540080_2_06F54008
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_077B41D80_2_077B41D8
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_07925B800_2_07925B80
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_0792D3A00_2_0792D3A0
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_07925B4D0_2_07925B4D
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_079283680_2_07928368
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_077B41BF0_2_077B41BF
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_01776B2014_2_01776B20
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_01777A1014_2_01777A10
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0177DFC814_2_0177DFC8
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0177BEF114_2_0177BEF1
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0811404014_2_08114040
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0811C34414_2_0811C344
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0811DF2814_2_0811DF28
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0811403014_2_08114030
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0828401814_2_08284018
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0828B48814_2_0828B488
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0828EDF114_2_0828EDF1
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0828EDC814_2_0828EDC8
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0828EE0014_2_0828EE00
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2210039009.0000000005220000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000004219000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000004505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.000000000463E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2191221384.000000000062E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000000.1656704777.0000000000A2E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeBinary or memory string: OriginalFilenameturbomailer.exe8 vs PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, b9A.csCryptographic APIs: 'TransformFinalBlock'
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, b9A.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@17/6@0/1
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.logJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8004:120:WilError_03
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeReversingLabs: Detection: 34%
                      Source: unknownProcess created: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe"
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 26
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 34 > nul && copy "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe" "C:\Users\user\AppData\Roaming\Zeew.exe" && ping 127.0.0.1 -n 34 > nul && "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Zeew.exe "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 34 > nul && copy "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe" "C:\Users\user\AppData\Roaming\Zeew.exe" && ping 127.0.0.1 -n 34 > nul && "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 26Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Zeew.exe "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic file information: File size 2853888 > 1048576
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2ab200
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Yara detected DarkTortilla Crypter
                      Source: Yara matchFile source: 14.2.Zeew.exe.4523510.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.39b44c0.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.Zeew.exe.4523510.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.5220000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.5220000.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40fc411.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.39b44c0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43e8811.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f86201.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3e0ffe1.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2192134157.0000000002A3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2210039009.0000000005220000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2909435521.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000004219000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000004505000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2192134157.0000000002771000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2902624019.0000000003341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe PID: 7440, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Zeew.exe PID: 7824, type: MEMORYSTR
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, j4F9.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Zeew.exe.8.dr, j4F9.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_077BBB70 push ecx; ret 0_2_077BBB82
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_077B332E push FFFFFFE9h; retn 0001h0_2_077B3338
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_077BBB06 pushad ; ret 0_2_077BBB43
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_077B1E0D push FFFFFF8Bh; iretd 0_2_077B1E0F
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_0792B7A8 push es; ret 0_2_0792B7E2
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_0792E245 push FFFFFF8Bh; iretd 0_2_0792E247
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_0792E056 push edi; ret 0_2_0792E057
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeCode function: 0_2_0792E061 push edi; ret 0_2_0792E062
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_0177DA14 pushad ; iretd 14_2_0177DA25
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_05F24E40 push eax; ret 14_2_05F24E41
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeCode function: 14_2_07E7195A push 00000059h; ret 14_2_07E7195E
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Zeew.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZeewsJump to behavior
                      Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZeewsJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeFile opened: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeFile opened: C:\Users\user\AppData\Roaming\Zeew.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe PID: 7440, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Zeew.exe PID: 7824, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Uses ping.exe to sleep
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 26
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 26Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeMemory allocated: BB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeMemory allocated: 2770000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeMemory allocated: 2690000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeMemory allocated: 1770000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeMemory allocated: 3340000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeMemory allocated: 5340000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeWindow / User API: threadDelayed 1426Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeWindow / User API: threadDelayed 8431Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe TID: 8032Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 7232Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 7232Thread sleep time: -32000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 3584Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 3584Thread sleep time: -32000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2210039009.0000000005220000.00000004.08000000.00040000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, Zeew.exe, 0000000E.00000002.2909435521.00000000044FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VBoxTray
                      Source: Zeew.exe, 0000000E.00000002.2909435521.00000000044FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 34 > nul && copy "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe" "C:\Users\user\AppData\Roaming\Zeew.exe" && ping 127.0.0.1 -n 34 > nul && "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 26Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 34Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Zeew.exe "C:\Users\user\AppData\Roaming\Zeew.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 34 > nul && copy "c:\users\user\desktop\po#36538_orden_indirect_buyer_procurement_americas_mexicos_24.exe" "c:\users\user\appdata\roaming\zeew.exe" && ping 127.0.0.1 -n 34 > nul && "c:\users\user\appdata\roaming\zeew.exe"
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 34 > nul && copy "c:\users\user\desktop\po#36538_orden_indirect_buyer_procurement_americas_mexicos_24.exe" "c:\users\user\appdata\roaming\zeew.exe" && ping 127.0.0.1 -n 34 > nul && "c:\users\user\appdata\roaming\zeew.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeQueries volume information: C:\Users\user\AppData\Roaming\Zeew.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Zeew.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe PID: 7440, type: MEMORYSTR
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe PID: 7440, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.40befe2.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3dd2bb2.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.3f48dd2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.43ab3e2.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.38f2560.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe PID: 7440, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                      Command and Scripting Interpreter                      		1
                      Registry Run Keys / Startup Folder                      		11
                      Process Injection                      		1
                      Masquerading                      		1
                      Input Capture                      		21
                      Security Software Discovery                      		Remote Services1
                      Input Capture                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Modify Registry                      		LSASS Memory1
                      Process Discovery                      		Remote Desktop Protocol11
                      Archive Collected Data                      		Junk DataExfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		Security Account Manager31
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook31
                      Virtualization/Sandbox Evasion                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Process Injection                      		LSA Secrets1
                      Remote System Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Deobfuscate/Decode Files or Information                      		Cached Domain Credentials1
                      System Network Configuration Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Hidden Files and Directories                      		DCSync12
                      System Information Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                      Obfuscated Files or Information                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Software Packing                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1465559 Sample: PO#36538_orden_Indirect_Buy... Startdate: 01/07/2024 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 9 other signatures 2->53 7 PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe 3 2->7         started        process3 file4 33 PO#36538_orden_Ind..._mexicos_24.exe.log, ASCII 7->33 dropped 55 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->55 57 Hides that the sample has been downloaded from the Internet (zone.identifier) 7->57 11 cmd.exe 3 7->11         started        15 cmd.exe 1 7->15         started        signatures5 process6 file7 35 C:\Users\user\AppData\Roaming\Zeew.exe, PE32 11->35 dropped 37 C:\Users\user\...\Zeew.exe:Zone.Identifier, ASCII 11->37 dropped 59 Uses ping.exe to sleep 11->59 17 Zeew.exe 2 11->17         started        20 conhost.exe 11->20         started        22 PING.EXE 1 11->22         started        24 PING.EXE 1 11->24         started        61 Uses ping.exe to check the status of other devices and networks 15->61 26 PING.EXE 1 15->26         started        29 conhost.exe 15->29         started        31 reg.exe 1 1 15->31         started        signatures8 process9 dnsIp10 41 Multi AV Scanner detection for dropped file 17->41 43 Machine Learning detection for dropped file 17->43 45 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->45 39 127.0.0.1 unknown unknown 26->39 signatures11

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe34%ReversingLabsWin32.Trojan.Generic
                      PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Zeew.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Zeew.exe34%ReversingLabsWin32.Trojan.Generic

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
                      http://www.fontbureau.com0%URL Reputationsafe
                      http://www.fontbureau.com/designersG0%URL Reputationsafe
                      http://www.fontbureau.com/designers/?0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      http://www.fontbureau.com/designers?0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.fontbureau.com/designers0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.fontbureau.com/designers80%URL Reputationsafe
                      http://www.fonts.com0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://ip-api.com/line/?fields=hosting0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.apache.org/licenses/LICENSE-2.0PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.comPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersGPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/?PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/bThePO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://account.dyn.com/PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.tiro.comPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.goodfont.co.krPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.comlPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sajatypeworks.comPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.typography.netDPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlNPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/cThePO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.galapagosdesign.com/staff/dennis.htmPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cnPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/frere-user.htmlPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.galapagosdesign.com/DPleasePO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers8PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fonts.comPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sandoll.co.krPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.urwpp.deDPleasePO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cnPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sakkal.comPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2212190192.0000000006F92000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://ip-api.com/line/?fields=hostingPO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe, 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious

                      Private

                      IP
                      127.0.0.1

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1465559
                      Start date and time:2024-07-01 20:02:17 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 7m 13s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:15
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@17/6@0/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 99%
                      • Number of executed functions: 302
                      • Number of non-executed functions: 8
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • VT rate limit hit for: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      14:03:39API Interceptor136x Sleep call for process: PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe modified
                      14:04:32API Interceptor2x Sleep call for process: PING.EXE modified
                      19:04:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Zeews C:\Users\user\AppData\Roaming\Zeew.exe
                      19:04:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Zeews C:\Users\user\AppData\Roaming\Zeew.exe

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1216
                      Entropy (8bit):5.34331486778365
                      Encrypted:false
                      SSDEEP:24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
                      MD5:7B709BC412BEC5C3CFD861C041DAD408
                      SHA1:532EA6BB3018AE3B51E7A5788F614A6C49252BCF
                      SHA-256:733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
                      SHA-512:B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
                      Malicious:true
                      Reputation:moderate, very likely benign file
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                      C:\Users\user\AppData\Roaming\Zeew.exe

                      Download File
                      Process:C:\Windows\SysWOW64\cmd.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):2853888
                      Entropy (8bit):6.478030765333406
                      Encrypted:false
                      SSDEEP:49152:8g9uoiYHSyjan3elu7S0SuwJZ7ZMVqBfs0CZY0ems:v9fiqSKw317SzuwJZliqBtCZ
                      MD5:3FAB44C211A6C5519AA034184ACA3FDB
                      SHA1:4D4618E371726BD5F7CCA66659FD67ECB9B1D9CF
                      SHA-256:AFB3C2222365641951A91BB0A55A1CDD2774539475A79C0DEB8FA6BBD3D56F53
                      SHA-512:9EFA63F831787B95686E6E980AAA952AA108A9A9EE27CC64191FC6608E5D6758324F7BDF33CE92EE64F8C7AAF91FD39BC890E936E172F651B9208F4502270E88
                      Malicious:true
                      Antivirus:
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 34%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k.O.........."...P...*...........*.. ....*...@.. ........................+...........`.................................h.*.S.....*...............+.......+...................................................... ............... ..H............text....*.. ....*................. ..`.rsrc.........*.......*.............@..@.reloc........+.......+.............@..B..................*.....H........0*............$...`.)...............................................................?.......................@......................?.............................................................................................................................................?.......@.......?.e4.-...n.t&_P...( ...*&..(!....*.s"........s#........s$........s%........s&........*Z........o9...........*&..(:....*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..

                      C:\Users\user\AppData\Roaming\Zeew.exe:Zone.Identifier

                      Download File
                      Process:C:\Windows\SysWOW64\cmd.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Reputation:high, very likely benign file
                      Preview:[ZoneTransfer]....ZoneId=0

                      \Device\Null

                      Download File
                      Process:C:\Windows\SysWOW64\PING.EXE
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1901
                      Entropy (8bit):4.748444399029811
                      Encrypted:false
                      SSDEEP:12:PKMRJpTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTc:/7BAokItULVDv
                      MD5:7D8F2FA98B86E080D796590736DB0227
                      SHA1:10E199AEB3825D116FA76A359ACE6FBE990D70DE
                      SHA-256:1475DD46581303AF825077D718EFD1AB0656D4A671248A4286DBE65C56AA0A14
                      SHA-512:D647E26CE7733A3826EE32556FA517DAAD9192E9A6232CFF13666177347C79821D4AD0CEFFEE37ED9F14B8C4D69F258F0B660504B5EDC51AD3AF096A11F5909C
                      Malicious:false
                      Preview:..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: byt

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):6.478030765333406
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                      • Win32 Executable (generic) a (10002005/4) 49.93%
                      • Windows Screen Saver (13104/52) 0.07%
                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      File name:PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      File size:2'853'888 bytes
                      MD5:3fab44c211a6c5519aa034184aca3fdb
                      SHA1:4d4618e371726bd5f7cca66659fd67ecb9b1d9cf
                      SHA256:afb3c2222365641951a91bb0a55a1cdd2774539475a79c0deb8fa6bbd3d56f53
                      SHA512:9efa63f831787b95686e6e980aaa952aa108a9a9ee27cc64191fc6608e5d6758324f7bdf33ce92ee64f8c7aaf91fd39bc890e936e172f651b9208f4502270e88
                      SSDEEP:49152:8g9uoiYHSyjan3elu7S0SuwJZ7ZMVqBfs0CZY0ems:v9fiqSKw317SzuwJZliqBtCZ
                      TLSH:CBD58A8F2CEA0AA9C4C48C75B7BC45F842B10B6F445577A7A582A7E8EF6131E75430E3
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..O.........."...P...*...........*.. ....*...@.. ........................+...........`................................

                      File Icon

                      Icon Hash:24ed8d96b2ade832

                      Static PE Info

                      General

                      Entrypoint:0x6ad0be
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x4FA0CD6B [Wed May 2 06:00:11 2012 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2ad0680x53.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2ae0000xd5f0.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x2b8c000x0.rsrc
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2bc0000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x2ab0c40x2ab20049dfb0fa636be654d1c7162f0bcfc04funknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x2ae0000xd5f00xd600dcb4cf59307c61ac90d201ab20966bd3False0.08608352803738317data3.698450057310039IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x2bc0000xc0x200ffe120c369e518bc96de7ef1a743352cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x2ae0e80xd228Device independent bitmap graphic, 101 x 256 x 32, image size 51712, resolution 9055 x 9055 px/m0.07864312267657993
                      RT_GROUP_ICON0x2bb3100x14data1.15
                      RT_VERSION0x2bb3240x2ccdata0.49441340782122906

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Network Behavior

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 1, 2024 20:03:32.614825964 CEST53624021.1.1.1192.168.2.4

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:14:03:06
                      Start date:01/07/2024
                      Path:C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe"
                      Imagebase:0x780000
                      File size:2'853'888 bytes
                      MD5 hash:3FAB44C211A6C5519AA034184ACA3FDB
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2192134157.0000000002A3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2210039009.0000000005220000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2196335827.0000000004219000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2196335827.0000000004505000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2196335827.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2196335827.00000000040A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2196335827.0000000003DB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2192134157.0000000002771000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2196335827.0000000003891000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2196335827.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:5
                      Start time:14:03:39
                      Start date:01/07/2024
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:"cmd" /c ping 127.0.0.1 -n 26 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Imagebase:0x240000
                      File size:236'544 bytes
                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:6
                      Start time:14:03:39
                      Start date:01/07/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:7
                      Start time:14:03:39
                      Start date:01/07/2024
                      Path:C:\Windows\SysWOW64\PING.EXE
                      Wow64 process (32bit):true
                      Commandline:ping 127.0.0.1 -n 26
                      Imagebase:0x830000
                      File size:18'944 bytes
                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:8
                      Start time:14:04:00
                      Start date:01/07/2024
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:"cmd" /c ping 127.0.0.1 -n 34 > nul && copy "C:\Users\user\Desktop\PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.exe" "C:\Users\user\AppData\Roaming\Zeew.exe" && ping 127.0.0.1 -n 34 > nul && "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Imagebase:0x7ff72bec0000
                      File size:236'544 bytes
                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:9
                      Start time:14:04:00
                      Start date:01/07/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:10
                      Start time:14:04:00
                      Start date:01/07/2024
                      Path:C:\Windows\SysWOW64\PING.EXE
                      Wow64 process (32bit):true
                      Commandline:ping 127.0.0.1 -n 34
                      Imagebase:0x830000
                      File size:18'944 bytes
                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:11
                      Start time:14:04:05
                      Start date:01/07/2024
                      Path:C:\Windows\SysWOW64\reg.exe
                      Wow64 process (32bit):true
                      Commandline:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Zeews" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Zeew.exe"
                      Imagebase:0x8c0000
                      File size:59'392 bytes
                      MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:13
                      Start time:14:04:33
                      Start date:01/07/2024
                      Path:C:\Windows\SysWOW64\PING.EXE
                      Wow64 process (32bit):true
                      Commandline:ping 127.0.0.1 -n 34
                      Imagebase:0x830000
                      File size:18'944 bytes
                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:14
                      Start time:14:05:07
                      Start date:01/07/2024
                      Path:C:\Users\user\AppData\Roaming\Zeew.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Roaming\Zeew.exe"
                      Imagebase:0xe40000
                      File size:2'853'888 bytes
                      MD5 hash:3FAB44C211A6C5519AA034184ACA3FDB
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 0000000E.00000002.2909435521.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 0000000E.00000002.2902624019.0000000003341000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Antivirus matches:
                      • Detection: 100%, Joe Sandbox ML
                      • Detection: 34%, ReversingLabs
                      Reputation:low
                      Has exited:false

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:16.6%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:10%
                        Total number of Nodes:30
                        Total number of Limit Nodes:0
                        execution_graph 51267 792bbd0 51268 792bd5b 51267->51268 51269 792bbf6 51267->51269 51269->51268 51272 792be50 PostMessageW 51269->51272 51274 792be48 51269->51274 51273 792bebc 51272->51273 51273->51269 51275 792be4d PostMessageW 51274->51275 51276 792bebc 51275->51276 51276->51269 51277 6f54018 51278 6f5404a 51277->51278 51282 6f5ae50 51278->51282 51286 6f5ae40 51278->51286 51279 6f596e9 51283 6f5ae81 51282->51283 51290 6f5b0e0 51283->51290 51284 6f5af39 51284->51279 51287 6f5ae47 51286->51287 51289 6f5b0e0 DeleteFileW 51287->51289 51288 6f5af39 51288->51279 51289->51288 51291 6f5b0f4 51290->51291 51295 6f5b810 51291->51295 51299 6f5b800 51291->51299 51292 6f5b3eb 51292->51284 51296 6f5b833 51295->51296 51303 6f5295c 51296->51303 51300 6f5b833 51299->51300 51301 6f5295c DeleteFileW 51300->51301 51302 6f5bbcc 51301->51302 51302->51292 51304 6f5bcb0 DeleteFileW 51303->51304 51306 6f5bbcc 51304->51306 51306->51292

                        Executed Functions

                        Function 00BB6B20 Relevance: 11.2, Strings: 8, Instructions: 1213COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o^q$(o^q$(o^q$,bq$,bq$,bq$,bq$Hbq
                        • API String ID: 0-2809086048
                        • Opcode ID: 54b9e0aae170d9ffeacdd861d570824dc6189d10fd2b79e9066731d31cfc8bf2
                        • Instruction ID: 5690e9d18d02b5a0705bd6ed53ced3b856e8a88a51e2a9314afeeecefe38b388
                        • Opcode Fuzzy Hash: 54b9e0aae170d9ffeacdd861d570824dc6189d10fd2b79e9066731d31cfc8bf2
                        • Instruction Fuzzy Hash: A6A25C74A042199FDB14DF69C898AAEBBF2FF88301F2485A9E505EB361DB74DC41CB50
                        Function 05CDC344 Relevance: 7.0, Strings: 5, Instructions: 738COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 522 5cdc344-5cdf787 525 5cdf78d-5cdf793 522->525 526 5cdf935-5cdf986 522->526 527 5cdf795-5cdf79c 525->527 528 5cdf7d4-5cdf7e8 525->528 552 5cdf988-5cdf995 526->552 553 5cdf9a0-5cdf9ba 526->553 532 5cdf79e-5cdf7ab 527->532 533 5cdf7b6-5cdf7cf call 5cdf1e0 527->533 529 5cdf80a-5cdf813 528->529 530 5cdf7ea-5cdf7ee 528->530 535 5cdf82d-5cdf849 529->535 536 5cdf815-5cdf822 529->536 530->529 534 5cdf7f0-5cdf7fc 530->534 532->533 533->528 534->529 544 5cdf7fe-5cdf804 534->544 548 5cdf84f-5cdf85a 535->548 549 5cdf8f1-5cdf915 535->549 536->535 544->529 556 5cdf85c-5cdf862 548->556 557 5cdf872-5cdf879 548->557 559 5cdf91f 549->559 560 5cdf917 549->560 552->553 567 5cdf9bc-5cdf9c3 553->567 568 5cdfa01-5cdfa08 553->568 562 5cdf864 556->562 563 5cdf866-5cdf868 556->563 564 5cdf88d-5cdf8b0 call 5cdafbc 557->564 565 5cdf87b-5cdf885 557->565 559->526 560->559 562->557 563->557 575 5cdf8c1-5cdf8d2 564->575 576 5cdf8b2-5cdf8bf 564->576 565->564 573 5cdf9dd-5cdf9f2 567->573 574 5cdf9c5-5cdf9d2 567->574 570 5cdfa0a-5cdfa17 568->570 571 5cdfa22-5cdfa2b 568->571 570->571 577 5cdfa2d-5cdfa2f 571->577 578 5cdfa31-5cdfa34 571->578 573->568 583 5cdf9f4-5cdf9fb 573->583 574->573 587 5cdf8df-5cdf8eb 575->587 588 5cdf8d4-5cdf8d7 575->588 576->575 576->587 581 5cdfa35-5cdfa39 577->581 578->581 589 5cdfa41-5cdfa46 581->589 583->568 586 5cdfa8f-5cdfaba call 5cd75d0 583->586 601 5cdfac1-5cdfb22 call 5cd75d0 586->601 587->548 587->549 588->587 590 5cdfa89-5cdfa8c 589->590 591 5cdfa48-5cdfa4f 589->591 594 5cdfa69-5cdfa7e 591->594 595 5cdfa51-5cdfa5e 591->595 594->590 599 5cdfa80-5cdfa87 594->599 595->594 599->590 599->601 610 5cdfb3a-5cdfb40 601->610 611 5cdfb24-5cdfb37 601->611 612 5cdfbb0-5cdfc08 610->612 613 5cdfb42-5cdfb49 610->613 614 5cdfc0f-5cdfc67 612->614 613->614 615 5cdfb4f-5cdfb5f 613->615 621 5cdfc6e-5cdfd7c 614->621 615->621 622 5cdfb65-5cdfb69 615->622 663 5cdfdce-5cdfe26 621->663 664 5cdfd7e-5cdfd8e 621->664 624 5cdfb6c-5cdfb6e 622->624 627 5cdfb70-5cdfb80 624->627 628 5cdfb93-5cdfb95 624->628 636 5cdfb6b 627->636 637 5cdfb82-5cdfb91 627->637 630 5cdfba4-5cdfbad 628->630 631 5cdfb97-5cdfba1 628->631 636->624 637->628 637->636 667 5cdfe2d-5cdff0b 663->667 664->667 668 5cdfd94-5cdfd98 664->668 670 5cdfd9b-5cdfd9d 668->670 671 5cdfd9f-5cdfdaf 670->671 672 5cdfdb1-5cdfdb3 670->672 671->672 679 5cdfd9a 671->679 674 5cdfdb5-5cdfdbf 672->674 675 5cdfdc2-5cdfdcb 672->675 679->670
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$Hbq$Hbq$Hbq$PH^q
                        • API String ID: 0-1907916612
                        • Opcode ID: f10f57e8d44274b7055cf47a349d0f8d0609aaba2b299e2b2a805659511e1ee2
                        • Instruction ID: ece499fb0c8bca017881e23cf35a79e10e403624cc8ac651b3747ec5852b358c
                        • Opcode Fuzzy Hash: f10f57e8d44274b7055cf47a349d0f8d0609aaba2b299e2b2a805659511e1ee2
                        • Instruction Fuzzy Hash: 94228F31B002148FCB54AB38C854B6EB7E6FF88311F548969E54ADB3A1DE34DD46CBA1
                        Function 077B41BF Relevance: 5.6, Instructions: 5642COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 900 77b41bf-77b4407 928 77b440d-77b5152 900->928 929 77b645c-77b6742 900->929 1339 77b5158-77b5436 928->1339 1340 77b543e-77b6454 928->1340 1004 77b76fb-77b8776 929->1004 1005 77b6748-77b76f3 929->1005 1595 77b8abd-77b8ad0 1004->1595 1596 77b877c-77b8ab5 1004->1596 1005->1004 1339->1340 1340->929 1600 77b917d-77ba056 1595->1600 1601 77b8ad6-77b9175 1595->1601 1596->1595 1984 77ba056 call 77bbba0 1600->1984 1985 77ba056 call 77bbb90 1600->1985 1601->1600 1983 77ba05c-77ba063 1984->1983 1985->1983
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8dfa15d5477ad08275f5999d316f0db5655e66b68449818ca981145e0be2fe11
                        • Instruction ID: 99349b3aac146fb88df1d8d815f5cc208f119778687ea2bd7a990ce914b30779
                        • Opcode Fuzzy Hash: 8dfa15d5477ad08275f5999d316f0db5655e66b68449818ca981145e0be2fe11
                        • Instruction Fuzzy Hash: 77C31970E11228CBCB58FF78D99966CBBF2AF89204F4184E9D048A7354DB355E99CF42
                        Function 077B41D8 Relevance: 5.6, Instructions: 5633COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1986 77b41d8-77b4407 2014 77b440d-77b5152 1986->2014 2015 77b645c-77b6742 1986->2015 2425 77b5158-77b5436 2014->2425 2426 77b543e-77b6454 2014->2426 2090 77b76fb-77b8776 2015->2090 2091 77b6748-77b76f3 2015->2091 2681 77b8abd-77b8ad0 2090->2681 2682 77b877c-77b8ab5 2090->2682 2091->2090 2425->2426 2426->2015 2686 77b917d-77ba056 2681->2686 2687 77b8ad6-77b9175 2681->2687 2682->2681 3070 77ba056 call 77bbba0 2686->3070 3071 77ba056 call 77bbb90 2686->3071 2687->2686 3069 77ba05c-77ba063 3070->3069 3071->3069
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6d2864ebc98fa2f5d3faa9be7c218c4059d699f7b7834d740892e7404cfeb166
                        • Instruction ID: 22a1d39cb4b25daba736faf4d6a66eed1f641be2d09a6bda4d7be652f5e49d3e
                        • Opcode Fuzzy Hash: 6d2864ebc98fa2f5d3faa9be7c218c4059d699f7b7834d740892e7404cfeb166
                        • Instruction Fuzzy Hash: 75C31970E11228CBCB58FF78D99966CBBF2AF89204F4184E9D048A7354DB355E99CF42
                        Function 06F54008 Relevance: 5.2, Instructions: 5176COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3072 6f54008-6f5417a 3089 6f54181-6f541ae 3072->3089 3090 6f541b6-6f596d6 3089->3090 4027 6f596e1 3090->4027 4029 6f596e3 call 6f5ae50 4027->4029 4030 6f596e3 call 6f5ae40 4027->4030 4028 6f596e9-6f596f0 4029->4028 4030->4028
                        Memory Dump Source
                        • Source File: 00000000.00000002.2212058266.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6f50000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 075d88ca7156ba441da60612402bc50dd0769b78645e76883decd5209653c28e
                        • Instruction ID: 00f8a66d57e117365aeccb43b711e59429b1f7f4c99c49fee4dc5444d0534073
                        • Opcode Fuzzy Hash: 075d88ca7156ba441da60612402bc50dd0769b78645e76883decd5209653c28e
                        • Instruction Fuzzy Hash: D3B30970A11218CBCB58EF78D99969CBBF2BF88204F4085E9D588A7354DF355D89CF82
                        Function 06F54018 Relevance: 5.2, Instructions: 5170COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4031 6f54018-6f596e1 4987 6f596e3 call 6f5ae50 4031->4987 4988 6f596e3 call 6f5ae40 4031->4988 4986 6f596e9-6f596f0 4987->4986 4988->4986
                        Memory Dump Source
                        • Source File: 00000000.00000002.2212058266.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6f50000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12d1e8ac8341bbc7150158807792f471036421d1809dc768448ecd35ece42621
                        • Instruction ID: fd4f567994f6eaa0035d90fc3a1a7b2fd31fc38fc01cee4239873402607e7a6b
                        • Opcode Fuzzy Hash: 12d1e8ac8341bbc7150158807792f471036421d1809dc768448ecd35ece42621
                        • Instruction Fuzzy Hash: 07B30970A11218CBCB58EF78D99965CBBF2BF88204F4085E9D588A7354DF355D89CF82
                        Function 00BBBEDF Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5196 bbbedf-bbbee4 5197 bbbea9-bbbec6 5196->5197 5198 bbbee6-bbbf22 5196->5198 5200 bbbf29-bbc015 5198->5200 5201 bbbf24 5198->5201 5212 bbc01e-bbc0f6 call bb035c call bb9b78 call bb9b88 5200->5212 5201->5200 5227 bbc0f8-bbc103 5212->5227 5228 bbc104-bbc115 5212->5228 5227->5228 5229 bbc123 5228->5229 5230 bbc117-bbc122 5228->5230 5230->5229
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q$Te^q$d7p
                        • API String ID: 0-1105448440
                        • Opcode ID: def93da907ddf5a227cb0a072639a012a12cde753914472d81a383813fe72a0f
                        • Instruction ID: d59966c8115ebabfbfc0c495de5f81917d3dcd78e88f9021e6a1f47e9d8595de
                        • Opcode Fuzzy Hash: def93da907ddf5a227cb0a072639a012a12cde753914472d81a383813fe72a0f
                        • Instruction Fuzzy Hash: 5681BF74E01218CFDB58DFAAD494ADDBBF2BF89301F20806AE405AB365DB349946CB50
                        Function 06F5B488 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5682 6f5b488-6f5b495 5683 6f5b497-6f5b499 5682->5683 5684 6f5b49e-6f5b4ae 5682->5684 5687 6f5b73d-6f5b744 5683->5687 5685 6f5b4b5-6f5b4c5 5684->5685 5686 6f5b4b0 5684->5686 5689 6f5b724-6f5b732 5685->5689 5690 6f5b4cb-6f5b4d9 5685->5690 5686->5687 5693 6f5b745-6f5b7be 5689->5693 5694 6f5b734-6f5b736 5689->5694 5690->5693 5695 6f5b4df 5690->5695 5694->5687 5695->5693 5696 6f5b6f4-6f5b716 5695->5696 5697 6f5b6d7-6f5b6f2 5695->5697 5698 6f5b596-6f5b5b7 5695->5698 5699 6f5b570-6f5b591 5695->5699 5700 6f5b4fd-6f5b51e 5695->5700 5701 6f5b5bc-6f5b5dd 5695->5701 5702 6f5b63c-6f5b679 5695->5702 5703 6f5b67e-6f5b6a4 5695->5703 5704 6f5b718-6f5b722 5695->5704 5705 6f5b4e6-6f5b4f8 5695->5705 5706 6f5b523-6f5b545 5695->5706 5707 6f5b5e2-6f5b60a 5695->5707 5708 6f5b60f-6f5b637 5695->5708 5709 6f5b6a9-6f5b6d5 5695->5709 5710 6f5b54a-6f5b56b 5695->5710 5696->5687 5697->5687 5698->5687 5699->5687 5700->5687 5701->5687 5702->5687 5703->5687 5704->5687 5705->5687 5706->5687 5707->5687 5708->5687 5709->5687 5710->5687
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2212058266.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6f50000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Xbq$$^q
                        • API String ID: 0-1593437937
                        • Opcode ID: fafbbc920b18279f59641194099b57f7461dc5d95d01f094b394fb6dffc47d1a
                        • Instruction ID: 9fbc3169f17426c31392b7dd7d0c2faf90da41c9425ac5ba9f0053f48d316c35
                        • Opcode Fuzzy Hash: fafbbc920b18279f59641194099b57f7461dc5d95d01f094b394fb6dffc47d1a
                        • Instruction Fuzzy Hash: 6781AFB5B002188FEB68EB78986567E7BB7BFC8710B05842DE506E7294DF348D038795
                        Function 07925B80 Relevance: .8, Instructions: 777COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214515604.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7920000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a426c5a9caa9364add8ce8bb73ec708f463d2cb0f38ffb9ce54731ee481803a1
                        • Instruction ID: cbcb3916462aa54c28f9d011df7040fcea28aae5d6e0d374d35ab4f64ee6dcda
                        • Opcode Fuzzy Hash: a426c5a9caa9364add8ce8bb73ec708f463d2cb0f38ffb9ce54731ee481803a1
                        • Instruction Fuzzy Hash: D742E170E182158FCB05EFB9D89855DBBF2FF89204B51856AE049DB351EF389C06CB92
                        Function 05CD4040 Relevance: .6, Instructions: 596COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 24217c403039d70ebacd104489e1baf687037ce19301d7d2adbfcfff4a5f4758
                        • Instruction ID: 7ae6baa8c84d6e81a5bd7320d6bd39494da628b020eac96ea0ba73e41974a918
                        • Opcode Fuzzy Hash: 24217c403039d70ebacd104489e1baf687037ce19301d7d2adbfcfff4a5f4758
                        • Instruction Fuzzy Hash: D3524C34A003558FCB14DF28C844B99B7F2FF89314F2586A9D5586F3A2DB71A986CF81
                        Function 05CD4030 Relevance: .6, Instructions: 586COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 675137445fe018bed93f5a66a44c29e8051e07566862cd698acbd8f7b0c05d7f
                        • Instruction ID: 74a4b1942d94fc38f46d3a635ca5eaf89f8cbb645d48b1a60b8d0e71211fc190
                        • Opcode Fuzzy Hash: 675137445fe018bed93f5a66a44c29e8051e07566862cd698acbd8f7b0c05d7f
                        • Instruction Fuzzy Hash: 19525D34A003558FCB14DF28C844B99B7F2FF85314F2586A9D5586F3A2DBB1A986CF81
                        Function 07925B4D Relevance: .6, Instructions: 577COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214515604.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7920000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5f741eff10ae40d75175492873d44e8095cc8b48759f8ac2ddc65257fb4a145
                        • Instruction ID: 7d712cc20f5b7b7502255800d1dae7fac1f2882bf17a4a03474f9bb5ccaab7e5
                        • Opcode Fuzzy Hash: a5f741eff10ae40d75175492873d44e8095cc8b48759f8ac2ddc65257fb4a145
                        • Instruction Fuzzy Hash: CD229071F142158FCB08FFB9D89855DBBF2FF88204B518529E049AB355EF389846CB92
                        Function 00BB47C8 Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9654b9af6a660e8ff777ccdda28be9405a37c5af182c7ebb33480350df47e0c5
                        • Instruction ID: 4e8406e26b26758994161f9e55224ccf9d4559b58cc87ec3e88be9068aac6d85
                        • Opcode Fuzzy Hash: 9654b9af6a660e8ff777ccdda28be9405a37c5af182c7ebb33480350df47e0c5
                        • Instruction Fuzzy Hash: 70410274E012088FDB04DFA9D9547EDBBF1BB89301F109029E814B7355DB785A46CFA4
                        Function 00BB7A10 Relevance: 10.5, Strings: 8, Instructions: 514COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 363 bb7a10-bb7a27 364 bb7a9b 363->364 365 bb7a29-bb7a2b 363->365 369 bb7aa0-bb7add 364->369 366 bb7a2d-bb7a30 365->366 367 bb7a57-bb7a5d 365->367 368 bb7a32-bb7a43 366->368 366->369 370 bb7a5f-bb7a67 367->370 371 bb7a94-bb7a98 367->371 376 bb7a4e-bb7a51 368->376 377 bb7a45-bb7a48 368->377 378 bb7f0e-bb7f12 369->378 379 bb7ae3-bb7b06 369->379 370->364 372 bb7a69-bb7a6c 370->372 372->369 373 bb7a6e 372->373 380 bb7a78-bb7a7a 373->380 376->364 382 bb7a53-bb7a55 376->382 377->364 381 bb7a4a-bb7a4c 377->381 383 bb7f2b-bb7f39 378->383 384 bb7f14-bb7f28 378->384 394 bb7b0c-bb7b19 379->394 395 bb7bb4-bb7bb8 379->395 380->371 385 bb7a7c-bb7a84 380->385 381->367 382->366 382->367 391 bb7f3b-bb7f50 383->391 392 bb7faa-bb7fbf 383->392 385->364 388 bb7a86-bb7a90 385->388 388->364 393 bb7a92 388->393 401 bb7f52-bb7f55 391->401 402 bb7f57-bb7f64 391->402 403 bb7fc1-bb7fc4 392->403 404 bb7fc6-bb7fd3 392->404 393->371 407 bb7b1b-bb7b26 394->407 408 bb7b28 394->408 398 bb7bba-bb7bc8 395->398 399 bb7c00-bb7c09 395->399 398->399 419 bb7bca-bb7be5 398->419 405 bb7c0f-bb7c19 399->405 406 bb8021 399->406 409 bb7f66-bb7fa7 401->409 402->409 410 bb7fd5-bb8010 403->410 404->410 405->378 411 bb7c1f-bb7c28 405->411 413 bb8026-bb803e 406->413 414 bb7b2a-bb7b2c 407->414 408->414 455 bb8017-bb801e 410->455 417 bb7c2a-bb7c2f 411->417 418 bb7c37-bb7c43 411->418 414->395 421 bb7b32-bb7b94 414->421 417->418 418->413 424 bb7c49-bb7c4f 418->424 440 bb7bf3 419->440 441 bb7be7-bb7bf1 419->441 464 bb7b9a-bb7bb1 421->464 465 bb7b96 421->465 425 bb7ef8-bb7efc 424->425 426 bb7c55-bb7c65 424->426 425->406 429 bb7f02-bb7f08 425->429 438 bb7c79-bb7c7b 426->438 439 bb7c67-bb7c77 426->439 429->378 429->411 443 bb7c7e-bb7c84 438->443 439->443 444 bb7bf5-bb7bf7 440->444 441->444 443->425 449 bb7c8a-bb7c99 443->449 444->399 450 bb7bf9 444->450 452 bb7c9f 449->452 453 bb7d47-bb7d74 449->453 450->399 456 bb7ca2-bb7cb3 452->456 470 bb7d7a-bb7d7e 453->470 471 bb7e5e-bb7e78 453->471 456->413 458 bb7cb9-bb7ccb 456->458 458->413 460 bb7cd1-bb7d01 458->460 460->425 467 bb7d07-bb7d0a 460->467 464->395 465->464 468 bb7d0c-bb7d12 467->468 469 bb7d14-bb7d17 467->469 468->469 472 bb7d1d-bb7d20 468->472 469->406 469->472 470->425 474 bb7d84-bb7d88 470->474 471->378 489 bb7e7e-bb7e82 471->489 477 bb7d28-bb7d2b 472->477 478 bb7d22-bb7d26 472->478 475 bb7d8a-bb7d97 474->475 476 bb7db0-bb7db6 474->476 492 bb7d99-bb7da4 475->492 493 bb7da6 475->493 481 bb7db8-bb7dbc 476->481 482 bb7df1-bb7df7 476->482 477->406 480 bb7d31-bb7d35 477->480 478->477 478->480 480->406 487 bb7d3b-bb7d41 480->487 481->482 488 bb7dbe-bb7dc7 481->488 484 bb7df9-bb7dfd 482->484 485 bb7e03-bb7e09 482->485 484->455 484->485 490 bb7e0b-bb7e0f 485->490 491 bb7e15-bb7e17 485->491 487->453 487->456 494 bb7dc9-bb7dce 488->494 495 bb7dd6-bb7dec 488->495 496 bb7ebe-bb7ec2 489->496 497 bb7e84-bb7e8e call bb6a68 489->497 490->425 490->491 498 bb7e19-bb7e22 491->498 499 bb7e4c-bb7e4e 491->499 500 bb7da8-bb7daa 492->500 493->500 494->495 495->425 496->455 501 bb7ec8-bb7ecc 496->501 497->496 510 bb7e90-bb7ea5 497->510 504 bb7e31-bb7e47 498->504 505 bb7e24-bb7e29 498->505 499->425 506 bb7e54-bb7e5b 499->506 500->425 500->476 501->455 508 bb7ed2-bb7edf 501->508 504->425 505->504 513 bb7eee 508->513 514 bb7ee1-bb7eec 508->514 510->496 519 bb7ea7-bb7ebc 510->519 516 bb7ef0-bb7ef2 513->516 514->516 516->425 516->455 519->378 519->496
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                        • API String ID: 0-1932283790
                        • Opcode ID: 3e41b81bf426c87f16adbf8bbab2d3247cf62c936ee87d6afc12189ce60e666c
                        • Instruction ID: 290586ba55a2e7454aa4e25221b94ae8fea0528e23b70add5635b9f7e2dddc72
                        • Opcode Fuzzy Hash: 3e41b81bf426c87f16adbf8bbab2d3247cf62c936ee87d6afc12189ce60e666c
                        • Instruction Fuzzy Hash: 89225D30A046158FCB15CF68C484AEEBBF1FF88311F1585A9E8199B3A1DB71ED41CB90
                        Function 00BBB668 Relevance: 4.3, Strings: 3, Instructions: 549COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q$4'^q$;^q
                        • API String ID: 0-799016360
                        • Opcode ID: 71fdd75493af914bea87ed007995f298a452ef5c00a7d15e55870375a1c7e684
                        • Instruction ID: a65e1177cbffba4dfa713a5c6028948781d0e4c8e2519b45875ed0f62263dcb1
                        • Opcode Fuzzy Hash: 71fdd75493af914bea87ed007995f298a452ef5c00a7d15e55870375a1c7e684
                        • Instruction Fuzzy Hash: F8027E357002018FDB259A29C894FB977E6EF85B01F1940EAE506CB3A1EFE9CC41D791
                        Function 00BBAA60 Relevance: 3.2, Strings: 2, Instructions: 682COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5233 bbaa60-bbaf4e 5308 bbb4a0-bbb4b8 5233->5308 5309 bbaf54-bbaf64 5233->5309 5313 bbb4ba-bbb4c6 5308->5313 5314 bbb4f7-bbb4ff 5308->5314 5309->5308 5310 bbaf6a-bbaf7a 5309->5310 5310->5308 5312 bbaf80-bbaf90 5310->5312 5312->5308 5315 bbaf96-bbafa6 5312->5315 5320 bbb501-bbb50b 5314->5320 5321 bbb576-bbb582 5314->5321 5315->5308 5316 bbafac-bbafbc 5315->5316 5316->5308 5317 bbafc2-bbafd2 5316->5317 5317->5308 5319 bbafd8-bbafe8 5317->5319 5319->5308 5322 bbafee-bbaffe 5319->5322 5320->5321 5326 bbb50d-bbb519 5320->5326 5328 bbb599-bbb5a5 5321->5328 5329 bbb584-bbb590 5321->5329 5322->5308 5324 bbb004-bbb014 5322->5324 5324->5308 5327 bbb01a-bbb02a 5324->5327 5334 bbb51b-bbb526 5326->5334 5335 bbb53e-bbb541 5326->5335 5327->5308 5330 bbb030-bbb49f 5327->5330 5338 bbb5bc-bbb5be 5328->5338 5339 bbb5a7-bbb5b3 5328->5339 5329->5328 5337 bbb592-bbb597 5329->5337 5334->5335 5350 bbb528-bbb532 5334->5350 5341 bbb558-bbb564 5335->5341 5342 bbb543-bbb54f 5335->5342 5340 bbb5c6-bbb5cb 5337->5340 5423 bbb5c0 call bbb668 5338->5423 5424 bbb5c0 call bbb667 5338->5424 5339->5338 5348 bbb5b5-bbb5ba 5339->5348 5343 bbb5cc-bbb5ee 5341->5343 5344 bbb566-bbb56d 5341->5344 5342->5341 5354 bbb551-bbb556 5342->5354 5357 bbb5fe 5343->5357 5358 bbb5f0 5343->5358 5344->5343 5349 bbb56f-bbb574 5344->5349 5348->5340 5349->5340 5350->5335 5359 bbb534-bbb539 5350->5359 5354->5340 5362 bbb600-bbb601 5357->5362 5358->5357 5361 bbb5f7-bbb5fc 5358->5361 5359->5340 5361->5362 5423->5340 5424->5340
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q$$^q
                        • API String ID: 0-355816377
                        • Opcode ID: 58138cf3df8afc15bb1480b1e360fd3bd8b0bbdff8914ad3cf2ecfc92aefc3fc
                        • Instruction ID: 1f3f4d4d12a208cce89d8c38eeff05de4dead37a6684df121c34964cee7fdb93
                        • Opcode Fuzzy Hash: 58138cf3df8afc15bb1480b1e360fd3bd8b0bbdff8914ad3cf2ecfc92aefc3fc
                        • Instruction Fuzzy Hash: FB521574A00218CFEB149BA4C865B9EBBB3FF88301F1080A9D10A6B755DF759D85DF51
                        Function 00BB6430 Relevance: 2.9, Strings: 2, Instructions: 437COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5425 bb6430-bb6447 5426 bb6449-bb6461 5425->5426 5427 bb6463-bb6473 call bb5e78 5425->5427 5432 bb6478-bb647d 5426->5432 5427->5432 5575 bb647f call bb6728 5432->5575 5576 bb647f call bb642f 5432->5576 5577 bb647f call bb6430 5432->5577 5433 bb6485-bb648b 5434 bb6711-bb671a 5433->5434 5435 bb6491-bb649f 5433->5435 5438 bb671e-bb6722 5434->5438 5439 bb671c 5434->5439 5440 bb64a1-bb64a8 5435->5440 5441 bb64f7-bb6500 5435->5441 5442 bb6726-bb6736 5438->5442 5443 bb6724 5438->5443 5439->5438 5446 bb64ae-bb64b3 5440->5446 5447 bb6601-bb662d 5440->5447 5444 bb6506-bb650a 5441->5444 5445 bb6634-bb6660 5441->5445 5448 bb6738-bb673e 5442->5448 5449 bb6745-bb6757 5442->5449 5443->5442 5450 bb651b-bb6530 5444->5450 5451 bb650c-bb6515 5444->5451 5495 bb6667-bb66d1 5445->5495 5452 bb64cb-bb64d9 5446->5452 5453 bb64b5-bb64bb 5446->5453 5447->5445 5448->5449 5468 bb67eb-bb67ed 5449->5468 5469 bb675d-bb6761 5449->5469 5569 bb6533 call bb6df8 5450->5569 5570 bb6533 call bb6b1f 5450->5570 5571 bb6533 call bb6b20 5450->5571 5572 bb6533 call bb6d60 5450->5572 5451->5445 5451->5450 5465 bb64db-bb64dd 5452->5465 5466 bb64e2-bb64f2 5452->5466 5456 bb64bf-bb64c9 5453->5456 5457 bb64bd 5453->5457 5456->5452 5457->5452 5460 bb6539-bb6540 5461 bb655b-bb655f 5460->5461 5462 bb6542-bb654d 5460->5462 5472 bb66d8-bb670a 5461->5472 5473 bb6565-bb6569 5461->5473 5578 bb6550 call bb8698 5462->5578 5579 bb6550 call bb8697 5462->5579 5474 bb65f7-bb65fe 5465->5474 5466->5474 5582 bb67ef call bb6988 5468->5582 5583 bb67ef call bb6987 5468->5583 5470 bb6763-bb676f 5469->5470 5471 bb6771-bb677e 5469->5471 5486 bb6780-bb678a 5470->5486 5471->5486 5472->5434 5473->5472 5477 bb656f-bb657a 5473->5477 5475 bb6556 5475->5474 5477->5472 5492 bb6580-bb65ad 5477->5492 5480 bb67f5-bb67fb 5484 bb67fd-bb6803 5480->5484 5485 bb6807-bb680e 5480->5485 5490 bb6869-bb68c8 5484->5490 5491 bb6805 5484->5491 5498 bb678c-bb679b 5486->5498 5499 bb67b7-bb67bb 5486->5499 5510 bb68cf-bb68da 5490->5510 5491->5485 5492->5472 5505 bb65b3-bb65c2 5492->5505 5495->5472 5514 bb67ab-bb67b5 5498->5514 5515 bb679d-bb67a4 5498->5515 5501 bb67bd-bb67c3 5499->5501 5502 bb67c7-bb67cb 5499->5502 5506 bb6811-bb6862 5501->5506 5507 bb67c5 5501->5507 5502->5485 5508 bb67cd-bb67d1 5502->5508 5573 bb65c5 call bb8698 5505->5573 5574 bb65c5 call bb8697 5505->5574 5506->5490 5507->5485 5508->5510 5511 bb67d7-bb67e9 5508->5511 5526 bb68de-bb68e2 5510->5526 5527 bb68dc 5510->5527 5511->5485 5514->5499 5515->5514 5516 bb65cb-bb65cf 5516->5495 5518 bb65d5-bb65e1 5516->5518 5580 bb65e3 call bbf2c8 5518->5580 5581 bb65e3 call bbf2c7 5518->5581 5524 bb65e9-bb65ef 5524->5472 5528 bb65f5 5524->5528 5529 bb68e6-bb68f3 5526->5529 5530 bb68e4-bb68e5 5526->5530 5527->5526 5528->5474 5535 bb68f9-bb68fb 5529->5535 5536 bb68f5-bb68f7 5529->5536 5530->5529 5539 bb68fd-bb6901 5535->5539 5540 bb690c-bb690e 5535->5540 5538 bb6971-bb6974 5536->5538 5545 bb6903-bb6905 5539->5545 5546 bb6907-bb690a 5539->5546 5542 bb6921-bb6927 5540->5542 5543 bb6910-bb6914 5540->5543 5550 bb6929-bb6950 5542->5550 5551 bb6952-bb6954 5542->5551 5547 bb691a-bb691f 5543->5547 5548 bb6916-bb6918 5543->5548 5545->5538 5546->5538 5547->5538 5548->5538 5557 bb695b-bb695d 5550->5557 5551->5557 5558 bb695f-bb6961 5557->5558 5559 bb6963-bb6965 5557->5559 5558->5538 5561 bb696e 5559->5561 5562 bb6967-bb696c 5559->5562 5561->5538 5562->5538 5569->5460 5570->5460 5571->5460 5572->5460 5573->5516 5574->5516 5575->5433 5576->5433 5577->5433 5578->5475 5579->5475 5580->5524 5581->5524 5582->5480 5583->5480
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq$Hbq
                        • API String ID: 0-4258043069
                        • Opcode ID: bdb6bd797a5ab293a842710f0d0de9d2a9c0e090d8cfc91fdc1c91ae833db258
                        • Instruction ID: 985535353e15d76b6098c295117672811081a598a209680f05b0ff21fb508c6f
                        • Opcode Fuzzy Hash: bdb6bd797a5ab293a842710f0d0de9d2a9c0e090d8cfc91fdc1c91ae833db258
                        • Instruction Fuzzy Hash: C3E1B0747002149FDB159F28C858BBE7BE6EB88355F1484A9E50ACB390DFB8DC41DB91
                        Function 05CDC9A0 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5584 5cdc9a0-5cdc9d6 5587 5cdc9dc-5cdc9ef call 5cdc314 5584->5587 5588 5cdcd99-5cdcdc4 call 5cd75d0 5584->5588 5592 5cdc9f1-5cdc9fb 5587->5592 5593 5cdca03-5cdca29 5587->5593 5602 5cdcdcb-5cdce1b call 5cd75d0 5588->5602 5592->5593 5593->5602 5603 5cdca2f-5cdca45 call 5cdc324 5593->5603 5636 5cdce1d-5cdce31 5602->5636 5637 5cdce3c-5cdce44 5602->5637 5607 5cdca4b-5cdca65 5603->5607 5608 5cdcb27-5cdcb2b 5603->5608 5615 5cdca7d-5cdca99 5607->5615 5616 5cdca67-5cdca75 5607->5616 5609 5cdcb2d-5cdcb33 5608->5609 5610 5cdcb3b-5cdcb4b call 5cdc334 5608->5610 5609->5610 5619 5cdcb4d-5cdcb68 5610->5619 5620 5cdcb82-5cdcba0 call 5cdc344 5610->5620 5630 5cdca9b-5cdcaa6 5615->5630 5631 5cdcaf6-5cdcb1a 5615->5631 5616->5615 5680 5cdcb6b call 6f53218 5619->5680 5681 5cdcb6b call 6f53208 5619->5681 5633 5cdcba5-5cdcbbc call 5cd9a98 5620->5633 5629 5cdcb6e-5cdcb76 5644 5cdcabe-5cdcacf 5630->5644 5645 5cdcaa8-5cdcaae 5630->5645 5648 5cdcb1c 5631->5648 5649 5cdcb24-5cdcb25 5631->5649 5640 5cdcbbe-5cdcbcc 5633->5640 5641 5cdcbd4-5cdcbf0 5633->5641 5636->5637 5640->5641 5659 5cdcc64-5cdcc88 5641->5659 5660 5cdcbf2-5cdcbfd 5641->5660 5655 5cdcad6-5cdcad9 5644->5655 5656 5cdcad1-5cdcad4 5644->5656 5646 5cdcab0 5645->5646 5647 5cdcab2-5cdcab4 5645->5647 5646->5644 5647->5644 5648->5649 5649->5608 5657 5cdcadc-5cdcaf4 5655->5657 5656->5657 5657->5630 5657->5631 5670 5cdcc8a 5659->5670 5671 5cdcc92 5659->5671 5666 5cdcbff-5cdcc05 5660->5666 5667 5cdcc15-5cdcc22 5660->5667 5672 5cdcc09-5cdcc0b 5666->5672 5673 5cdcc07 5666->5673 5668 5cdcc24-5cdcc30 5667->5668 5669 5cdcc36-5cdcc62 call 5cdafcc 5667->5669 5668->5669 5669->5659 5669->5660 5670->5671 5671->5588 5672->5667 5673->5667 5680->5629 5681->5629
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q$PH^q
                        • API String ID: 0-1598597984
                        • Opcode ID: 6795db46d5d08174a08eeb9754beb92fa86305f643546edb45098e7276468541
                        • Instruction ID: 2525e59fb7eb53499a16ca19c1bc57de98f04ee116f781bd28cc5b6f3f0318fd
                        • Opcode Fuzzy Hash: 6795db46d5d08174a08eeb9754beb92fa86305f643546edb45098e7276468541
                        • Instruction Fuzzy Hash: 7FC10675610218CFCB14DF68C598AADBBF2FF88311B1549A8E506EB3A1DB31ED41CB60
                        Function 05CD3F08 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5761 5cd3f08-5cd557b 5764 5cd557d-5cd5581 5761->5764 5765 5cd5582-5cd55e1 5761->5765 5771 5cd55ee 5765->5771 5772 5cd55e3-5cd55ec 5765->5772 5773 5cd55f0-5cd55f5 5771->5773 5772->5773 5774 5cd563a-5cd566f 5773->5774 5775 5cd55f7-5cd55f9 5773->5775 5777 5cd5676-5cd5702 5774->5777 5776 5cd55fb-5cd55fe 5775->5776 5775->5777 5776->5777 5778 5cd5600-5cd5603 5776->5778 5799 5cd5754-5cd5756 5777->5799 5800 5cd5704-5cd570a 5777->5800 5778->5777 5780 5cd5605-5cd5608 5778->5780 5780->5777 5782 5cd560a-5cd560e 5780->5782 5784 5cd5615-5cd562a 5782->5784 5785 5cd5610-5cd5613 5782->5785 5787 5cd5635-5cd5639 5784->5787 5788 5cd562c-5cd5630 call 5cd3f24 5784->5788 5785->5784 5785->5787 5788->5787 5801 5cd570c-5cd5714 5800->5801 5802 5cd571f-5cd5725 5800->5802 5808 5cd571a call 5cd5758 5801->5808 5809 5cd571a call 5cd5768 5801->5809 5803 5cd573b-5cd5741 5802->5803 5804 5cd5727-5cd573a 5802->5804 5803->5799 5806 5cd5743-5cd574b 5803->5806 5805 5cd571c-5cd571e 5806->5799 5808->5805 5809->5805
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$Hbq
                        • API String ID: 0-4081012451
                        • Opcode ID: 65b5a367d52be0bce8eec2aa168ae383a40bdb49ee66be3bed59ae660e3165e1
                        • Instruction ID: de3795dae8e7632f6b3185e8a6bb8eb3796e5cf18eb19ccda82ee2a2a145c0a9
                        • Opcode Fuzzy Hash: 65b5a367d52be0bce8eec2aa168ae383a40bdb49ee66be3bed59ae660e3165e1
                        • Instruction Fuzzy Hash: 6E510032714114DFC758AB28D0446A9BBE6FF84340F68887AE60EDB741CA35AD43CBA1
                        Function 00BB493F Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5810 bb493f-bb4972 5811 bb4979-bb499b 5810->5811 5812 bb4974 5810->5812 5847 bb499c call bb4df8 5811->5847 5848 bb499c call bb4daf 5811->5848 5849 bb499c call bb4dc0 5811->5849 5812->5811 5813 bb49a2-bb49a9 5814 bb49ab-bb49b4 5813->5814 5815 bb49ca 5813->5815 5817 bb49bb-bb49be 5814->5817 5818 bb49b6-bb49b9 5814->5818 5816 bb49cd-bb4a08 5815->5816 5823 bb4abb-bb4ad2 5816->5823 5819 bb49c8 5817->5819 5818->5819 5819->5816 5826 bb4ad8-bb4ae3 5823->5826 5827 bb4a0d-bb4a23 5823->5827 5845 bb4ae6 call bb8f78 5826->5845 5846 bb4ae6 call bb8f68 5826->5846 5830 bb4a3a-bb4a43 5827->5830 5831 bb4a25-bb4a38 5827->5831 5834 bb4a52-bb4a5c 5830->5834 5835 bb4a45-bb4a48 5830->5835 5833 bb4a5d-bb4a98 5831->5833 5832 bb4aec-bb4b0b 5841 bb4a9a-bb4ab7 5833->5841 5842 bb4ab9-bb4aba 5833->5842 5834->5833 5835->5834 5841->5826 5842->5823 5845->5832 5846->5832 5847->5813 5848->5813 5849->5813
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 8bq$8bq
                        • API String ID: 0-1276831224
                        • Opcode ID: 4a4bf7ac8befc95819d6ccaa4d1fb53ceb86b45ee82c63c0ec0636a539589eab
                        • Instruction ID: cc20ddb0aa93aba2da9593ce33fe9edd7a813fc0f3876ae57c1625c43b7578b6
                        • Opcode Fuzzy Hash: 4a4bf7ac8befc95819d6ccaa4d1fb53ceb86b45ee82c63c0ec0636a539589eab
                        • Instruction Fuzzy Hash: 0561BF75D00218CFDB14DFA9C884AEEBBF2FF49301F248569E819AB261DB706946CF50
                        Function 00BBA0D8 Relevance: 2.6, Strings: 2, Instructions: 119COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5850 bba0d8-bba0fa 5851 bba0fc-bba100 5850->5851 5852 bba110-bba11b 5850->5852 5853 bba128-bba12f 5851->5853 5854 bba102-bba10e 5851->5854 5855 bba1bf-bba1eb 5852->5855 5856 bba121-bba123 5852->5856 5858 bba14f-bba161 call bb6728 5853->5858 5859 bba131-bba138 5853->5859 5854->5852 5854->5853 5864 bba1f2-bba236 5855->5864 5857 bba1b7-bba1bc 5856->5857 5866 bba169-bba171 5858->5866 5867 bba163-bba167 5858->5867 5859->5858 5862 bba13a-bba145 5859->5862 5863 bba14b-bba14d 5862->5863 5862->5864 5863->5857 5870 bba17f-bba181 5866->5870 5871 bba173-bba17a call bb6728 5866->5871 5867->5866 5869 bba183-bba1a1 call bb6df8 5867->5869 5879 bba1a3-bba1ae call bb8698 5869->5879 5880 bba1b5 5869->5880 5870->5857 5871->5870 5883 bba1b3 5879->5883 5880->5857 5883->5857
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq$Hbq
                        • API String ID: 0-4258043069
                        • Opcode ID: dbb121b4851f7213e9a016697159f93cbabb1c2ba023e562fdd57688278cd7e5
                        • Instruction ID: 991e0db680715b0dbecdb91290ecb6a80d524bb8613c54c1d4f0b1b524e8d0b0
                        • Opcode Fuzzy Hash: dbb121b4851f7213e9a016697159f93cbabb1c2ba023e562fdd57688278cd7e5
                        • Instruction Fuzzy Hash: CF419475B002549FDB519F28C845ABE7BE2FF8A300F558594E805AB391DBB9DC01C752
                        Function 077B2F6F Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: TJcq$Te^q
                        • API String ID: 0-918715239
                        • Opcode ID: 5e022d3daeea3d705995d71737c5ea4dc6c813bb63f05fa5f07beb83aa2a8abc
                        • Instruction ID: 756de6980d18afacad8b86a6265095d24b6b8f1e7535f3180b76dc4079750e9f
                        • Opcode Fuzzy Hash: 5e022d3daeea3d705995d71737c5ea4dc6c813bb63f05fa5f07beb83aa2a8abc
                        • Instruction Fuzzy Hash: 3F31D5307141118FC708BB79E498A2EBBF6FF89654B418869E449CB351DE389C1EC792
                        Function 077B2F88 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: TJcq$Te^q
                        • API String ID: 0-918715239
                        • Opcode ID: 2df95d1d8ab9c6b3d9d04f521dd922b392a01863bdbc400a91bc1db2f69e74f2
                        • Instruction ID: ca9cddba67e0503894e3367649d44a336a5a967b0b741a4b0342a686a347d24c
                        • Opcode Fuzzy Hash: 2df95d1d8ab9c6b3d9d04f521dd922b392a01863bdbc400a91bc1db2f69e74f2
                        • Instruction Fuzzy Hash: 4521A5307105158FCB04BBBDE498A2EB7E6EF88644B408869E449DB350DE389C09C396
                        Function 00BB8040 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o^q
                        • API String ID: 0-74704288
                        • Opcode ID: faaaf845eb5e8ed67bcfd40710923d60efa5f305ee439d55cd2061eb826299b6
                        • Instruction ID: ca7e662afbb0f38bcec9abacdf34e7a7115f4172d8165482ad86511926c9440c
                        • Opcode Fuzzy Hash: faaaf845eb5e8ed67bcfd40710923d60efa5f305ee439d55cd2061eb826299b6
                        • Instruction Fuzzy Hash: 51124970600509CFCB25CF68C984ABABBF6FF98341F158595E805DB2A2DB74ED81CB61
                        Function 06F5295C Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteFileW.KERNELBASE(00000000,?,?,?,037711EC,?,E206F5B9,06F5BBCC), ref: 06F5BD20
                        Memory Dump Source
                        • Source File: 00000000.00000002.2212058266.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6f50000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID: DeleteFile
                        • String ID:
                        • API String ID: 4033686569-0
                        • Opcode ID: c4dcb574a7777def7b287b05d46595eb3ae531d7cbdfa875bf9fc1b945056b79
                        • Instruction ID: 1173e1b7b6e88808ef6ecad12685d443063450b3121f947fe9e5ad95e49bb72c
                        • Opcode Fuzzy Hash: c4dcb574a7777def7b287b05d46595eb3ae531d7cbdfa875bf9fc1b945056b79
                        • Instruction Fuzzy Hash: EC2156B1C006599BCB20CF9AC545BAEFBF4FB48320F11812AD918B7341D738A944CFA4
                        Function 0792BE48 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 0792BEAD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214515604.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7920000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 77dbb207ddda2da6da155e62863eaf72af50197a6c22be0529b2b4ff743ea613
                        • Instruction ID: 144c6c4c34591ea764525f3c1ea24c3b4e74bf798428869ffc837c20fa3acc0e
                        • Opcode Fuzzy Hash: 77dbb207ddda2da6da155e62863eaf72af50197a6c22be0529b2b4ff743ea613
                        • Instruction Fuzzy Hash: 451103B68003599FCB10DF99C949BDEBBF8EB48324F10891AD529A7690D374A544CFA1
                        Function 0792BE50 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 0792BEAD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214515604.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7920000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: cf50991663f90d53a89f8be7024518c36e226790e8a4167d3015ae30f5017f92
                        • Instruction ID: dcf688e802092da3ede37515300a21738de1dbd5dd601d9d0e0fbc4f006f5444
                        • Opcode Fuzzy Hash: cf50991663f90d53a89f8be7024518c36e226790e8a4167d3015ae30f5017f92
                        • Instruction Fuzzy Hash: 4A1100B58003499FCB10DF9AC889BDEBBF8EB48324F10841AE518A3200D375A944CFA1
                        Function 077BC936 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: LR^q
                        • API String ID: 0-2625958711
                        • Opcode ID: 89c10b2eca4c27d5b0e8850de24c40f9744539041daa1c7ced94c4d4956830af
                        • Instruction ID: b1a96af91f8e807b915db9c4316e3214193126aaf43da7edcb1522cfa76f654a
                        • Opcode Fuzzy Hash: 89c10b2eca4c27d5b0e8850de24c40f9744539041daa1c7ced94c4d4956830af
                        • Instruction Fuzzy Hash: 69712630A193918FC707AB78D89966D7FB1EF47544F4584AAD4C4DB292DA384D0EC3A3
                        Function 00BBA720 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: e56d1f8a752cefe8dd530b27ff0fcae22704169bcc57a3cefe988f1fe3e163f9
                        • Instruction ID: d93de60d745b20fc164256ff5a65094356eb73c9258b54bed4ad12773103042c
                        • Opcode Fuzzy Hash: e56d1f8a752cefe8dd530b27ff0fcae22704169bcc57a3cefe988f1fe3e163f9
                        • Instruction Fuzzy Hash: 5B619D31B041018FCB14DF39DC94ABA7BE9EF8970071584A9E856CB361EBB1DC02CB62
                        Function 077BC9A4 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: LR^q
                        • API String ID: 0-2625958711
                        • Opcode ID: 83215d43405a8b4a512545408b5e23321552894489a3083a8a2e824ac4767074
                        • Instruction ID: 37f2e962774605cef39575bd2eecf36fc05e9c5e359c19faba7f2de07af28751
                        • Opcode Fuzzy Hash: 83215d43405a8b4a512545408b5e23321552894489a3083a8a2e824ac4767074
                        • Instruction Fuzzy Hash: AE511670B152158BCB05BBB9E4996AEBBB5EF85604F40886AD085D7391DE384D0AC3A3
                        Function 077BE3E0 Relevance: 1.4, Instructions: 1425COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c1b9cc662e5a64455619a9f4949d5ed1f940c0bef9aae863e680ade1513f5171
                        • Instruction ID: e16967c92c6eeb8c54890b374cd72474762a50b5a8962d7ac8b30d9efb47b05a
                        • Opcode Fuzzy Hash: c1b9cc662e5a64455619a9f4949d5ed1f940c0bef9aae863e680ade1513f5171
                        • Instruction Fuzzy Hash: 31C26F70E102248BCB44BF79D89576DB7B1BF89704F8088A9D48CA7354DE389D9ACF52
                        Function 077BC9E7 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: LR^q
                        • API String ID: 0-2625958711
                        • Opcode ID: 6ae1092782d8dc9f0b50ddccca99887577ea8bc7626784da27753032b81df271
                        • Instruction ID: 997877a27e3828813ae9a812d85ee3190a4b635a9f619ed960adda9f731f6197
                        • Opcode Fuzzy Hash: 6ae1092782d8dc9f0b50ddccca99887577ea8bc7626784da27753032b81df271
                        • Instruction Fuzzy Hash: CA51D530B142158BCB05BFB9E49966EBBB5EF85604F40886DE089E7351DE384D09C3A3
                        Function 05CD4AC8 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq
                        • API String ID: 0-1245868
                        • Opcode ID: cad0d2cda34c9ff3f9558445eca87e306033c21234d6aa2584c1159fd4bdc1b8
                        • Instruction ID: b40d43ab80098b1c41a9cd8d74fa8c67c35dd9fb1f76858525b95cde8a6b94ec
                        • Opcode Fuzzy Hash: cad0d2cda34c9ff3f9558445eca87e306033c21234d6aa2584c1159fd4bdc1b8
                        • Instruction Fuzzy Hash: BF4127327005149BCB096B79A89867FB697EBC5251F548835EA09CB385DF79CC4283E1
                        Function 077BCA10 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: LR^q
                        • API String ID: 0-2625958711
                        • Opcode ID: d991c9b8a89de4dd550422f08d468e0689c1b3c059c48c9947b5af08cb07a0ff
                        • Instruction ID: 09f9e3485c31a966037a978bb8675fbe8319471d4e638f355d16a9bc76a207a9
                        • Opcode Fuzzy Hash: d991c9b8a89de4dd550422f08d468e0689c1b3c059c48c9947b5af08cb07a0ff
                        • Instruction Fuzzy Hash: 8441B830B102158BCB08BFB9E49962EBBF5EF88644F40882DD54997340DE385D59C7E3
                        Function 05CDF75F Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q
                        • API String ID: 0-2549759414
                        • Opcode ID: e18246494cdc10c4374fc20273a606ee3dbae36905bb820e81063d9e62739def
                        • Instruction ID: 6d6419c3902d4b913d07d000588cbc16656f2646960bf47114becbfe7153c6ff
                        • Opcode Fuzzy Hash: e18246494cdc10c4374fc20273a606ee3dbae36905bb820e81063d9e62739def
                        • Instruction Fuzzy Hash: 1D514931B002058FDB14DF25C988BA9B7F2FF49715F1589A9E50ADB261DB30ED81CBA0
                        Function 05CDC990 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q
                        • API String ID: 0-2549759414
                        • Opcode ID: 2f8ae30b4a62eb6dbf9373b4067f701678ae62231e68181b086a19fc2d993281
                        • Instruction ID: bb9ff9725ff02616787372ce3331adfeff9132a09bd83c6805009b59e6221f59
                        • Opcode Fuzzy Hash: 2f8ae30b4a62eb6dbf9373b4067f701678ae62231e68181b086a19fc2d993281
                        • Instruction Fuzzy Hash: A6510975A10204CFCB14DF68C598A69BBF2BF4D715B1549A8E50AEB3A1DB30EC41CF60
                        Function 00BB52A7 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 8bq
                        • API String ID: 0-187764589
                        • Opcode ID: 8ba3ba0adca90cae069b008981d9fde9871551c66e66cb5edbdb2ec9d8d6f416
                        • Instruction ID: e5e6c93a1d544b47e8946812d287638bbbd9ecfc74f4f2401deaa6302e7b5024
                        • Opcode Fuzzy Hash: 8ba3ba0adca90cae069b008981d9fde9871551c66e66cb5edbdb2ec9d8d6f416
                        • Instruction Fuzzy Hash: DB51A1B4E01208DFCB14DFA9D584AEDBBF6FF49300F204169E419AB261DB706945CF51
                        Function 077B3E6B Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: D
                        • API String ID: 0-2746444292
                        • Opcode ID: 33d80470a25bd2c2b33c10aeba9d7aa1668b9e9ad9f7d590b6026de20ad7143a
                        • Instruction ID: e44c628e29df40922d9fd3c540310ff385a99611410a1fdc5b6e6992f9960bab
                        • Opcode Fuzzy Hash: 33d80470a25bd2c2b33c10aeba9d7aa1668b9e9ad9f7d590b6026de20ad7143a
                        • Instruction Fuzzy Hash: 6631769150E3C26FC71387B49CA46997FB0AF43124B1A02EBC4D5CB6E3E618094AC7A3
                        Function 00BBA520 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: cf5972be40f8c622af7aa9bb0207ea256ae59e91679a9e5146cba5386539fb0f
                        • Instruction ID: 625fb784b4a0cc82a318a528ba8eeba988b57d70f8552dd0a0356b629cdd8597
                        • Opcode Fuzzy Hash: cf5972be40f8c622af7aa9bb0207ea256ae59e91679a9e5146cba5386539fb0f
                        • Instruction Fuzzy Hash: 024135B5A00205CFCB149F69D888ABE7BF5FB88311F1040A9E9168B3A1CB71DD40CB92
                        Function 05CDF934 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 14d032035bbac2aece50170ab058cfc28a59f997f45e0e6571274e847e1d829e
                        • Instruction ID: e55b5fa6c6dbd35caa7762b0ca2314a4ef245f02b3ac06b0e63ff31d5f67c22e
                        • Opcode Fuzzy Hash: 14d032035bbac2aece50170ab058cfc28a59f997f45e0e6571274e847e1d829e
                        • Instruction Fuzzy Hash: D4418D303006108FC764DB38C848B6A77E2BF84725F54896DE25FCB2A1DE74E98ACB50
                        Function 077B1020 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: ff0daca18d624b16a1e28c66e8e05b83db909b14e854fd438414c0352a1ab1fa
                        • Instruction ID: 14923ff53f848213608b62a341de85b4984c1d1fc23d5911ce3696c8f6d43d46
                        • Opcode Fuzzy Hash: ff0daca18d624b16a1e28c66e8e05b83db909b14e854fd438414c0352a1ab1fa
                        • Instruction Fuzzy Hash: CA31EE72E006098FCB11DFB9D8506EEBBB4EF89310B11856AE509F7211EB309946CBA0
                        Function 00BBF2C8 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq
                        • API String ID: 0-1245868
                        • Opcode ID: cf800c7a0d7de18525d70ab8530c700fd6e70170db4725ee73f6c8a87ca6af53
                        • Instruction ID: 41717daf7b5f6c9cabf78a8312215ab22fb724be911553879def1c29ac62bc58
                        • Opcode Fuzzy Hash: cf800c7a0d7de18525d70ab8530c700fd6e70170db4725ee73f6c8a87ca6af53
                        • Instruction Fuzzy Hash: 8E31D1343002159FCB15DF29D854ABE3BE2EFC9341B5580A8F84ADB291CB79CD02CB55
                        Function 00BB8F78 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te^q
                        • API String ID: 0-671973202
                        • Opcode ID: 1211e5ec5e84f5f1b531a0728b2260b3238c581eacaa324eb18e5e02bffd8adc
                        • Instruction ID: 05ab67bfdef9ee1badc77940380fe93e5e492a939e982fd35cb618539bea4512
                        • Opcode Fuzzy Hash: 1211e5ec5e84f5f1b531a0728b2260b3238c581eacaa324eb18e5e02bffd8adc
                        • Instruction Fuzzy Hash: 7931D074E112189FDB14DFA9D884BEDBBF2FF88311F14842AE505B72A0DBB45841DB54
                        Function 077B18D6 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: f5261ec8035f9f9a03de2fff44064c7e94695ce14f8bb6484d5a4f0bd87fee3b
                        • Instruction ID: c6fee995569e6bea04a117eabfb7e3d40b1f13a4aa05a630d8ee8d44b02c4599
                        • Opcode Fuzzy Hash: f5261ec8035f9f9a03de2fff44064c7e94695ce14f8bb6484d5a4f0bd87fee3b
                        • Instruction Fuzzy Hash: 5A112CA09143984FCB169B7498657EE3FB19F86720FA4459AD002AB2C2CE2C0D46CB62
                        Function 077B3F89 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 43_q
                        • API String ID: 0-1644292882
                        • Opcode ID: b93d4df0f152276b4f10fe948e10895916a8f74258c03425de0c8e53ef17fdc5
                        • Instruction ID: 0f38bc33e641d57bc727385ca661214891aa7c9a4b235ef95c429880a62570d1
                        • Opcode Fuzzy Hash: b93d4df0f152276b4f10fe948e10895916a8f74258c03425de0c8e53ef17fdc5
                        • Instruction Fuzzy Hash: E9E02B353053541BE30A6B727C146BF3FABDBC2651B05C4AEF989CB281CD284C0283A0
                        Function 077B3F98 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 43_q
                        • API String ID: 0-1644292882
                        • Opcode ID: c88a9691b824ca293e8ebb26b4123a10ffb5ce4b6b43f22dd904970cd74d9a34
                        • Instruction ID: 371059ec64dca7fd3d5a8be81119a46096f55ff649057cfb831f653c7182dab6
                        • Opcode Fuzzy Hash: c88a9691b824ca293e8ebb26b4123a10ffb5ce4b6b43f22dd904970cd74d9a34
                        • Instruction Fuzzy Hash: AAE0863570021857D70C6A77B81866E36DBE7C4651B05C879F90AC7340CD759C014394
                        Function 05CD1BA8 Relevance: .8, Instructions: 781COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 280ad6a5ca3ce78425ca71e710c089a3692d5f0a6d72b311a1c3a872004200b0
                        • Instruction ID: ce75a94997912008a0f4dd5a4e2aa816c70797bf1d571e8e05667656bf7067ef
                        • Opcode Fuzzy Hash: 280ad6a5ca3ce78425ca71e710c089a3692d5f0a6d72b311a1c3a872004200b0
                        • Instruction Fuzzy Hash: 7E6221B5F10B814ADF749F78D4483ADFAE1FB56310F104D2EC2AACA680DB359582DB61
                        Function 077BC20F Relevance: .5, Instructions: 531COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b00285b094549989ff67acbfe4779f80d58655d9600a213627cd84a0e89758ad
                        • Instruction ID: cf018f77ccdf55053e5d197a4ceebe5a508d78bdc7cd1b2faa52141a91980cfe
                        • Opcode Fuzzy Hash: b00285b094549989ff67acbfe4779f80d58655d9600a213627cd84a0e89758ad
                        • Instruction Fuzzy Hash: D812F670B153118FD706FFB8D99466DBBF1BF49604F4088AAD089E7351EA389C0AC762
                        Function 077BDD68 Relevance: .5, Instructions: 457COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 393b15b9172b059f05c240ef0df4d4db3d9fdacb621659e27601898dfb6d2075
                        • Instruction ID: 0db303e8f61b80fb2b430ea77aed3af20e6fa52710726d1afd93df40af6d133f
                        • Opcode Fuzzy Hash: 393b15b9172b059f05c240ef0df4d4db3d9fdacb621659e27601898dfb6d2075
                        • Instruction Fuzzy Hash: 5AF19470B10215CBDB04FFB9D4996ACBBF2BF88644F858829E445A7350DE389C5AC792
                        Function 077BC2E1 Relevance: .5, Instructions: 455COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1b4cf4a47e08530e0cdf9b0555d0a0ee8d6896b87ae0433168920f960b184e5b
                        • Instruction ID: ca3a7ccd5a18d4c23163ae146845f324b21e6763762cce70866f92b043a4af81
                        • Opcode Fuzzy Hash: 1b4cf4a47e08530e0cdf9b0555d0a0ee8d6896b87ae0433168920f960b184e5b
                        • Instruction Fuzzy Hash: 7BF1A270B11615CFDB05FFB9D59966DB7F1BF48604F808829E449E7350EA38AC06CBA2
                        Function 05CD1BE8 Relevance: .5, Instructions: 453COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 947c691321346e2145d8a2d15e355146b64a5d283e806cd511d7854d078386de
                        • Instruction ID: a163100759b9e7986fc228d60f5eb54610952dd36b3d62ec89b02ad1ca668e0b
                        • Opcode Fuzzy Hash: 947c691321346e2145d8a2d15e355146b64a5d283e806cd511d7854d078386de
                        • Instruction Fuzzy Hash: 2E125BF8A11BC28ADF789B68848839EE6D0FB15300F204D1BC3FAC9655C7369187EB55
                        Function 077BDC65 Relevance: .4, Instructions: 449COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6c7c97a13d50ef524da35b8479d895780f58e652471a7a60c274c8a6550d432
                        • Instruction ID: 4edf2aece283664336126205af9cf1c75b5970aa599086715815ff408d5e1107
                        • Opcode Fuzzy Hash: d6c7c97a13d50ef524da35b8479d895780f58e652471a7a60c274c8a6550d432
                        • Instruction Fuzzy Hash: DBF12870B183918FDB12EBB4D8987ACBFB1EF46244F4944AAD485D7392DA784C0AC753
                        Function 077BC2F0 Relevance: .4, Instructions: 449COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9880a1974b27ec80c07d257376f14379933448a95b85149aae500af0094d89e2
                        • Instruction ID: 2b798454cec0d25124dcc55d06f1d7dc55ac436d9c89f1e2d177e25309ecbae0
                        • Opcode Fuzzy Hash: 9880a1974b27ec80c07d257376f14379933448a95b85149aae500af0094d89e2
                        • Instruction Fuzzy Hash: 89F1A270F11615CBDB04FFB9D59966DB7F1BF48604F808829E449E7350EA38AC06CBA2
                        Function 077BD680 Relevance: .4, Instructions: 438COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff427d5639143e385af167fb0a817aa7a4bae0663753de23e9028637607feac0
                        • Instruction ID: 296fb098d519d7942f007885b463a05b5e17ef9e15e4f86819256a362766c8a6
                        • Opcode Fuzzy Hash: ff427d5639143e385af167fb0a817aa7a4bae0663753de23e9028637607feac0
                        • Instruction Fuzzy Hash: 8BE19470B106158BC704FFB9D49966DBBB2BF88654F848828D489E7344EE389C59C7A3
                        Function 05CDA113 Relevance: .4, Instructions: 410COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9d63d42d757ff8cc5954d9341ad138bc44b18e7b40007c4277fd2c9cb435b30
                        • Instruction ID: dbbea1be6b3680df140641f8f0cc44c9889e3ddd01a602b26b1b301efe6b7fc0
                        • Opcode Fuzzy Hash: d9d63d42d757ff8cc5954d9341ad138bc44b18e7b40007c4277fd2c9cb435b30
                        • Instruction Fuzzy Hash: E3020734600204DFCB44DB68D898AADBBF2FF89311F5585A8E50ADB362DB34ED85CB50
                        Function 077B1D39 Relevance: .4, Instructions: 398COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13d45321cb22cced9175759dfcf2159beb421be5dba220b0f3223ebb10348497
                        • Instruction ID: 7296c99fc07edc9242eda6c55820160a6bb84c939c79562972a081e35d265f9d
                        • Opcode Fuzzy Hash: 13d45321cb22cced9175759dfcf2159beb421be5dba220b0f3223ebb10348497
                        • Instruction Fuzzy Hash: C5D13930B102148FCB45FFB8D8996ADBBB2FF89644F814969D048E7351DE389C19C7A2
                        Function 077BBD20 Relevance: .4, Instructions: 366COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 276be3bd8fa80a08984617675546c95e5fa49c8ec05965e1181a839d3d0075af
                        • Instruction ID: 948fa9b566becf444faa3f456565a14f405731b622e060b7bec0f1f96a6ac930
                        • Opcode Fuzzy Hash: 276be3bd8fa80a08984617675546c95e5fa49c8ec05965e1181a839d3d0075af
                        • Instruction Fuzzy Hash: 8CC1E571B10611CBCB05BFB8E48966DBBF1FF88644F818968D488D7354DE389C59C7A2
                        Function 077BCFBC Relevance: .3, Instructions: 305COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cad42c4f9007fe75a903e05fc0c9e559bef10aa551b40c0f17fb45d44f52da63
                        • Instruction ID: 40e414ec621811a19ee1fe140da76daafa0ac09bec44f4d89b06ead24571e0ae
                        • Opcode Fuzzy Hash: cad42c4f9007fe75a903e05fc0c9e559bef10aa551b40c0f17fb45d44f52da63
                        • Instruction Fuzzy Hash: 97A1B571B10614CFCB04BF79D49966DBBB2FF88644F818869E449E7350DE389C19C7A2
                        Function 077BBCD7 Relevance: .3, Instructions: 299COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e75d8fa07038bdd9a85b0821c7ea20f605033de7940674c713be26443ac967bb
                        • Instruction ID: edb6d1e7a230f81f423f2b344a635d387ede287d7e1623c397eb7db2358057be
                        • Opcode Fuzzy Hash: e75d8fa07038bdd9a85b0821c7ea20f605033de7940674c713be26443ac967bb
                        • Instruction Fuzzy Hash: 29A1F171B106118FCB05BFB8E48926DBBB1FF88644F8588A9D485D7354DE389C4AC7A2
                        Function 077BBD10 Relevance: .3, Instructions: 276COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1935e47f85c8bd490ec24a1ca3e008ed1c7258f79829c84bda459843e7b43a12
                        • Instruction ID: 9521e74197641dd7a8917140fea0f0a8b9c65a2103ebb241f4192b673a4d616b
                        • Opcode Fuzzy Hash: 1935e47f85c8bd490ec24a1ca3e008ed1c7258f79829c84bda459843e7b43a12
                        • Instruction Fuzzy Hash: 8D91E271B10625CBCB05BFB8E48966DBBF2FF88604F418968D445D7354DE389C49C7A2
                        Function 077BD000 Relevance: .3, Instructions: 269COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 74d80cba798a62d644e4d378ed8d1f806da7c47c14ae02d6dfc38941fdacd0b4
                        • Instruction ID: 2e0807b1ec759967fc14b932f8355b9780ec65968ded0bab03654a110f3ad9bb
                        • Opcode Fuzzy Hash: 74d80cba798a62d644e4d378ed8d1f806da7c47c14ae02d6dfc38941fdacd0b4
                        • Instruction Fuzzy Hash: 5B917270B10615CBCB04FFB9D49966DB7B2FF88644F818868E449E7354EE389819C7A2
                        Function 00BBCA19 Relevance: .3, Instructions: 261COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ec8883a54f5a2b36d78206b17c97e8c7f30e6aea9bf4d97ef0d94a95c519229
                        • Instruction ID: 7b0109f568335865c7919e629832c8e45ab280e5783444d02560a1e0a69a9105
                        • Opcode Fuzzy Hash: 6ec8883a54f5a2b36d78206b17c97e8c7f30e6aea9bf4d97ef0d94a95c519229
                        • Instruction Fuzzy Hash: E5D18C78E002189FDB54DFA8D984B9DBBF2BB49300F1081AAE909AB351DB356D85DF50
                        Function 00BBCA28 Relevance: .3, Instructions: 259COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2ba41e5c1a324cf0af54916d69be2d839b4d1bf5110f72130b7a0af3af533593
                        • Instruction ID: 1561853526695347c692c79e92b873612df907489a8493bebde74c01c3c3dd65
                        • Opcode Fuzzy Hash: 2ba41e5c1a324cf0af54916d69be2d839b4d1bf5110f72130b7a0af3af533593
                        • Instruction Fuzzy Hash: 2DD18E78E00218DFDB54DFA8D984B9DBBF2BB48300F1081AAE909AB351DB756D85DF50
                        Function 05CDC364 Relevance: .2, Instructions: 183COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3eef97548c981236108f738b0e4fd48cc3096620340c90d208ab3d158203293f
                        • Instruction ID: f797449b684980fc41b7b2afc7f0dc124182521c6a244c50177874e551475aec
                        • Opcode Fuzzy Hash: 3eef97548c981236108f738b0e4fd48cc3096620340c90d208ab3d158203293f
                        • Instruction Fuzzy Hash: 7E710570240614CFCB54DB28C888E6ABBF6FF85315F1589A9E54ACF261DB31EC46CB60
                        Function 077B112A Relevance: .1, Instructions: 149COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a78ec35058b448ef4fa267bbf564df14a75e6f3311604cf6b688686b68a2bc4
                        • Instruction ID: 9694b8051f9a4a2f1f3cc71785c6a3921dc028756dfbddc2321538557ab547bb
                        • Opcode Fuzzy Hash: 6a78ec35058b448ef4fa267bbf564df14a75e6f3311604cf6b688686b68a2bc4
                        • Instruction Fuzzy Hash: E151CCB1E0020D9FCF20DFA9D8557EEBBB4FF89311F50896AD115A3251D738A905CB61
                        Function 00BBE530 Relevance: .1, Instructions: 140COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9d9dc7e2d9e25ccaa01f903bb3751028c12f9a833cf302f8f0697485a9ae1d1
                        • Instruction ID: b2ead0f564df1d5c606099bc101a28f9e7cd1682ed9a597ab6a6ed223dc7b7af
                        • Opcode Fuzzy Hash: d9d9dc7e2d9e25ccaa01f903bb3751028c12f9a833cf302f8f0697485a9ae1d1
                        • Instruction Fuzzy Hash: 8051A2B4E0021CDFDB04DFA9C884AEDBBF2BF88301F248569E419AB264DB745945DF50
                        Function 05CD3E64 Relevance: .1, Instructions: 132COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8f7e8d948da2d360fae5bd04628b4fb27c3468fcb9f3c46ec2b58053d5b279bd
                        • Instruction ID: dc1acd01c803703412ef536fcc9eaeb5a721e7c7096806a44998c3f672f80133
                        • Opcode Fuzzy Hash: 8f7e8d948da2d360fae5bd04628b4fb27c3468fcb9f3c46ec2b58053d5b279bd
                        • Instruction Fuzzy Hash: D2418CB19042098FCF04DFA9D8846AFFBF5FF49310F14886AEA15E7241E7789905CBA1
                        Function 00BBE52F Relevance: .1, Instructions: 129COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7d6f4b23dcf0febe0185349fb8a52bbf5598cfcecd17e9e1cfde4845da3e4425
                        • Instruction ID: 8c36e9a03f362506e4d39ab6061c3d364f6f5a6a07b13583e64c33abb662e8ae
                        • Opcode Fuzzy Hash: 7d6f4b23dcf0febe0185349fb8a52bbf5598cfcecd17e9e1cfde4845da3e4425
                        • Instruction Fuzzy Hash: B451A070D00218DFDB04DFA9D884BEDBBF2BF88301F208569E419AB264DB745A45DB90
                        Function 05CDB451 Relevance: .1, Instructions: 121COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea71246eeab00c44a432d0a9a8358ac88dd17c5431c30d6388ac111d379da472
                        • Instruction ID: 4e1edec41d9d289fd4192b2c287773f2cb7c0c38214c7181934afb8229def1a6
                        • Opcode Fuzzy Hash: ea71246eeab00c44a432d0a9a8358ac88dd17c5431c30d6388ac111d379da472
                        • Instruction Fuzzy Hash: 484171703006019FDB25DF24C888B7AF3B2BF85355F158A69E246CB2A0DB75AD46DB60
                        Function 05CDB460 Relevance: .1, Instructions: 117COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 26a3a4f030b923b578d9db0b897a137ecb3004759e5eba8ed8d041e766a43d72
                        • Instruction ID: 7aa3e49c8a155afae1e209667f35b5e59bde1a205f0d7d74ad6ea5c807ed83ee
                        • Opcode Fuzzy Hash: 26a3a4f030b923b578d9db0b897a137ecb3004759e5eba8ed8d041e766a43d72
                        • Instruction Fuzzy Hash: 044141703006019FDB24DB25C888B7AF3A7BF84755F158969E20ACB2A0DF75ED46DB60
                        Function 05CD8EC0 Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1eecf07023f7dfc460db9b007b5b1060441d14521b26580d0def4317bdc7c9e7
                        • Instruction ID: e94f8171d60f58d39215b2ce53eebcda3bca4b29d1d32c831cdd12f78283e8ff
                        • Opcode Fuzzy Hash: 1eecf07023f7dfc460db9b007b5b1060441d14521b26580d0def4317bdc7c9e7
                        • Instruction Fuzzy Hash: 96419170B047548FCB69DB78C41866EFBE3EF85210B1489ADD25ECB692CB35E902CB51
                        Function 00BB47B8 Relevance: .1, Instructions: 108COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 964f87c5f0491f3e6b0cb1153d3c052e874c56ac43e1bc92936a876df38e37ee
                        • Instruction ID: 37a3a2b4054358f5306dc23c930917da01f21d587712c87c58ef2d50bb627f5b
                        • Opcode Fuzzy Hash: 964f87c5f0491f3e6b0cb1153d3c052e874c56ac43e1bc92936a876df38e37ee
                        • Instruction Fuzzy Hash: 4A410274E012188FDB04DFA9D9547EEBBF2BB89311F10C129E804B7355EBB85946CBA0
                        Function 05CDDBB9 Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4512b1cdeb55dff211695fd2117f77f3619f63e35867f0369994b867eb7107c4
                        • Instruction ID: 3fce15c7bf20758d54563609f4d692b12cbf77f2c6a88dd3ad81017e789dc3f7
                        • Opcode Fuzzy Hash: 4512b1cdeb55dff211695fd2117f77f3619f63e35867f0369994b867eb7107c4
                        • Instruction Fuzzy Hash: 6A319EB0B00A158FCB15AF38D45862EB7E6FF88610B144929E10AC7791DF78DD06CB91
                        Function 05CDDBC8 Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c8ffb8df97eacff85b6146fcd3105421afeff45a4e4384621213e7f002c1e80c
                        • Instruction ID: 2ca9cb1086fb414c2fc161d675505e283cd6c144135067512830cc4c7b3cc75a
                        • Opcode Fuzzy Hash: c8ffb8df97eacff85b6146fcd3105421afeff45a4e4384621213e7f002c1e80c
                        • Instruction Fuzzy Hash: 46317C70B00A148FCB15AB38D45862EB7E6FF88610B104A29E10AC7391DF74DD06CB91
                        Function 05CDB164 Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e1cac040252204b0aca5299698bdf2b2ed4a98c167ad7118920ce7ab0c0bc75
                        • Instruction ID: a93197f912545851aef9ce232b1bd7be57358b39f8be0333017ae6c7fe4223ce
                        • Opcode Fuzzy Hash: 6e1cac040252204b0aca5299698bdf2b2ed4a98c167ad7118920ce7ab0c0bc75
                        • Instruction Fuzzy Hash: A531E934310610CFDB54DB29C884F69B3F6BF84614F168869E54ACB361DB30ED42DB60
                        Function 00BB8698 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 93784c4388d0495fbfc4a4f42800c2453730fd2a79acf7805df7ca24dbab7067
                        • Instruction ID: d1e2ca1e3bc8e3a38f02acfd1c351941dfc2c1cc5eb7d9d01cbf12d64d763c74
                        • Opcode Fuzzy Hash: 93784c4388d0495fbfc4a4f42800c2453730fd2a79acf7805df7ca24dbab7067
                        • Instruction Fuzzy Hash: B831C0397002049FCB149F28D854BAE7BF6EB89701F2440A9E506DB391DE799C01CBA0
                        Function 077B195A Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5b283824e6329f8a24a10cd1c8e4d16ec7acd5fa6aa183b25a4d421a80b90792
                        • Instruction ID: 32f1644d2ddbf9474f88b89c6b836a272e901bd3ccfeb0ba48a0b190ae97e7c0
                        • Opcode Fuzzy Hash: 5b283824e6329f8a24a10cd1c8e4d16ec7acd5fa6aa183b25a4d421a80b90792
                        • Instruction Fuzzy Hash: 683142B5D00258DFCB24DFA9C899BDEBBF5EF49310F20886AE508AB240C7706845CF61
                        Function 00BB9220 Relevance: .1, Instructions: 96COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e0f27ac32704119bb4a40cb65535a64839ddaaa08a9277d9349a85c717465ed
                        • Instruction ID: a145caa5eee637c6f0ffb27a04c1e37ffdce4e3f1068abcbac18e98feda95146
                        • Opcode Fuzzy Hash: 7e0f27ac32704119bb4a40cb65535a64839ddaaa08a9277d9349a85c717465ed
                        • Instruction Fuzzy Hash: 4441EDB5C05209DFDB04DFAAE4483EDBBF1FB48305F1084AAE515B2290D7B84A84CF90
                        Function 00BB54F8 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61a18c40c47a49cea41267b7cf42958788c17568434a633a7f0b25014c4b2e12
                        • Instruction ID: 818509e85f0f00bf72479dd11a32c1293105dfd253582b5fa3240ea0a1f679b3
                        • Opcode Fuzzy Hash: 61a18c40c47a49cea41267b7cf42958788c17568434a633a7f0b25014c4b2e12
                        • Instruction Fuzzy Hash: 4B317A743006099FDF15AF64D4487BE7BA2EB88306F008018F90A97354CBB9DD11DB62
                        Function 05CDC6E1 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb34afc7e37c3b225fd4ef868f5805bbef212773e39e1e0e36f8fe0121a4e9af
                        • Instruction ID: eacfb8a049aced3237a6ad2d6f48753f7ac9f13bfabe5033995ca4d507a0dd06
                        • Opcode Fuzzy Hash: eb34afc7e37c3b225fd4ef868f5805bbef212773e39e1e0e36f8fe0121a4e9af
                        • Instruction Fuzzy Hash: 38310534700610CFD754DA29C884F6AB3F6BF88615F1688A9E54ACB361DB30ED42CB60
                        Function 077B176F Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 23a257520616fa4ffa8b784372b1d51204c5513f8b32559bd9964faf075fadd7
                        • Instruction ID: 8e3ce3185579fd3e2bf99df3deddb76d624fb8f5aaf3be51c0ad287b9f827cd0
                        • Opcode Fuzzy Hash: 23a257520616fa4ffa8b784372b1d51204c5513f8b32559bd9964faf075fadd7
                        • Instruction Fuzzy Hash: 2D417B7091070ADFCB15DFA8C8946DDBBB1FF89310F14C669E8496B261EB70A981CB91
                        Function 05CDE570 Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec4bf8b9603bef1d84c59ba1cd83d4265dd605683d7fd080139bd06f8c902569
                        • Instruction ID: 4700e31a0aeb9fb8897d46b9fee72c71535c5a06ea1c6893c83f5501f6521a3e
                        • Opcode Fuzzy Hash: ec4bf8b9603bef1d84c59ba1cd83d4265dd605683d7fd080139bd06f8c902569
                        • Instruction Fuzzy Hash: 1341F474200614CFCB54DF28C888E99BBF6FF89315F1189A9E54ACB276DA70ED45CB60
                        Function 00BBA950 Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d57d4a52c2e0c554408abe4e96db3348df37a5abff46dd2d4a2e2f4b0e6c832
                        • Instruction ID: 3f03118376ebbe37548b02c4ed0f66dc07d9e8209ad636d4f5354f8ec96ef9de
                        • Opcode Fuzzy Hash: 2d57d4a52c2e0c554408abe4e96db3348df37a5abff46dd2d4a2e2f4b0e6c832
                        • Instruction Fuzzy Hash: B921F230B002045BDB141B35C5947BE76DAEFC9719F1480B9E546CB391EEB9CC82E7A2
                        Function 00BB9F40 Relevance: .1, Instructions: 85COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 19ba3de1cc3d3e3c57011f1436101560cd117c6d956c282d94cce3d255f04597
                        • Instruction ID: b9ffd6eb5e09db87c9957f8e377d0da062c3b6e7f75332baddcaa46ad080f83b
                        • Opcode Fuzzy Hash: 19ba3de1cc3d3e3c57011f1436101560cd117c6d956c282d94cce3d255f04597
                        • Instruction Fuzzy Hash: 7F317C31600209AFCF05AF54D854AFE7BE6EF89311F108054FA0AC7260CBB9DD61DB91
                        Function 00BB9380 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: be07a34c162c803c31d3e14495fcac4c7b755a6bb4136132fdb3c99211e92f6f
                        • Instruction ID: e136e778d64e984587f58ed4bb54298ed9103a1eccd4174cdb74fea89d451837
                        • Opcode Fuzzy Hash: be07a34c162c803c31d3e14495fcac4c7b755a6bb4136132fdb3c99211e92f6f
                        • Instruction Fuzzy Hash: 1B31D1B4D012189FDB04CFAAD9846EDBBF2BF88310F14D065E508A7350DB789986CB64
                        Function 05CDF1E0 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 43e47f6d263ed592af8cd672c39a7a7eca6ceca964244cb0f1f155fbe56d0bf9
                        • Instruction ID: 8c2d35b33ee2791830c6c96c8d9254d01c00b6287a0bd6b8733f923b36870af3
                        • Opcode Fuzzy Hash: 43e47f6d263ed592af8cd672c39a7a7eca6ceca964244cb0f1f155fbe56d0bf9
                        • Instruction Fuzzy Hash: D8314D302006048FC764DB28D448B66B7E6FF84725F55896DE65FCB2A1DF74E886CB50
                        Function 05CDCFD8 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0871ecdf413eb9a0b00befd44af5c5861ec1a8b646e49faccffa21209cdfbcd0
                        • Instruction ID: 33f33335aab7fa55b86834f2a5f2445493295c60d220f769e25d9f5bd9606433
                        • Opcode Fuzzy Hash: 0871ecdf413eb9a0b00befd44af5c5861ec1a8b646e49faccffa21209cdfbcd0
                        • Instruction Fuzzy Hash: 3D21A470B041048B8B196679946D63EB6E7EFC46913494829DA07CB384DF79ED43CBF2
                        Function 00BBA94F Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c065d625fc3f4a088377326f0a9e1742e34a0137143f704002b76cf74a793f74
                        • Instruction ID: 9a9c076d1b8e8eac59a67e9db60d559b0d875c6f24784beb076b42ae391820a2
                        • Opcode Fuzzy Hash: c065d625fc3f4a088377326f0a9e1742e34a0137143f704002b76cf74a793f74
                        • Instruction Fuzzy Hash: F1215730B002045BDB141B35C5947BD7ADAEFC9719B1440BAE506CB391EEB9CC42E7A3
                        Function 05CD4AB7 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96f331953df0f535a0575d16e42e81f527be8052618e1effd4995e355b743c44
                        • Instruction ID: 3620db4aeb259e51f572066f690adc378221f39977dc8c3f43e715f7124d7974
                        • Opcode Fuzzy Hash: 96f331953df0f535a0575d16e42e81f527be8052618e1effd4995e355b743c44
                        • Instruction Fuzzy Hash: 52210532200914ABCB055F59E8C8A7AF7ABEB84211F408425E605D7281DBB9CD5187B1
                        Function 05CDCC95 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 998040f79358cef584edd2f298cfdd51f5743a2f77f3a2a5f887dee87a3cc12d
                        • Instruction ID: a5952ad6e56953d55375d6f21b40cb4a98a4fe4d94f507d8b1be45edaed2e7e7
                        • Opcode Fuzzy Hash: 998040f79358cef584edd2f298cfdd51f5743a2f77f3a2a5f887dee87a3cc12d
                        • Instruction Fuzzy Hash: 1A31E675A002088FCB14DFA4D548AADBBF2FF89351F144868DA06EB264DB35ED41CF60
                        Function 05CD0E7F Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 79aaaf824d277f9e1f75c32c2bd13375c4f38cf8f84e02758827ce6e066ff877
                        • Instruction ID: b3815100cdc2ea036f6d2e6498ca3456ee0b76dfd924b79c084dd84cbe79ef8a
                        • Opcode Fuzzy Hash: 79aaaf824d277f9e1f75c32c2bd13375c4f38cf8f84e02758827ce6e066ff877
                        • Instruction Fuzzy Hash: C9314132D14B4A9ECB01EF78C8548D9FB71FF95300B118A5AE9596B221FB30E685CB81
                        Function 00BB6988 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 976cd450973ec52d7796a73c98d265c82930932ff8539ebcecc18df64cf169b6
                        • Instruction ID: 2b7274d298c4cc7e84babfb63d96e1ee85ab761e59c4b8f261c5edc9682610d6
                        • Opcode Fuzzy Hash: 976cd450973ec52d7796a73c98d265c82930932ff8539ebcecc18df64cf169b6
                        • Instruction Fuzzy Hash: B421D1357006119BCB15AA29D498A3EB3D2FB8975571480B9E90ADB350CE79DC02CBD0
                        Function 05CDC304 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dd4e9c6404c26b29ef244ed144d34e1952a1552eadd89f4ed285cada1ad89497
                        • Instruction ID: a5a5013d0b596de5eb24dd7696bb75bb89dd57962c8c0ae3373f1a6944596808
                        • Opcode Fuzzy Hash: dd4e9c6404c26b29ef244ed144d34e1952a1552eadd89f4ed285cada1ad89497
                        • Instruction Fuzzy Hash: 6C313C342006008FC754DB28C888FA6B7E6FF85315F5489A9E19ECB361CF70AC86CB90
                        Function 05CD0E90 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54c018ca626c31d9320549cb7d30b9cc0119bea0007bdfc37fe92652531dfdd3
                        • Instruction ID: b428b2217848036b2f0d6a1b866f0a9118fffb97d276d0ef8cc859443e33546c
                        • Opcode Fuzzy Hash: 54c018ca626c31d9320549cb7d30b9cc0119bea0007bdfc37fe92652531dfdd3
                        • Instruction Fuzzy Hash: DF314132910B0ADACB01EFB8C854899F771FF95300B118B5AE9596B221FB30E695CB80
                        Function 05CDC880 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f34277b864058d180ca040a86eed92ec8207249adcfbe2b9483d0e61b315375
                        • Instruction ID: 9766f2aca419546cd6096c1c533f0b3a17179c9923792d338bffc04283d5ff4c
                        • Opcode Fuzzy Hash: 9f34277b864058d180ca040a86eed92ec8207249adcfbe2b9483d0e61b315375
                        • Instruction Fuzzy Hash: E0310A342006008FD764DB28D888BA6B7E6FF85715F5589A9E14ECB361DF71AC86CB90
                        Function 05CDCFC8 Relevance: .1, Instructions: 73COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 81e95d17a776aa28c1f4141e1ade0489487e650dc7411bb073307c62a2835ea0
                        • Instruction ID: 30990c10333160b1016c92d2c1cf24c48a568057377434ba730b8753ea11a48d
                        • Opcode Fuzzy Hash: 81e95d17a776aa28c1f4141e1ade0489487e650dc7411bb073307c62a2835ea0
                        • Instruction Fuzzy Hash: D511E634B441008BCB156679941C73EBAABEBC46417488829DA07DB380DF79DD03CBF6
                        Function 00B1D1D4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191599931.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b1d000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94dda4fa01e7b17a3cc318c480ccea6b6e1f388dfb0fdad04d791d25b2351042
                        • Instruction ID: 8c736a544068583bf404135f2139ab2d1b745ce2b16d412875e6791a8c70508d
                        • Opcode Fuzzy Hash: 94dda4fa01e7b17a3cc318c480ccea6b6e1f388dfb0fdad04d791d25b2351042
                        • Instruction Fuzzy Hash: 9821F571604200EFDB05DF14D9C4B65BBE5FB94314F74CAADD81A4B291C336D886CAA1
                        Function 00B1D01C Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191599931.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b1d000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a577ef8f4d722e0030602611178777d540b3747742e4abfbeb9482f4dc6d637
                        • Instruction ID: 5f63264a6b5902f545e7b0b7e5f3800a58fdcaba4c013c15839c1aca34b7f9b8
                        • Opcode Fuzzy Hash: 7a577ef8f4d722e0030602611178777d540b3747742e4abfbeb9482f4dc6d637
                        • Instruction Fuzzy Hash: 1221F575604200DFCB14DF14D9D8B56BBA5FB98314F64C5ADD80A4B396C33AD887CB61
                        Function 00BB54E9 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9c72a0f15817ced2506213fa1b8f3dda4583aaca2cfccddef26fbf2757408fe7
                        • Instruction ID: c63aaf1da017fc388dc666cb580a1742a33887010cd2f8e319de95e008aad50f
                        • Opcode Fuzzy Hash: 9c72a0f15817ced2506213fa1b8f3dda4583aaca2cfccddef26fbf2757408fe7
                        • Instruction Fuzzy Hash: 1B213871704608CFDB25AF28D4487BA37E2EB94346F008069F80A8B354DBB9CC51CF62
                        Function 077BCC38 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0a736eafb5d2e23c6e6d2df707e7cb4dbb83c6bd302e28130c68eadccef90101
                        • Instruction ID: 036013c47e301bbd36a9bf68f75c5768e7796eba8df673cc10a4d64a51d41caa
                        • Opcode Fuzzy Hash: 0a736eafb5d2e23c6e6d2df707e7cb4dbb83c6bd302e28130c68eadccef90101
                        • Instruction Fuzzy Hash: DF11E430B101158BD704BFB9EC49A6EBBB4EF88644F808929D448A7340DA389D29C7E2
                        Function 05CD0CE1 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff11e1af0eb6aa6a09e6a6da73d5fa998ea586d5fa5e3d5f1185861080b0b504
                        • Instruction ID: c5436219daa0a3e4ac025aa809ae43c0526ca8afc28b8a04d87209deb215ba32
                        • Opcode Fuzzy Hash: ff11e1af0eb6aa6a09e6a6da73d5fa998ea586d5fa5e3d5f1185861080b0b504
                        • Instruction Fuzzy Hash: 141193353002145BEB04A769D92275F76D7EBC4708F148429E102D7796CEB9EC5297A1
                        Function 077B19A8 Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7815cfdf07e4508b28f876eb481d82e41b1faed8b38f1f41389f3217bf68ef4f
                        • Instruction ID: 1cdcff7fd3dbaca8e3abff6803004941dc11e3e03103970200db382c91890b30
                        • Opcode Fuzzy Hash: 7815cfdf07e4508b28f876eb481d82e41b1faed8b38f1f41389f3217bf68ef4f
                        • Instruction Fuzzy Hash: 8631E0B0C01218EFDB20CF99C999BDEBBF5AB49354F64841AE408AB250C7B56845CBA1
                        Function 05CD4D18 Relevance: .1, Instructions: 67COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 04840136218135e12f9311cdfa79342242cf60232fa87ad522ab3394761ff482
                        • Instruction ID: 0af1c7b882b6c87e8754b334d1422a6f5abb6093a8560517c9996c50399262fe
                        • Opcode Fuzzy Hash: 04840136218135e12f9311cdfa79342242cf60232fa87ad522ab3394761ff482
                        • Instruction Fuzzy Hash: 77218E75A0061A8BCF04CF69E8C05BFB7B6FF45611F148826EE04EB255E774DA11C7A1
                        Function 05CD0CF0 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d8e91878af7e6563947655fb23ad41ff3682f9c3e804f7c89d09f64d66f0eec
                        • Instruction ID: fac2dcd2f4de8df64d49d8c18228e74d9fb760d929a016b84d9c9a505f92d68f
                        • Opcode Fuzzy Hash: 8d8e91878af7e6563947655fb23ad41ff3682f9c3e804f7c89d09f64d66f0eec
                        • Instruction Fuzzy Hash: 2B11C1343002149BEB04A76DD921B2FB6D7EBC8B08F008429E102D7796CEB9AC5297A1
                        Function 05CD5758 Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a14f9c3d59d551f58a2a13d522a4b9bb810a6d0d9316fed5642d00dcf0002012
                        • Instruction ID: 2beb62ed07dfccf50daf741bb248ce3525e161816a98fec28a8c1fea75e7d679
                        • Opcode Fuzzy Hash: a14f9c3d59d551f58a2a13d522a4b9bb810a6d0d9316fed5642d00dcf0002012
                        • Instruction Fuzzy Hash: D511C4343043049BD7299625C895B6AF3E7FBC4325F24C879E50ADB284CA75E9028BA0
                        Function 00B1D006 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191599931.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b1d000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 93356815821491be26a5b9d0c36cba57e47c2fdf18adc3c87984cc1ed632e5c2
                        • Instruction ID: e3ded490f97d6ad4b632ed27e1b38a54a04348c1923b87e2965baea0942b3f7b
                        • Opcode Fuzzy Hash: 93356815821491be26a5b9d0c36cba57e47c2fdf18adc3c87984cc1ed632e5c2
                        • Instruction Fuzzy Hash: 4E2187755087809FDB02CF14D994711BFB1FB5A314F24C5DAD8498F2A7C33A9856CB62
                        Function 05CD7EC0 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2b4712066692fe003e9a3e30aab1f0aa3182f17a248f56ca7704c23419db701f
                        • Instruction ID: 485d8721954560af77e1af0663c08e7d986824be60710dfe23a9b9c13261c808
                        • Opcode Fuzzy Hash: 2b4712066692fe003e9a3e30aab1f0aa3182f17a248f56ca7704c23419db701f
                        • Instruction Fuzzy Hash: BD1147B1600B159BC216AB39C444756F3E2FBC4255B64CC68921E8B760DB79E946CBD0
                        Function 00BB7A01 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ee217780fa84d4374ad3dac9d40cd1aa8644444d1b76a1c7231ab38cb4ed494b
                        • Instruction ID: 949ad093a7ce619627044ca38a36117c4920ee3d41d9f8b6eadc2bbb39689c45
                        • Opcode Fuzzy Hash: ee217780fa84d4374ad3dac9d40cd1aa8644444d1b76a1c7231ab38cb4ed494b
                        • Instruction Fuzzy Hash: 9B113A756445119FCB51CF2CC484AA9B7F1EF96321B158791E8298B3E0DB70EE21CB90
                        Function 05CDC238 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 709497cb635206d03006e64b5cc334244282399a76402e1b745cb185655a61f6
                        • Instruction ID: 18ac465bb20d81e8a2a2dd65a6f0861b552d0039c513d283b366fb043e8f315d
                        • Opcode Fuzzy Hash: 709497cb635206d03006e64b5cc334244282399a76402e1b745cb185655a61f6
                        • Instruction Fuzzy Hash: E4119D31704614CFC724EFB9D54482AB7F6FF866157114AADE10ACB271DA31EE85CB21
                        Function 05CD3E34 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 62e8224d67232e101499627b9d7dbaad15150eac058b15a7fc96ef42cbd02acb
                        • Instruction ID: 5160ec0e9c2c2c4c3daed6d79f6f7c4d3f6d4e86384c6af14a50089ad70eac56
                        • Opcode Fuzzy Hash: 62e8224d67232e101499627b9d7dbaad15150eac058b15a7fc96ef42cbd02acb
                        • Instruction Fuzzy Hash: 281147B0600B159BC219AB398444667F3E2FBC0341B64CC68A21E8B720DB79E946CBE0
                        Function 00BB9370 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a1070d078e880fd79af24dca051bd15208eb15d68639bf31278ab57797fedf7e
                        • Instruction ID: cf168bbad9363f22c535984311b8f6b22b211fa318320111c3d1bedc0c0489a4
                        • Opcode Fuzzy Hash: a1070d078e880fd79af24dca051bd15208eb15d68639bf31278ab57797fedf7e
                        • Instruction Fuzzy Hash: DE1123B0D002199FDB04DFAAD9846EDFBF2EF88310F14D129E408A7254EB78594ACB90
                        Function 00BB6987 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6c7f02d4490098df69dbbedbd9d1ccc4727e284eceee8b89f3f33dbc9ed297b1
                        • Instruction ID: 80732721063022f50a28995c59ab1ab869b612e657cd19023e3075a7753e14f6
                        • Opcode Fuzzy Hash: 6c7f02d4490098df69dbbedbd9d1ccc4727e284eceee8b89f3f33dbc9ed297b1
                        • Instruction Fuzzy Hash: 9711C2357005119FCB155A2AD498A7EB7D6FFC975131880B9E90ADB350CF79DC028B90
                        Function 05CD5768 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f984c97712f10dd2ff5e3350046b0ad4c63efb9ffefd0b67780634c099ba99ba
                        • Instruction ID: 335bfee8fe7a69582ccea185f2ec739db3ec58cdaca436e8bae517f9d017a9b8
                        • Opcode Fuzzy Hash: f984c97712f10dd2ff5e3350046b0ad4c63efb9ffefd0b67780634c099ba99ba
                        • Instruction Fuzzy Hash: 6211C2343043009BDB29D625C894B6AB3E7FBC4721F64CC39E50ADB284CB75E9428BA0
                        Function 00BB8697 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f9367ab2ac674ed808d68735cd5b8142ff62fe7b9b11cb3c5d18e5969388909a
                        • Instruction ID: 6028b8dbba467a3bd07d82764d9fa90cc56d03e9ebb5f939ad3fbb1f603297b9
                        • Opcode Fuzzy Hash: f9367ab2ac674ed808d68735cd5b8142ff62fe7b9b11cb3c5d18e5969388909a
                        • Instruction Fuzzy Hash: 9D1130797001049FCB14DF55D984BEDBBF9FB8C711F144065E916A7390DA719C11CBA0
                        Function 05CD8EAF Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e7bf25b20944edb58cf61114e9291a825d5e64437f781cc6c5e8c581805adbe6
                        • Instruction ID: 88bd04dcf9f6c5fca1375b0a361cbcdb4cfc9836ea58563e2e4d82d73b335981
                        • Opcode Fuzzy Hash: e7bf25b20944edb58cf61114e9291a825d5e64437f781cc6c5e8c581805adbe6
                        • Instruction Fuzzy Hash: C811E034A04304CBCB38AA68C40966EF7A3EF41615F104CBEC66AD6681C735E646CF21
                        Function 05CD9F78 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1a4060adb0f94e710d604019a93d953a7021669a937b809ff2ce0bc476b3cf26
                        • Instruction ID: 4ad1844a707c430ad57f5334609ce083e50cfbb3e5a0e4b5c5343d41cb706279
                        • Opcode Fuzzy Hash: 1a4060adb0f94e710d604019a93d953a7021669a937b809ff2ce0bc476b3cf26
                        • Instruction Fuzzy Hash: B3114C74B006008FCB14EF38D89496EF7F2BF88604B20896DD519DB3A1CB75E806CB61
                        Function 00BB642F Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c1a17e725f59a76239a9c216900306b9a1a7da2bedb0ae53ddf53aaaf80c507
                        • Instruction ID: 638ecb2321f8df469ccf351a598521dbf1dde77588a4cdc5d0edc06b2a1c4052
                        • Opcode Fuzzy Hash: 4c1a17e725f59a76239a9c216900306b9a1a7da2bedb0ae53ddf53aaaf80c507
                        • Instruction Fuzzy Hash: 7411A074B01A148FCB14DE14D488BB9B7E2FB84726F1481A8D80A8B340DBF8DD55CB91
                        Function 05CD1910 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b73d394feb25f5b36ce08b82b99b2585c9e60a22938d6f39dbc3eecdad518a3e
                        • Instruction ID: 29802453e25289fb98b8311ed9210182f3f9fe603f264f904d646e14255a2326
                        • Opcode Fuzzy Hash: b73d394feb25f5b36ce08b82b99b2585c9e60a22938d6f39dbc3eecdad518a3e
                        • Instruction Fuzzy Hash: 83114C71A106099BDF05CF69C884AAEBBE5FF48610F144429FA15D7350DB34DA10DBA1
                        Function 00BB9F3F Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 354bdd352a57aa46bec985a080375434d479edd6fbfe2611e68d6dbd5ee5b0e2
                        • Instruction ID: 63ae00b565737af39484732a5b509097d94c1776878a2209f6e06d435427358f
                        • Opcode Fuzzy Hash: 354bdd352a57aa46bec985a080375434d479edd6fbfe2611e68d6dbd5ee5b0e2
                        • Instruction Fuzzy Hash: C8118E316002099FCB14AF15E448AFA7BE5FB99321F108069F909CB254CBB9DD61DB90
                        Function 00B1D1CF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191599931.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b1d000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                        • Instruction ID: 2e33a3da7faa4ed52ba09639ab457fdaa8b57d2c4813d39a76a47a0806324248
                        • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                        • Instruction Fuzzy Hash: C211DD75A04280DFCB02CF14C5C4B15FBB2FB84324F24C6ADD8494B696C33AD84ACBA1
                        Function 05CD1920 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ede3d0e3596b5be589b042baa2fb2782dfd5e99a1ad27927dcf6dfddc121dfd
                        • Instruction ID: 0c001033b28b6501dc13e58aec75671a8fd9d75f45df2e9259256b42f7a944a2
                        • Opcode Fuzzy Hash: 3ede3d0e3596b5be589b042baa2fb2782dfd5e99a1ad27927dcf6dfddc121dfd
                        • Instruction Fuzzy Hash: 76115B71A106099FDF15DF69D884AAEBBF5FF48610F048829FA19D7350DB30DA10CBA0
                        Function 05CDE808 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9e8d3f77d356caa79c859f5039dac871c912a8795c4227f5666ff7af84d2f6a4
                        • Instruction ID: 9d8c6f6ee6f3f1df21776d988aa76ce3ad04f86726c61b489e29d019a4bafe00
                        • Opcode Fuzzy Hash: 9e8d3f77d356caa79c859f5039dac871c912a8795c4227f5666ff7af84d2f6a4
                        • Instruction Fuzzy Hash: FF0167357102014FC619AB7ED45853EB7DBEFC9661719407AD60ACF3A1EF64CC0287A2
                        Function 05CDC229 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 20487c40fe414995099a821ec6cf23bae218080ae86864de4838f47eef1d9bb1
                        • Instruction ID: cfc2bbeaa7ff83b75efbb6eed474e13cbc1f0a017e6d72d09dea377756528daa
                        • Opcode Fuzzy Hash: 20487c40fe414995099a821ec6cf23bae218080ae86864de4838f47eef1d9bb1
                        • Instruction Fuzzy Hash: 29012F72344210CFC7249FBAD84496AF7F5FF86611B1549AAE206CB261DA31EE46CB31
                        Function 05CDCF31 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4d081d54cda2179d5247afa42469a5d1b7fcf72729203152286fb68168a33d46
                        • Instruction ID: ba257dc37c21a21b20be84861df3a40ac7ac284726df3cb6bf84a7bad313952d
                        • Opcode Fuzzy Hash: 4d081d54cda2179d5247afa42469a5d1b7fcf72729203152286fb68168a33d46
                        • Instruction Fuzzy Hash: 0101F4723502008FD629D239C845BAAFBE6EB95A11F09487AD285C7350DE75AC46C7A1
                        Function 00BBB4C8 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d22352d761164fc1bed9d58979dfc20f74bc7df9b1a8ffba29845d84cb695acb
                        • Instruction ID: a5ebdb5308023764e89930da3e490938d5d98224ac280e825a4c47a8f38bf9e9
                        • Opcode Fuzzy Hash: d22352d761164fc1bed9d58979dfc20f74bc7df9b1a8ffba29845d84cb695acb
                        • Instruction Fuzzy Hash: F401FF317041114BDB349E35A8A4BBE77D9EB947517140069E54BC7391EFF6CC418792
                        Function 077B1088 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2775b90a5b974da648abc6a44c95522dc089aee98e0673781f44f896ed18008d
                        • Instruction ID: 48b005957a7098f0f4b7bf71c9953c6cc818db65fbd8b4d420970bd3aee08587
                        • Opcode Fuzzy Hash: 2775b90a5b974da648abc6a44c95522dc089aee98e0673781f44f896ed18008d
                        • Instruction Fuzzy Hash: 6411F871D0070E8ECB10EFA9C8405DEFBF4EF48310B11866AD558B7211E730EA91CB90
                        Function 05CD87C1 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0849f8c061315dea7dded88a4e27104daa3842502e8dfad9640e7082b13fb989
                        • Instruction ID: 428633e248ea25a27883d1a69a246edc40529b59bcbc542632b94fc1ba37e4ee
                        • Opcode Fuzzy Hash: 0849f8c061315dea7dded88a4e27104daa3842502e8dfad9640e7082b13fb989
                        • Instruction Fuzzy Hash: 7C11A7B1600B508FC725DB29E41421B7BF2EB85325F148B5DE0AA87795DB74A80ACB91
                        Function 00BB920F Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d03d3da0fcb710f575a84403ecc426c3f0b567a1b1ce91f2f6e628d861ea20e2
                        • Instruction ID: 172f8d722fd67d3bb9ef218483de9a3941d4ad56d4ed9c2842c65a57b8b83ab6
                        • Opcode Fuzzy Hash: d03d3da0fcb710f575a84403ecc426c3f0b567a1b1ce91f2f6e628d861ea20e2
                        • Instruction Fuzzy Hash: 141129B5D04219DFEB04CFAAD8593EEBBF1FF88305F00856AD514A7291D7B8064ACB91
                        Function 077B3F16 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aacc5dd0887476bada143b7677878573187f1240268cc341a4bc37d62ad708db
                        • Instruction ID: abbe567c5d46a80d3eb4dd9df71098bbad2e1e018f160c90a19688857a74a74f
                        • Opcode Fuzzy Hash: aacc5dd0887476bada143b7677878573187f1240268cc341a4bc37d62ad708db
                        • Instruction Fuzzy Hash: E901D4A560E3CA5FC703E770E8551987FB0DB47140B0641D7D589CF2A3EA681E0A87A2
                        Function 00BBA048 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1e067499a11b9a1ce5b0a1b42020f22204363a9f79c0f81a3c1f88c3fbdf64ff
                        • Instruction ID: dc4702aee10582100cc412d54de45f3faf1bedd5cde8a53ee1f6f5b43796a624
                        • Opcode Fuzzy Hash: 1e067499a11b9a1ce5b0a1b42020f22204363a9f79c0f81a3c1f88c3fbdf64ff
                        • Instruction Fuzzy Hash: BC01D172B00214AB9F05AE59A800BFF3BEBDBC8791F148029F509D7280DEB5DD119BA1
                        Function 0077D7E5 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191501507.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77d000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9800dcceb9dc1b423000f57f4efcd9698e15a693c73805927dcf887996a06536
                        • Instruction ID: 217e61c0bed853e422e5e033efcf7b3443889374aa8352f7e6ac0bfdba82736d
                        • Opcode Fuzzy Hash: 9800dcceb9dc1b423000f57f4efcd9698e15a693c73805927dcf887996a06536
                        • Instruction Fuzzy Hash: 7D01F7314053449AEB304F19CC84726BFF8DF553A5F18C95AED0D0B282C67D9C40C672
                        Function 05CDE7F8 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4fdb873af048e5353bcad7d299cbed94557c9a82c1ac0f9cec51a919bb2cb72a
                        • Instruction ID: 939caf81b462dbfa5f516ad2662083f83c329df49694a881e543f7f5b2ef9161
                        • Opcode Fuzzy Hash: 4fdb873af048e5353bcad7d299cbed94557c9a82c1ac0f9cec51a919bb2cb72a
                        • Instruction Fuzzy Hash: 6FF062353201008BC609A77DD85DA2EB7EBEFC9661B294079E606CB3A6DE64CC0347A1
                        Function 05CD01D4 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b5bd4003d6f0c21e2d23806e4896faff911816f793c14b7ecf4e73cccf98a025
                        • Instruction ID: e25ff0888b404bc3643958dcb31727271fd967609e2f45d710166d6aa5c91eb7
                        • Opcode Fuzzy Hash: b5bd4003d6f0c21e2d23806e4896faff911816f793c14b7ecf4e73cccf98a025
                        • Instruction Fuzzy Hash: 4AF062343151618B9A18DA3E9858D3EBBDABF84A113054C6AE606C7260DE25ED42D7B1
                        Function 05CD2FB0 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 77edb45c1cb5a16ba24bb4bc188fe592510d9ec2517809469da977c139613f85
                        • Instruction ID: 009600a84467bec5bf24fca69d95cd08fd9f711760a1639e6723a58923735440
                        • Opcode Fuzzy Hash: 77edb45c1cb5a16ba24bb4bc188fe592510d9ec2517809469da977c139613f85
                        • Instruction Fuzzy Hash: C9F09C353051118BDB18DA3AD449E7DBB9EAF84E11B05486DF602C7360DE15EC42D7B2
                        Function 00BB8F68 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c3338d8a6c51a5a28474393c369c22a2cdac5e5570fbd19258625e7e8239fdb
                        • Instruction ID: 712b594b3bc1a3c67e565c7c57aae2167a0082aaced36bfce8dc6b189fc08e8e
                        • Opcode Fuzzy Hash: 0c3338d8a6c51a5a28474393c369c22a2cdac5e5570fbd19258625e7e8239fdb
                        • Instruction Fuzzy Hash: 32016DB5D001288BDB04DFAAD8443EDBBF6EF8C311F00857AD515B3250DBB84946CBA4
                        Function 05CD87D0 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f9c822e507bc02f87495d3c60db3d26a7f1ce28baf149e4e876adbfc9c7a7c4a
                        • Instruction ID: 4f317f7f3080edc457d7bcd752b11c5bfe7975960363eb145452a3e9d8f3214c
                        • Opcode Fuzzy Hash: f9c822e507bc02f87495d3c60db3d26a7f1ce28baf149e4e876adbfc9c7a7c4a
                        • Instruction Fuzzy Hash: AC014871600B158FC724DF29E44461B7BF6EB88326F10CB1DE1AA47B94DB75A8468F90
                        Function 00BBA047 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 941f2bc1efa2e30ee9d1614121c33762b28c94bd19940554d89e719beb8f9257
                        • Instruction ID: 11832593f48a7bd72952fbdc73c149ef330b6d700c9c6f457d5861ae35f3fbef
                        • Opcode Fuzzy Hash: 941f2bc1efa2e30ee9d1614121c33762b28c94bd19940554d89e719beb8f9257
                        • Instruction Fuzzy Hash: F4F0F672A00104AFDF01DE55AC00BEF3BA7DBC8391F148025F518C7280DAB5CD119B91
                        Function 05CDC324 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0f601ce93efa37f8dfb8b1896b9174845729d0e9c6a50e9b56e9a2a2ab65c6a6
                        • Instruction ID: e582acc1f04d9ec3e7b3f2eee8fd15bab69733f3ad86f7cdbfc488cc28f64072
                        • Opcode Fuzzy Hash: 0f601ce93efa37f8dfb8b1896b9174845729d0e9c6a50e9b56e9a2a2ab65c6a6
                        • Instruction Fuzzy Hash: 9AF06D753502058BD618D6298888BBAF6E7EFC4A12F144C6AE24AC7250DE74AC81C7A1
                        Function 077B1C10 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb18845c8d3e6c73fc608800c3e54797d2c63d9ebae8e92a4af1d0f9ce680bc3
                        • Instruction ID: 3cb5488dc45c87e8e0771b6e7bb449865b561f8a1a511e16e6645f8e63c70cda
                        • Opcode Fuzzy Hash: eb18845c8d3e6c73fc608800c3e54797d2c63d9ebae8e92a4af1d0f9ce680bc3
                        • Instruction Fuzzy Hash: A2F0E2767042106FC3059A6AAC81AABABEDFFDA621B2184ABF104D7362C9709D058270
                        Function 00BB4DF8 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0afc750e44c2709877cfab6bbda7c80934dd0532b040337ac9b8a8b7634ec6ce
                        • Instruction ID: 06e6d5eb933e7e3a00afb0fb857e94d6d72841626c7cf919a01a44b1998e180b
                        • Opcode Fuzzy Hash: 0afc750e44c2709877cfab6bbda7c80934dd0532b040337ac9b8a8b7634ec6ce
                        • Instruction Fuzzy Hash: 0AF046B0C092449FD701DBB898552E87FF0EB15311F4440E6D849CB252E7B88E46D701
                        Function 0077D7E4 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191501507.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77d000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4eecaa9276e152225e74ba8edc1f040e74ae14105b7bb3ccb576c3cb85586af6
                        • Instruction ID: 24368a1e272f816f8048ba4451620b679294c514cb095cd6b54bc6e15308a88d
                        • Opcode Fuzzy Hash: 4eecaa9276e152225e74ba8edc1f040e74ae14105b7bb3ccb576c3cb85586af6
                        • Instruction Fuzzy Hash: 0BF062714053449EEB208F19CD88B66FFA8EF91774F18C55AED0D5F286C2799C44CA71
                        Function 05CDCB79 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3013bd1c8493541283350f8cf1d86c0992d58a1fd09099ac16252554a1c553da
                        • Instruction ID: ae2c29603484a7ee738ba261e58ce18592b42c750edc7e32e725fd2674fac377
                        • Opcode Fuzzy Hash: 3013bd1c8493541283350f8cf1d86c0992d58a1fd09099ac16252554a1c553da
                        • Instruction Fuzzy Hash: E701A475600104DFCB14DF68C588998BBF1FF48325F2545A5E916AB3A0C771DE81CFA0
                        Function 00BB4B0C Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 644e1b4e47dd0c079eccd3ec025b3687c370c8cc4020908050bfafd2deb1b4f4
                        • Instruction ID: 43b8276d63c11ee9cbfbedff9186b20eec8511fb9afec1254fc0b7a874db55ea
                        • Opcode Fuzzy Hash: 644e1b4e47dd0c079eccd3ec025b3687c370c8cc4020908050bfafd2deb1b4f4
                        • Instruction Fuzzy Hash: 0EF09075E08248CFDF61DFA9D8912FC7BF0FB55316F2401EAE145AB212D7605916CB41
                        Function 077B1C20 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a65f62d77cca1bea50a1a226fb7200c657376b21d3133889935580edf5985b55
                        • Instruction ID: aac16abfd1cfd5393b7fecccc58a5e9e10bfc7cdd33dc6e70e972de29e1ccac4
                        • Opcode Fuzzy Hash: a65f62d77cca1bea50a1a226fb7200c657376b21d3133889935580edf5985b55
                        • Instruction Fuzzy Hash: F4E09B717001146FD3049A5EDC84D5BFBEDFFC9760B11807AF504D7351CA70AC0086A4
                        Function 05CD3F18 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 25b8139d77783a103fd217e9106b9c1eefd53f9599fbf6af0316020ad4f00b43
                        • Instruction ID: 911ce6fa0b07b57d29b0714cc9ad76ba7ec86f5d8ed81ad200b0afb9b38e3315
                        • Opcode Fuzzy Hash: 25b8139d77783a103fd217e9106b9c1eefd53f9599fbf6af0316020ad4f00b43
                        • Instruction Fuzzy Hash: E5F0E536514120CFC721EB2CC885BE977E6EB49350F1A8CB3E259DF225C135A8468765
                        Function 00BB4DAF Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: be27c07fe591146187b98055a53920d1c7f178aafc08e237ce0337ea6186b66e
                        • Instruction ID: 7adc1f51e6a2084df63d60de5ec6b9b16f80caede7e939639f0b5efef86d2f4e
                        • Opcode Fuzzy Hash: be27c07fe591146187b98055a53920d1c7f178aafc08e237ce0337ea6186b66e
                        • Instruction Fuzzy Hash: 35F03074905245AFC700DFB998952ECBFF4EF09310F1044E59848D7211EB784E869B41
                        Function 077B1C61 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ed98d26104ff82d378231103e91301d8b09d79e20610e918ae5061a0ea21f741
                        • Instruction ID: f10008bf3c241360862f535ec1b9ea8b0b44694176fb696afe11b030b217fbf6
                        • Opcode Fuzzy Hash: ed98d26104ff82d378231103e91301d8b09d79e20610e918ae5061a0ea21f741
                        • Instruction Fuzzy Hash: 40E09B763056406FC302876DDC99E55FFA9EF8E221B1580A7F55DC7B62C530AC15C750
                        Function 05CD1B50 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f908d46465dc836a9bf00486a993fcbe4520d78eb62f8fe7940369b5638febb2
                        • Instruction ID: cfe3f307d8702b34d0f9169b17b058bbf97ecc730f86a91a9f8e9988611f4dd1
                        • Opcode Fuzzy Hash: f908d46465dc836a9bf00486a993fcbe4520d78eb62f8fe7940369b5638febb2
                        • Instruction Fuzzy Hash: F4E06D33660524D78210DB59F4814B5B3A8E785A6A318C457E50CCB611E372D862C3D0
                        Function 077BBB90 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7dc27e122149c01def83569ab9b41e3c8afe42beb5e2835253f35e54537ff87
                        • Instruction ID: 48fd8a92b9cb4a4da0ea72c967cc5eaeb0739c210b2eddd05d2b583bce6f6973
                        • Opcode Fuzzy Hash: d7dc27e122149c01def83569ab9b41e3c8afe42beb5e2835253f35e54537ff87
                        • Instruction Fuzzy Hash: C2E092B07053498FC7226F70F8585963F36FF8265230600A9E406C269ACB79CC15CB32
                        Function 077B1012 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 99c340ec970acd0efd730830fda987616593cae7e02e7ef6f90c01595069a498
                        • Instruction ID: ffb29a92cee186e3525ceab3e08c4ffc54d21c681cc1e1d96956787e09a7a699
                        • Opcode Fuzzy Hash: 99c340ec970acd0efd730830fda987616593cae7e02e7ef6f90c01595069a498
                        • Instruction Fuzzy Hash: 40E0263234D2D02FCB06829D6864BB66F69CFC6620B0940FFF104CB582C9540D0583A1
                        Function 05CD8638 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f9acaf0c148b8f9580917857bec72d7b8063fbbb1dbb5c780aa1185ed269bfb6
                        • Instruction ID: e7ee0bf320858df41715e22bee5b2d3b0415246f4eed50c728e4af6badbb4f0c
                        • Opcode Fuzzy Hash: f9acaf0c148b8f9580917857bec72d7b8063fbbb1dbb5c780aa1185ed269bfb6
                        • Instruction Fuzzy Hash: C4E02671B011140BC30A26A9B42E26EFF5ACFC8222F09003BE50AC73E0DE688C0787C2
                        Function 05CD4CE1 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6455be53672ae3f9382ad911492bb938e225c4265e2f11b283c4c5b42de5c73
                        • Instruction ID: 08bfb5bd02b883b5b98c8e624f23928cac34f24bbf440ae21236af2499f87b9e
                        • Opcode Fuzzy Hash: d6455be53672ae3f9382ad911492bb938e225c4265e2f11b283c4c5b42de5c73
                        • Instruction Fuzzy Hash: 71E08637209218AFC7054685DC46EC2FF99DB09220F09C462F30997631C6529821EBA5
                        Function 077B1C70 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 64428fea11d8847d748a69c000dcc1e2de4196e25f33cb643f9aaf9c5aef09d9
                        • Instruction ID: 666930aa0d3ce84afdc8a0fca0467e43650a2408b86596335b81d04f043df05d
                        • Opcode Fuzzy Hash: 64428fea11d8847d748a69c000dcc1e2de4196e25f33cb643f9aaf9c5aef09d9
                        • Instruction Fuzzy Hash: BAE0EC363456146FC3149A4EEC88E46FBADEFC9671B55806AFA09C7361CA71AC01C6A4
                        Function 05CD2D31 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db999ed26e5f44fc4ee82458fc62badda6897225bee0d6f721b5aa12b10638d6
                        • Instruction ID: e81cbe60cf41e244e0f65c1b690e98bd6fabd5d1e9b93e2d62bd816c7c37198a
                        • Opcode Fuzzy Hash: db999ed26e5f44fc4ee82458fc62badda6897225bee0d6f721b5aa12b10638d6
                        • Instruction Fuzzy Hash: 8FD05E2336893813DD1A3228A81B77CA5498B51911F080875A306FBB81DD989A1393E9
                        Function 05CD3F24 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4938c5753d9024b8749b73c90caa071d6effaa0f2b1a0b86ba01be89fd475c5b
                        • Instruction ID: f08c0e8c5e2d5aed66fb7b559c786df9bd0a5c0b7d3c3f3de849ca515b9bdd6f
                        • Opcode Fuzzy Hash: 4938c5753d9024b8749b73c90caa071d6effaa0f2b1a0b86ba01be89fd475c5b
                        • Instruction Fuzzy Hash: 63E04F35260100CFC711E71DC488BE573E6EB4A354F298DB3F65AEB314C236E8428760
                        Function 05CD3E54 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7f62d108ca3853844fd767371c2e8d77d30be0eed66e7dc7a0f54de7a9d25a6a
                        • Instruction ID: 3c598c7b0f223e6b28b4017e90ad394f8598bbb861ebd31cb05d9696dca6b710
                        • Opcode Fuzzy Hash: 7f62d108ca3853844fd767371c2e8d77d30be0eed66e7dc7a0f54de7a9d25a6a
                        • Instruction Fuzzy Hash: 01E0CD37245218AF8B055B8D9C84C95FFD9EF49720704CC53F30D47132C5529C10EB55
                        Function 05CD1B98 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c9837f30ac573f68e055c34925492b2cdc1401629e1c4097d624b80a8e4e3756
                        • Instruction ID: f22bbe36d4102beb936599af54a677d3abd15f3dfc93cf9e07560514cfeaf1a0
                        • Opcode Fuzzy Hash: c9837f30ac573f68e055c34925492b2cdc1401629e1c4097d624b80a8e4e3756
                        • Instruction Fuzzy Hash: D5E02633120128AFCB147B1AE989BE0BB59F740320F4A8574E302C3140E7F8E8408BE5
                        Function 00BB4DC0 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fbc7e0889e60ddb7455f20d79f2e7306293c36fbfdf5b3306e346eafe5da425e
                        • Instruction ID: 31f5b5215fc021079d962226001c1ad7543fc8cad8ce56b640c8f3b513e4d135
                        • Opcode Fuzzy Hash: fbc7e0889e60ddb7455f20d79f2e7306293c36fbfdf5b3306e346eafe5da425e
                        • Instruction Fuzzy Hash: 45E04FB8D04208EBCB40EFA899482ECBBF4EB08301F5084E5A80493200E7700E40DB40
                        Function 05CD75D0 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c5353b3a426fa4f8341d28754966725543ecccc35c2097d3d644a29fed6787d2
                        • Instruction ID: 61f5a15e597d3b3f0d8d9868b446cc3cde0908ff7339da216ac3ed1c94992c06
                        • Opcode Fuzzy Hash: c5353b3a426fa4f8341d28754966725543ecccc35c2097d3d644a29fed6787d2
                        • Instruction Fuzzy Hash: DCD05E323541248FC3009BB8F849E92BBECEF48665B0540A6F20DCB261EA72E80087D0
                        Function 05CD8648 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c9bcb9caab759fdf6c770b6d5ad868e07ac30efaadea2d6767ede14c26ddfc9
                        • Instruction ID: 42fcbe75a78395d0d3da663f87751410c759b24def0a208249bb32675dc95d58
                        • Opcode Fuzzy Hash: 4c9bcb9caab759fdf6c770b6d5ad868e07ac30efaadea2d6767ede14c26ddfc9
                        • Instruction Fuzzy Hash: E1D05E75B001194B860926AEB418A9EFAAFDFCC662B05403BF50AC3380DEA94C0687E5
                        Function 00BBB4C7 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                        • Instruction ID: 9a217657cfd834d101e8becf009c27d0cb1f51a4e4da56e110b4cc701da54055
                        • Opcode Fuzzy Hash: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                        • Instruction Fuzzy Hash: 64C0123324D0242BA238104A7880EF2AB8CD3C23B4A2101B7FA2C8720198C28E8242A1
                        Function 05CDAC08 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 21cce6e7f31345b99a74c36a653e413ed5fb47fb90cf4836a406224a2fc4b541
                        • Instruction ID: 9cef5cafe15ccb7aa7bdcfd56fe59da73cc8cbed5d8dc72224406e5e63d375d6
                        • Opcode Fuzzy Hash: 21cce6e7f31345b99a74c36a653e413ed5fb47fb90cf4836a406224a2fc4b541
                        • Instruction Fuzzy Hash: 9ED0A7627682901B925522AC381985A2AD6C6CB55130940AFE705D7386CC54EC1B4751
                        Function 00BBD455 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd808cfb161bc13c78c5a5c7fadfb6c4b5a852c24b32057c530de07d3f3aff04
                        • Instruction ID: c7cebf76349ce5f5be821d04ee8bbafc2304601b380241b21fde460cbb438b7f
                        • Opcode Fuzzy Hash: bd808cfb161bc13c78c5a5c7fadfb6c4b5a852c24b32057c530de07d3f3aff04
                        • Instruction Fuzzy Hash: 3AD01239F001188FDB18DBA5E8942ECB7B2FBC8312F108066D506D3245DF3458569B00
                        Function 077B3F50 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d53ed4e2d7091d0cc91605f2609becfabc4c43dea68536f6c7154085c5221afd
                        • Instruction ID: e06ebfcf9fb86ad4f9b87d3e68900916b91c2349fcf463e06997137ec2487257
                        • Opcode Fuzzy Hash: d53ed4e2d7091d0cc91605f2609becfabc4c43dea68536f6c7154085c5221afd
                        • Instruction Fuzzy Hash: E4D0C2B0A0020CEFCB00DFA4E9005AC77B6EB44240B004498E80D93300EB312F00A790
                        Function 077BBBA0 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f6b4dc50d85b2b0798efad0707eb2434ef7fb278dbffa158de166aba728bf497
                        • Instruction ID: d06fb870c59e0141c73178e96d7d12289f0353f13916a0ac98add1cddf20311c
                        • Opcode Fuzzy Hash: f6b4dc50d85b2b0798efad0707eb2434ef7fb278dbffa158de166aba728bf497
                        • Instruction Fuzzy Hash: 10E0ECF071030ACBC3246F71F54866A376AFF4169234204A8E80682698DB7AEC50CA26
                        Function 05CD2D40 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 438c02474332eed280c0fce3d7dc72fb76fe37db35529aa60441dbd8ac7c6b8d
                        • Instruction ID: f959450a1ad6f788e0f518870b2cc54ea7f4a295d8cdcdaddd89750f5aeeec76
                        • Opcode Fuzzy Hash: 438c02474332eed280c0fce3d7dc72fb76fe37db35529aa60441dbd8ac7c6b8d
                        • Instruction Fuzzy Hash: B8D01223319935134D1A725CA82E67CB5494F85D51F04087AE60AFB7D1DE9C4E1293EE
                        Function 00BBA298 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 24c05244b1eb15813628da5e668fd9eac3902f16672d43ff0cc3e3d9cb9a9da7
                        • Instruction ID: 60384f0ba7d422526cc0e746520dd0b5106179944f1139361c8a74999d3ec389
                        • Opcode Fuzzy Hash: 24c05244b1eb15813628da5e668fd9eac3902f16672d43ff0cc3e3d9cb9a9da7
                        • Instruction Fuzzy Hash: 2AC012700047198AC601F775F84999937AAEBC1302B60C920B00E0616EDEBC59854F91
                        Function 00BBA297 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: edb99a8f756975c5384709094f243133af22b025c22b524708e9b2ed11e9f591
                        • Instruction ID: 288fc63e043c67b94b825abe4deb06b5a89ca289f3e497953136ea5519354de9
                        • Opcode Fuzzy Hash: edb99a8f756975c5384709094f243133af22b025c22b524708e9b2ed11e9f591
                        • Instruction Fuzzy Hash: 3DC012700046198AC601FB70F4495993766EBC1302B60C920B00E0A16EDEBC49864F81
                        Function 077BFE51 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214320633.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_77b0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fe2c68e01674339b09a7fdfc2012a0220694421879b6f83d50edca26523a32aa
                        • Instruction ID: aefab8cf5d57ee4df4e121970f9f8fb644103825d62d64fbba0ee92a9f9d3249
                        • Opcode Fuzzy Hash: fe2c68e01674339b09a7fdfc2012a0220694421879b6f83d50edca26523a32aa
                        • Instruction Fuzzy Hash: EFC04C9644D7C10ED307466858504C67F29A99353130D43E7D190DE5E3D51455968376

                        Non-executed Functions

                        Function 07928368 Relevance: 3.3, Instructions: 3301COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214515604.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7920000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f24cd8b76dc0285f616d891fd1172dc1fadcde5dfb7192d83d34b5b232d72c4b
                        • Instruction ID: ae4a543dc0f5136fe75e9bc1d43dd8e47dfb35dc453b55740947d29182d35968
                        • Opcode Fuzzy Hash: f24cd8b76dc0285f616d891fd1172dc1fadcde5dfb7192d83d34b5b232d72c4b
                        • Instruction Fuzzy Hash: A3537FB0E15218CBC754FF79D89969DBBB1BF48204F4084E9D48CA7350EE385E89CB96
                        Function 0792D3A0 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2214515604.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7920000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q$PH^q
                        • API String ID: 0-1598597984
                        • Opcode ID: ef8538ddf134bff88b0f093cb1187072c1dd5ae47a76df8c20ea93788d53cc29
                        • Instruction ID: 13abf25a0110a556fed6e067763f937b47f49730831c963bfe6095d34bf95f9b
                        • Opcode Fuzzy Hash: ef8538ddf134bff88b0f093cb1187072c1dd5ae47a76df8c20ea93788d53cc29
                        • Instruction Fuzzy Hash: 1DD1E4B4B00615CFDB04EF69C598AA9B7F5BF8D305F2580A8E409AB365CB31AD41CF60
                        Function 00BBE048 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: Xbq
                        • API String ID: 0-63242295
                        • Opcode ID: 49e7d58d7218c12e72756faedd59e892230415fb367b935cec37bd2d777f85be
                        • Instruction ID: 80c46e37b8f52c8e12b094bfb2542faaec271225f3ee475fc911118c826e0875
                        • Opcode Fuzzy Hash: 49e7d58d7218c12e72756faedd59e892230415fb367b935cec37bd2d777f85be
                        • Instruction Fuzzy Hash: 33B18934B00115CBDB285F39C4892FE76E6EFC4B01F688C99D8669B3A4CE78CC459B55
                        Function 05CDDF28 Relevance: .3, Instructions: 319COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2211198263.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5cd0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2b7b89f047344dd63965c85727be83c2a1b41cff558578b7c12343692bcfa042
                        • Instruction ID: c79f7b662a7bf89f3e67dbfe90979e4bb8a7e50dc695b7b8f4cd58ea804c45ae
                        • Opcode Fuzzy Hash: 2b7b89f047344dd63965c85727be83c2a1b41cff558578b7c12343692bcfa042
                        • Instruction Fuzzy Hash: 37A1BFB0B102549BDB58ABBC841477F66EBEFC8351F948578914EDB384CE389D4387A2
                        Function 06F5EDF2 Relevance: .3, Instructions: 270COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2212058266.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6f50000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d03717d5bd6de6bd766430202d9f10049b2e645456dc635a746bb7cc02846ba6
                        • Instruction ID: 4fe6b3d8875c76aad34080b0a804f7bd453ef87ab4fc450434afe15b5490ed62
                        • Opcode Fuzzy Hash: d03717d5bd6de6bd766430202d9f10049b2e645456dc635a746bb7cc02846ba6
                        • Instruction Fuzzy Hash: 94D1D931D1075ACACB11EBA4D994AD9B7B1EFD6300F50CB9AE0093B215EB706AC5CB91
                        Function 06F5EE00 Relevance: .3, Instructions: 264COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2212058266.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6f50000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3f10da5f9e7f6d34bbb761e41e06b4d9e8bae74e725d1d29f5f1a04cf0d6433
                        • Instruction ID: c37318b6caadf4ad152a463fb88d5da9c055b9ed246c2eb121a7b95641b14649
                        • Opcode Fuzzy Hash: a3f10da5f9e7f6d34bbb761e41e06b4d9e8bae74e725d1d29f5f1a04cf0d6433
                        • Instruction Fuzzy Hash: E0D1D931D1075ACACB11EBA4D994ADDB7B1EFD5300F50CB9AE0093B215EB706AC5CB91
                        Function 00BBBCC0 Relevance: 5.2, Strings: 4, Instructions: 172COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q$Hbq$$^q$$^q
                        • API String ID: 0-3400431855
                        • Opcode ID: aabff4e53d449f5275b2751adf3572394171c10c713d8b13c7f0616709806ede
                        • Instruction ID: 07221cef45b1b487b80924c6719e8faa6023aab02fdca26ff985a707fb1464eb
                        • Opcode Fuzzy Hash: aabff4e53d449f5275b2751adf3572394171c10c713d8b13c7f0616709806ede
                        • Instruction Fuzzy Hash: B751B1357002144BDB296B3994A8ABE26D7EFC474232848A9D547CB3A1DFF9CC02D791
                        Function 00BBA400 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2191858821.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_bb0000_PO#36538_orden_Indirect_Buyer_Procurement_Americas_mexicos_24.jbxd
                        Similarity
                        • API ID:
                        • String ID: \;^q$\;^q$\;^q$\;^q
                        • API String ID: 0-3001612457
                        • Opcode ID: 68ddf6da86f3239e0df993fafbe28027ddf009f29476b4ccecd0fae3d4526196
                        • Instruction ID: 91f2dbf6bfa2b6eb061fddfe5e4e8fb8827a81cb710dca6840e45db6481d5270
                        • Opcode Fuzzy Hash: 68ddf6da86f3239e0df993fafbe28027ddf009f29476b4ccecd0fae3d4526196
                        • Instruction Fuzzy Hash: B9017131F101149F8B648E2DC4989B677EBEF88B6172585BAE446CB3B0DEF0DC418752

                        Execution Graph

                        Execution Coverage:13%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:22
                        Total number of Limit Nodes:0
                        execution_graph 49194 8284018 49195 828404a 49194->49195 49199 828ae40 49195->49199 49203 828ae50 49195->49203 49196 82896e9 49200 828ae47 49199->49200 49207 828b0e0 49200->49207 49201 828af39 49201->49196 49204 828ae81 49203->49204 49206 828b0e0 DeleteFileW 49204->49206 49205 828af39 49205->49196 49206->49205 49208 828b0f4 49207->49208 49212 828b800 49208->49212 49216 828b810 49208->49216 49209 828b3eb 49209->49201 49213 828b833 49212->49213 49220 828295c 49213->49220 49217 828b833 49216->49217 49218 828295c DeleteFileW 49217->49218 49219 828bbcc 49218->49219 49219->49209 49221 828bcb0 DeleteFileW 49220->49221 49223 828bbcc 49221->49223 49223->49209

                        Executed Functions

                        Function 0811C344 Relevance: 7.0, Strings: 5, Instructions: 728COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 654 811c344-811f787 657 811f935-811f986 654->657 658 811f78d-811f793 654->658 682 811f9a0-811f9ba 657->682 683 811f988-811f995 657->683 659 811f795-811f79c 658->659 660 811f7d4-811f7e8 658->660 664 811f7b6-811f7cf call 811f1e0 659->664 665 811f79e-811f7ab 659->665 661 811f80a-811f813 660->661 662 811f7ea-811f7ee 660->662 667 811f815-811f822 661->667 668 811f82d-811f849 661->668 662->661 666 811f7f0-811f7fc 662->666 664->660 665->664 666->661 676 811f7fe-811f804 666->676 667->668 680 811f8f1-811f915 668->680 681 811f84f-811f85a 668->681 676->661 691 811f917 680->691 692 811f91f 680->692 689 811f872-811f879 681->689 690 811f85c-811f862 681->690 693 811fa01-811fa08 682->693 694 811f9bc-811f9c3 682->694 683->682 697 811f87b-811f885 689->697 698 811f88d-811f8b0 call 811afbc 689->698 695 811f864 690->695 696 811f866-811f868 690->696 691->692 692->657 699 811fa22-811fa2b 693->699 700 811fa0a-811fa17 693->700 702 811f9c5-811f9d2 694->702 703 811f9dd-811f9f2 694->703 695->689 696->689 697->698 710 811f8c1-811f8d2 698->710 711 811f8b2-811f8bf 698->711 706 811fa31-811fa34 699->706 707 811fa2d-811fa2f 699->707 700->699 702->703 703->693 714 811f9f4-811f9fb 703->714 712 811fa35-811fa39 706->712 707->712 719 811f8df-811f8eb 710->719 720 811f8d4-811f8d7 710->720 711->710 711->719 718 811fa41-811fa46 712->718 714->693 715 811fa8f-811faba call 81175d0 714->715 732 811fac1-811fb22 call 81175d0 715->732 721 811fa89-811fa8c 718->721 722 811fa48-811fa4f 718->722 719->680 719->681 720->719 724 811fa51-811fa5e 722->724 725 811fa69-811fa7e 722->725 724->725 725->721 730 811fa80-811fa87 725->730 730->721 730->732 741 811fb24-811fb37 732->741 742 811fb3a-811fb40 732->742 743 811fbb0-811fc08 742->743 744 811fb42-811fb49 742->744 745 811fc0f-811fc67 743->745 744->745 746 811fb4f-811fb5f 744->746 753 811fc6e-811fd7c 745->753 752 811fb65-811fb69 746->752 746->753 755 811fb6c-811fb6e 752->755 794 811fdce-811fe26 753->794 795 811fd7e-811fd8e 753->795 758 811fb70-811fb80 755->758 759 811fb93-811fb95 755->759 767 811fb82-811fb91 758->767 768 811fb6b 758->768 761 811fba4-811fbad 759->761 762 811fb97-811fba1 759->762 767->759 767->768 768->755 799 811fe2d-811ff0b 794->799 798 811fd94-811fd98 795->798 795->799 801 811fd9b-811fd9d 798->801 803 811fdb1-811fdb3 801->803 804 811fd9f-811fdaf 801->804 805 811fdc2-811fdcb 803->805 806 811fdb5-811fdbf 803->806 804->803 810 811fd9a 804->810 810->801
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$Hbq$Hbq$Hbq$PH^q
                        • API String ID: 0-1907916612
                        • Opcode ID: f8488b6c92f571582f006ad74e57349fa5c4da65664f4ef0f01e302281e672e1
                        • Instruction ID: 67dabae5caa41309aa4687180be18a05fa2d3c44f36ccd5ab6ad5458c5be9494
                        • Opcode Fuzzy Hash: f8488b6c92f571582f006ad74e57349fa5c4da65664f4ef0f01e302281e672e1
                        • Instruction Fuzzy Hash: 85228C34B002148FCB54AB78C454B6EBBA6BF88721F148579E54ADB3A5DF34DC078BA1
                        Function 08114040 Relevance: .6, Instructions: 596COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6ca7b11b4e2e3e36856cece5eef43f6a20bead6fbd22dbcdd215f06f67d103e
                        • Instruction ID: 5e6d1e07be3604ca155fb0ddbe090738c73ea560ae755522b3f1271f296f0b16
                        • Opcode Fuzzy Hash: b6ca7b11b4e2e3e36856cece5eef43f6a20bead6fbd22dbcdd215f06f67d103e
                        • Instruction Fuzzy Hash: AD525934A003558FCB14DF28C844B99B7F2FF89314F2586A9D5586F3A5DBB1A986CF80
                        Function 08114030 Relevance: .6, Instructions: 585COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d568ac183da80d11cb50246c91b4c7b9579f994b049dab32adebe1323cad7a4
                        • Instruction ID: 34639d897dfbefd19fa039600be976a3bf0858ae86a2c3518d1702887a0e19f1
                        • Opcode Fuzzy Hash: 3d568ac183da80d11cb50246c91b4c7b9579f994b049dab32adebe1323cad7a4
                        • Instruction Fuzzy Hash: A5525A34A003558FCB14DF28C844B99B7F2FF89314F2586A9D5586F3A1DBB1A986CF81
                        Function 05F2F2E0 Relevance: 6.6, Strings: 5, Instructions: 332COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1030 5f2f2e0-5f2f2f7 1032 5f2f35a-5f2f368 1030->1032 1033 5f2f2f9-5f2f308 1030->1033 1036 5f2f36a-5f2f375 call 5f261c8 1032->1036 1037 5f2f37b-5f2f37d 1032->1037 1033->1032 1038 5f2f30a-5f2f316 call 5f2da84 1033->1038 1036->1037 1044 5f2f43a-5f2f488 1036->1044 1140 5f2f37f call 5f2f2e0 1037->1140 1141 5f2f37f call 5f269f8 1037->1141 1142 5f2f37f call 5f2f2cf 1037->1142 1045 5f2f32a-5f2f346 1038->1045 1046 5f2f318-5f2f324 call 5f2da94 1038->1046 1043 5f2f385-5f2f394 1052 5f2f396-5f2f3a7 call 5f2daa4 1043->1052 1053 5f2f3ac-5f2f3af 1043->1053 1073 5f2f4a1-5f2f4b2 1044->1073 1074 5f2f48a-5f2f49d 1044->1074 1059 5f2f3f5-5f2f433 1045->1059 1060 5f2f34c-5f2f350 1045->1060 1046->1045 1054 5f2f3b0-5f2f3ee 1046->1054 1052->1053 1054->1059 1059->1044 1060->1032 1076 5f2f4b4-5f2f4ba 1073->1076 1077 5f2f4bb-5f2f4c5 call 5f24318 1073->1077 1074->1073 1081 5f2f701-5f2f72d 1077->1081 1082 5f2f4cb-5f2f4e4 call 5f2dacc * 2 1077->1082 1089 5f2f734-5f2f78d 1081->1089 1082->1089 1090 5f2f4ea-5f2f50c 1082->1090 1097 5f2f50e-5f2f51c call 5f2daa4 1090->1097 1098 5f2f51d-5f2f52c 1090->1098 1104 5f2f551-5f2f572 1098->1104 1105 5f2f52e-5f2f54b 1098->1105 1111 5f2f5c2-5f2f5ea 1104->1111 1112 5f2f574-5f2f585 1104->1112 1105->1104 1135 5f2f5ed call 8282718 1111->1135 1136 5f2f5ed call 8282748 1111->1136 1137 5f2f5ed call 5f2f9f0 1111->1137 1138 5f2f5ed call 5f2fa20 1111->1138 1139 5f2f5ed call 828270b 1111->1139 1115 5f2f587-5f2f59f call 5f2dadc 1112->1115 1116 5f2f5b4-5f2f5b8 1112->1116 1123 5f2f5a1-5f2f5a2 1115->1123 1124 5f2f5a4-5f2f5b2 1115->1124 1116->1111 1119 5f2f5f0-5f2f615 1127 5f2f617-5f2f62c 1119->1127 1128 5f2f65b 1119->1128 1123->1124 1124->1115 1124->1116 1127->1128 1130 5f2f62e-5f2f651 1127->1130 1128->1081 1130->1128 1134 5f2f653 1130->1134 1134->1128 1135->1119 1136->1119 1137->1119 1138->1119 1139->1119 1140->1043 1141->1043 1142->1043
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                        • API String ID: 0-1677660839
                        • Opcode ID: c44f7c01c841d08404943ce1da601630de9515fa2abe99a3c40264390d033203
                        • Instruction ID: d9a06e4447d7e0654f1f07652cdcc6b4d1cae2a980a015ef27f533bd6a28614d
                        • Opcode Fuzzy Hash: c44f7c01c841d08404943ce1da601630de9515fa2abe99a3c40264390d033203
                        • Instruction Fuzzy Hash: FFC17974B142258FCB14EB79C5549AEBBF2FF89210B6444A8D946EB390DE39DC42CB60
                        Function 07E71D28 Relevance: 2.9, Strings: 2, Instructions: 422COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3407 7e71d28-7e71d3a 3408 7e71d3c-7e71d59 3407->3408 3409 7e71d9a-7e71e0e 3407->3409 3502 7e71d5b call 8282bbc 3408->3502 3503 7e71d5b call 828e01c 3408->3503 3433 7e71e12 3409->3433 3415 7e71d60-7e71d64 3416 7e71e15-7e71e1d 3415->3416 3417 7e71d6a-7e71d70 3415->3417 3422 7e71e24-7e71e54 3416->3422 3499 7e71d71 call 5f2d9c8 3417->3499 3500 7e71d71 call 5f2e009 3417->3500 3501 7e71d71 call 5f2da1c 3417->3501 3420 7e71d76-7e71d7a 3420->3422 3423 7e71d80-7e71d99 3420->3423 3432 7e71e56-7e71e60 3422->3432 3422->3433 3434 7e71e62-7e71e68 3432->3434 3435 7e71e69-7e7227f 3432->3435 3433->3416 3499->3420 3500->3420 3501->3420 3502->3415 3503->3415
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq$Hbq
                        • API String ID: 0-4258043069
                        • Opcode ID: 5a34d23c9f33255dd98bd4ba392da79ad6e1b4411ca82a115372e355ae14a2dd
                        • Instruction ID: 29fbbcec8293fa7325a17c52ad58a09e959634a5ed30da91802babab8b11946f
                        • Opcode Fuzzy Hash: 5a34d23c9f33255dd98bd4ba392da79ad6e1b4411ca82a115372e355ae14a2dd
                        • Instruction Fuzzy Hash: F8D1E670B112158BCB04FBB9D89926EBBB6FFC8604F404569D449E7390DE389C09C7A7
                        Function 0811C9A0 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3504 811c9a0-811c9d6 3507 811cd99-811cdc4 call 81175d0 3504->3507 3508 811c9dc-811c9ef call 811c314 3504->3508 3522 811cdcb-811ce1b call 81175d0 3507->3522 3512 811c9f1-811c9fb 3508->3512 3513 811ca03-811ca29 3508->3513 3512->3513 3513->3522 3523 811ca2f-811ca45 call 811c324 3513->3523 3550 811ce1d-811ce31 3522->3550 3551 811ce3c-811ce44 3522->3551 3527 811cb27-811cb2b 3523->3527 3528 811ca4b-811ca65 3523->3528 3529 811cb3b-811cb4b call 811c334 3527->3529 3530 811cb2d-811cb33 3527->3530 3536 811ca67-811ca75 3528->3536 3537 811ca7d-811ca99 3528->3537 3539 811cb82-811cba0 call 811c344 3529->3539 3540 811cb4d-811cb68 3529->3540 3530->3529 3536->3537 3553 811caf6-811cb1a 3537->3553 3554 811ca9b-811caa6 3537->3554 3552 811cba5-811cbbc call 8119a98 3539->3552 3599 811cb6b call 8283208 3540->3599 3600 811cb6b call 8283218 3540->3600 3549 811cb6e-811cb76 3550->3551 3562 811cbd4-811cbf0 3552->3562 3563 811cbbe-811cbcc 3552->3563 3565 811cb24-811cb25 3553->3565 3566 811cb1c 3553->3566 3560 811caa8-811caae 3554->3560 3561 811cabe-811cacf 3554->3561 3567 811cab0 3560->3567 3568 811cab2-811cab4 3560->3568 3574 811cad1-811cad4 3561->3574 3575 811cad6-811cad9 3561->3575 3578 811cbf2-811cbfd 3562->3578 3579 811cc64-811cc88 3562->3579 3563->3562 3565->3527 3566->3565 3567->3561 3568->3561 3577 811cadc-811caf4 3574->3577 3575->3577 3577->3553 3577->3554 3583 811cc15-811cc22 3578->3583 3584 811cbff-811cc05 3578->3584 3591 811cc92 3579->3591 3592 811cc8a 3579->3592 3589 811cc24-811cc30 3583->3589 3590 811cc36-811cc62 call 811afcc 3583->3590 3587 811cc07 3584->3587 3588 811cc09-811cc0b 3584->3588 3587->3583 3588->3583 3589->3590 3590->3578 3590->3579 3591->3507 3592->3591 3599->3549 3600->3549
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q$PH^q
                        • API String ID: 0-1598597984
                        • Opcode ID: db3676f54d0d2527964d4996267c8988ae33a791e38f99af321bc897d38bf4a0
                        • Instruction ID: 42bf13327f8ea2fe17368d24abb7155467e88896ea4d1958b06e0a67ea3dc788
                        • Opcode Fuzzy Hash: db3676f54d0d2527964d4996267c8988ae33a791e38f99af321bc897d38bf4a0
                        • Instruction Fuzzy Hash: 7CC1E674B40215CFCB58DF68D594AADBBF2FF88712B1545A8E406AB3A1DB31EC41CB90
                        Function 08113F08 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3714 8113f08-811557b 3717 8115582-81155e1 3714->3717 3718 811557d-8115581 3714->3718 3724 81155e3-81155ec 3717->3724 3725 81155ee 3717->3725 3726 81155f0-81155f5 3724->3726 3725->3726 3727 81155f7-81155f9 3726->3727 3728 811563a-811566f 3726->3728 3729 8115676-811568c 3727->3729 3730 81155fb-81155fe 3727->3730 3728->3729 3735 811568e-811568f 3729->3735 3730->3729 3732 8115600-8115603 3730->3732 3732->3729 3734 8115605-8115608 3732->3734 3734->3729 3737 811560a-811560e 3734->3737 3738 8115691 3735->3738 3739 8115692-81156a0 3735->3739 3740 8115610-8115613 3737->3740 3741 8115615-811562a 3737->3741 3738->3739 3747 81156a4 3739->3747 3740->3741 3742 8115635-8115639 3740->3742 3741->3742 3743 811562c-8115630 call 8113f24 3741->3743 3743->3742 3747->3735 3749 81156a5-81156e5 3747->3749 3749->3747 3755 81156e7-8115702 3749->3755 3756 8115754-8115756 3755->3756 3757 8115704-811570a 3755->3757 3758 811570c-8115714 3757->3758 3759 811571f-8115725 3757->3759 3765 811571a call 8115758 3758->3765 3766 811571a call 8115768 3758->3766 3760 8115727-811573a 3759->3760 3761 811573b-8115741 3759->3761 3761->3756 3763 8115743-811574b 3761->3763 3762 811571c-811571e 3763->3756 3765->3762 3766->3762
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$Hbq
                        • API String ID: 0-4081012451
                        • Opcode ID: 52d5983c8df2d436ff1f55d558cdc8a7d71f8b52ec1176c3f63cbcc93a33f47f
                        • Instruction ID: 39dc4fb949be7e7c28bc6a70b7f378c6e99133636ffe1d028da33b549e081fa0
                        • Opcode Fuzzy Hash: 52d5983c8df2d436ff1f55d558cdc8a7d71f8b52ec1176c3f63cbcc93a33f47f
                        • Instruction Fuzzy Hash: 94510135A046509FCB559F68D0546E9BBE2FFC4311B1884BAD44ACB745CF35AC42CBE1
                        Function 05F2C030 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3850 5f2c030-5f2c092 call 5f2b3d0 3856 5f2c094-5f2c096 3850->3856 3857 5f2c0f8-5f2c124 3850->3857 3858 5f2c12b-5f2c133 3856->3858 3859 5f2c09c-5f2c0a8 3856->3859 3857->3858 3864 5f2c13a-5f2c196 3858->3864 3859->3864 3865 5f2c0ae-5f2c0e9 call 5f2b3dc 3859->3865 3881 5f2c198-5f2c19c 3864->3881 3875 5f2c0ee-5f2c0f7 3865->3875 3881->3881 3882 5f2c19e 3881->3882
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq$Hbq
                        • API String ID: 0-4258043069
                        • Opcode ID: 022bc545bf61801e5b47283e031b15756c98dfb8e6191c2e0f3204a42d7b6eef
                        • Instruction ID: ed7853e514fddc93032886bfac97be04b4ab3b03158420801f8f1abef4c6b723
                        • Opcode Fuzzy Hash: 022bc545bf61801e5b47283e031b15756c98dfb8e6191c2e0f3204a42d7b6eef
                        • Instruction Fuzzy Hash: 0D41D374F002554FCF45ABB988545BE7BF7BFC9210B14446AD50AEB395DF388D0287A2
                        Function 07E70285 Relevance: 2.0, Strings: 1, Instructions: 768COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te^q
                        • API String ID: 0-671973202
                        • Opcode ID: bc8a99ae889066d85d5ef0e9f4d5e296a5a8acce318263ebed37c3084ebbde8b
                        • Instruction ID: 52a97ea40e28833f6c7f2e53168645d36b2614e37f550b4c0d427a96a3818e8b
                        • Opcode Fuzzy Hash: bc8a99ae889066d85d5ef0e9f4d5e296a5a8acce318263ebed37c3084ebbde8b
                        • Instruction Fuzzy Hash: 1652BE70A112258BDB44EF79DC9476DBBB2FF88604F4085A9D08DE7350DE389D89CB92
                        Function 08114AC8 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq
                        • API String ID: 0-1245868
                        • Opcode ID: 1eb7169a0ecddf0236922618defa9816312b5526e8c902ab8d936b0bc131cc1b
                        • Instruction ID: e6e73635c434fbc92b14b8cd93e23cbe0fae08ddaa175e63a6c5db6396d1db26
                        • Opcode Fuzzy Hash: 1eb7169a0ecddf0236922618defa9816312b5526e8c902ab8d936b0bc131cc1b
                        • Instruction Fuzzy Hash: DC4113367042109FCB055B78985467F7AA7EFC5722B158439E946CB398DF38CC4283E6
                        Function 0811C990 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q
                        • API String ID: 0-2549759414
                        • Opcode ID: 6b98447a34ff68b1800ef44720bd7f556bae3d39f72443e2ad3dcfad7ce95b38
                        • Instruction ID: 0d594173b6ef68cd5e7af3521a10d1c6c82066bf721af962d59f6781473b70a4
                        • Opcode Fuzzy Hash: 6b98447a34ff68b1800ef44720bd7f556bae3d39f72443e2ad3dcfad7ce95b38
                        • Instruction Fuzzy Hash: 2C510534A40214CFCB18DF28D598A99BBF1BF48726B1585A8E406EB3A1DB31EC41CF90
                        Function 0811F934 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: f8824c19eeb7adc061441881a523de14688f16174c3b513340a1a78d610ed550
                        • Instruction ID: 26da86048a788f2c403a9f40559fdfca5a17d00862788499a6f0bcf89f2ddd1f
                        • Opcode Fuzzy Hash: f8824c19eeb7adc061441881a523de14688f16174c3b513340a1a78d610ed550
                        • Instruction Fuzzy Hash: DD416F303006108FCB64DB38D458B5A77E2BF85726F15856DE15ACB2A1DF74A88BCB50
                        Function 07E71020 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 930c1813b931849018f6a53235211772c0ddafd17b031e71577d74adb52b4d9b
                        • Instruction ID: 0b9b8ac24441b403730567df981a913479a581990f2cbe8060e09cc514be6449
                        • Opcode Fuzzy Hash: 930c1813b931849018f6a53235211772c0ddafd17b031e71577d74adb52b4d9b
                        • Instruction Fuzzy Hash: 4E31CF71E0074A8FCB00DFBDD8504EEFBB0EF89220B10826BD509E7251EB309985CB91
                        Function 07E7195F Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: cc150156e358c52b255f4e44119bfb0f8a09cb8ff366f7d34c8a1d97734b747d
                        • Instruction ID: 10ff6be13a85bfb400fd4134ce8cf4c85b987d4868a972c55ffd42b9a98defad
                        • Opcode Fuzzy Hash: cc150156e358c52b255f4e44119bfb0f8a09cb8ff366f7d34c8a1d97734b747d
                        • Instruction Fuzzy Hash: 403122B4D01259DFCB24DFA9C488B9EBFF5EF89314F20846AE445AB240C7746985CF61
                        Function 07E718DB Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: dec96c59a590377cc11e4b09c3dbbdcf14efada7acae0dce6871d77bf8221e77
                        • Instruction ID: 22d8d5fb934e0465399a2266c484e3d8585a84c856566cdc5e00441f75593794
                        • Opcode Fuzzy Hash: dec96c59a590377cc11e4b09c3dbbdcf14efada7acae0dce6871d77bf8221e77
                        • Instruction Fuzzy Hash: F311E9B49193998FDB059B78C4197AE7FB19FD6620F64159AC0039F2C1CA380D45C752
                        Function 08111BA8 Relevance: .8, Instructions: 784COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: df5097edcf5a8fdcd0806a585f63b5c43146954cd0578e8c637945db8bfaaaf7
                        • Instruction ID: 9ac6ce009d4d2f88ee3655ef714d19eb95e1d679e343d021ee618f783a9c1b91
                        • Opcode Fuzzy Hash: df5097edcf5a8fdcd0806a585f63b5c43146954cd0578e8c637945db8bfaaaf7
                        • Instruction Fuzzy Hash: 536243B0E00B828BDF74DF78D4587ADBAA1EF55302F50493EC5AACB680DB349481DB56
                        Function 08111BE8 Relevance: .5, Instructions: 456COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f0a95e27e8a86c2c7a5ce9ef9f124fa8c8478790c4eb4e09215b7775edb8513
                        • Instruction ID: 7c7d6111a7f0991154a0ad23002f4d2d89be899ba90ac6a1c18a39a30465cc51
                        • Opcode Fuzzy Hash: 6f0a95e27e8a86c2c7a5ce9ef9f124fa8c8478790c4eb4e09215b7775edb8513
                        • Instruction Fuzzy Hash: 7A227DF0901BC24ADF78DF68949479EB690EF15302F60492FC6FACA694C7349086EB57
                        Function 0811A113 Relevance: .4, Instructions: 410COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c9f95fe64abf48d317e1086517835980e74dd6bc4d4bc6846fd17af2e6d8e3b2
                        • Instruction ID: 5eb3cdcb87d1dd7abb72fcf0c04c55b5d241585d67e2db8aeab951827d54d85d
                        • Opcode Fuzzy Hash: c9f95fe64abf48d317e1086517835980e74dd6bc4d4bc6846fd17af2e6d8e3b2
                        • Instruction Fuzzy Hash: AD021734601214DFCB44DF68D498AADBBF2BF89312F5585B8E4099B366DB31EC86CB50
                        Function 05F2FA20 Relevance: .2, Instructions: 219COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce87c2648eecbd6eeae6d2ed7ee3885271ef8bae339b6cece1a31ceb99aab67a
                        • Instruction ID: c8bd8ff67aaa57b2407b2b8e79a63761cef679f8a5acc6b5ff7ed7d2827579be
                        • Opcode Fuzzy Hash: ce87c2648eecbd6eeae6d2ed7ee3885271ef8bae339b6cece1a31ceb99aab67a
                        • Instruction Fuzzy Hash: B381F0787206108FCB04EB68D4989A97BF6FF89605B1541A9E906CB372DB75EC41CB80
                        Function 05F275A0 Relevance: .2, Instructions: 186COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 545b96158e059811d9dfdaed57ecace6a1ae6738132d8e17ad3731f0fb8864da
                        • Instruction ID: 5f9639fdc487259c2f8a0fddff219f28cddb514602be533d2f89ed210fc7666f
                        • Opcode Fuzzy Hash: 545b96158e059811d9dfdaed57ecace6a1ae6738132d8e17ad3731f0fb8864da
                        • Instruction Fuzzy Hash: FB717E71E046198FCB14EFA9C4586ADBFB6FF88305F108569E816A7350EF38E945CB90
                        Function 05F2B3DC Relevance: .2, Instructions: 157COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 08d51648606d7d09d0c874ebacfe26027750e9c664b8fb74e8db16ead3c9a510
                        • Instruction ID: b23cfd4a9d0a72262ffef471b8ae0b614bb7b89f397b97e0387387a400aa5e51
                        • Opcode Fuzzy Hash: 08d51648606d7d09d0c874ebacfe26027750e9c664b8fb74e8db16ead3c9a510
                        • Instruction Fuzzy Hash: 025156B5E002599FCB14DFA9C848AAFBFF6EF84300F10852AD555E7250DB749901CB91
                        Function 07E71129 Relevance: .1, Instructions: 148COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 04bca6133c6bd2a48a8e02d0d6e80196d6a80b9cd5ad903211211705a26ddd4b
                        • Instruction ID: 15a8bdb81484654bb28bcd0da7b03e8afacba303102ba2f58cec9ef1555ceb8c
                        • Opcode Fuzzy Hash: 04bca6133c6bd2a48a8e02d0d6e80196d6a80b9cd5ad903211211705a26ddd4b
                        • Instruction Fuzzy Hash: A451ECB1E0538A8FCF10DFA8E844AEEFBF4AB89324F10456AD405AB241D7386905CB61
                        Function 05F2BFF4 Relevance: .1, Instructions: 135COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d0298158b30c512d5bfa95fa014f79d607fcf9333f1eaa96ec22930406df3e41
                        • Instruction ID: 0e00e2b91715ea7a0a4268152f33b16542c9de2759cf3cf6068dbcfc1412da61
                        • Opcode Fuzzy Hash: d0298158b30c512d5bfa95fa014f79d607fcf9333f1eaa96ec22930406df3e41
                        • Instruction Fuzzy Hash: B141B2B0E02328EFCB14DFA4E9445ADBFB2FF85315F2185AAE441A7651CB389856CF50
                        Function 08113E64 Relevance: .1, Instructions: 134COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15bda9ee137a9e58d740ebaa213315ede6da8ba5b62db0c335fba803dbc66038
                        • Instruction ID: a3ac052251b7363d9aeee16254827ca9225aaa27678f3f9ab964d58e8bf86f3d
                        • Opcode Fuzzy Hash: 15bda9ee137a9e58d740ebaa213315ede6da8ba5b62db0c335fba803dbc66038
                        • Instruction Fuzzy Hash: CB51A1759043598FCF00CFA9D8846AFBBF6FF45711F14886AE808E7241D7349944CBA5
                        Function 08118EC0 Relevance: .1, Instructions: 128COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 718bc231658be68954ff13b5e1dd06165ba2e3df99ca959d7fddb8f65aebee51
                        • Instruction ID: a8b613df534e69b21ae7409e27c9a4f6c07ba2c9f65094c101751c2b905c46a5
                        • Opcode Fuzzy Hash: 718bc231658be68954ff13b5e1dd06165ba2e3df99ca959d7fddb8f65aebee51
                        • Instruction Fuzzy Hash: E541B3306187558FCB25DB78C41422EBBE3AF86222B1885BDD09ACB6D1DB35D842CB51
                        Function 05F28650 Relevance: .1, Instructions: 124COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f5f4b81223d552f125e0908fafdef2a62498f5f88b8bcd2e3243f11d5ad8ab8f
                        • Instruction ID: 2dce8c72c2005c86a8d9eb324f24d2997662b8750c6089f356a17954f1e8b0cb
                        • Opcode Fuzzy Hash: f5f4b81223d552f125e0908fafdef2a62498f5f88b8bcd2e3243f11d5ad8ab8f
                        • Instruction Fuzzy Hash: BB4160B5E00628CBDF15EFB5C4546EDBEB2EB88294F145479D402BB280DB388985CB96
                        Function 05F26A50 Relevance: .1, Instructions: 118COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7504245491a6e9bce2a7c35d220dca260b784e821fba3ce1ecf7e34ff99efae0
                        • Instruction ID: 5f79b37b7241a3cb68895665fd7e9bc1db49d29007d6622bfacb70f6985ff55d
                        • Opcode Fuzzy Hash: 7504245491a6e9bce2a7c35d220dca260b784e821fba3ce1ecf7e34ff99efae0
                        • Instruction Fuzzy Hash: 8641D474B042288FDB54DBA8C858BDDB7B1FF88715F114069E905EB3A1DB79A801CB60
                        Function 0811DBB9 Relevance: .1, Instructions: 109COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 87859b273b662e735b550c26aed515f11347411a67396492ccb484950824197e
                        • Instruction ID: 6df6c7e1310cbabaaac51354a6fb27230258db562cb6752ee3f23f2925ff6a48
                        • Opcode Fuzzy Hash: 87859b273b662e735b550c26aed515f11347411a67396492ccb484950824197e
                        • Instruction Fuzzy Hash: 3E31A0343006108FCB05AF38D45862EBBE6AF89622B04466DE04AC7791EF74ED46CBA1
                        Function 05F26594 Relevance: .1, Instructions: 108COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d8ee935defbf69b61192fcfb7d64865ea7927054aca238cd53c4f97ed5363fa
                        • Instruction ID: c0fb00d07b0c30ba96e2a65ccc39fce9721e4b74ea224112314cde11682b388f
                        • Opcode Fuzzy Hash: 3d8ee935defbf69b61192fcfb7d64865ea7927054aca238cd53c4f97ed5363fa
                        • Instruction Fuzzy Hash: 06316D71B002148FCB14DB7DD844AAD77E6EF89661B1405BAE51ACB3A0EB35EC01CB50
                        Function 0811DBC8 Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: faffe9297a22e126dfe59a59e2f55d2fc42f0060241d4d62ee7e734f81df5d0c
                        • Instruction ID: 073851082026cc3adafa2c81ffa196c56fa2764c7b585640c7a8ec5be85c2ad8
                        • Opcode Fuzzy Hash: faffe9297a22e126dfe59a59e2f55d2fc42f0060241d4d62ee7e734f81df5d0c
                        • Instruction Fuzzy Hash: 1A3160743006108FCB15AF38D45862EBBE6BF89621B14467DE40AC7791EF74E942CB91
                        Function 0811B164 Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e0053725682663cb27c1da7187b6ac15fca1b0ac064a58a5399a6e4d73169150
                        • Instruction ID: 5c3f8b5c750c8b277281a5baa357681b2a3884ea4b3c8bc7348e094c0644c2cb
                        • Opcode Fuzzy Hash: e0053725682663cb27c1da7187b6ac15fca1b0ac064a58a5399a6e4d73169150
                        • Instruction Fuzzy Hash: AC3119383506108FDB18DB29C484B6A73E6EF89716F1584BDE54ACB761DF71E842CBA0
                        Function 05F2BEF4 Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b1571a57d4ea3efacc2bd7e339467bf3ff1027a159d033d1eeb37f1b24d6e8c9
                        • Instruction ID: 2820d25d2c8c6f9f6a44c918c8e5fa70867faecc4c5f1a8abcf2480095395e33
                        • Opcode Fuzzy Hash: b1571a57d4ea3efacc2bd7e339467bf3ff1027a159d033d1eeb37f1b24d6e8c9
                        • Instruction Fuzzy Hash: 0241E2B1D00318DBDB24DFA9C584ADDFBB5BF48304F64812AD409BB200D775AA46CF90
                        Function 05F2B3D0 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4e6a3fa8deb90cbbd24cf518f789241256ca652fde6af824f45ead73da5541c8
                        • Instruction ID: 5b25b38f887b5fdb5ce53fb7463a6f0d1a1260908b9c6fb2242b866e341e9eb8
                        • Opcode Fuzzy Hash: 4e6a3fa8deb90cbbd24cf518f789241256ca652fde6af824f45ead73da5541c8
                        • Instruction Fuzzy Hash: EC41BFB0D103589FDB14CFDAC884A9EFBB5BF48710F20822AE419AB250DB746945CF91
                        Function 05F2F9F0 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5405a67f46f1d01c587bed9b2d498904bfe9c446c49689d78f8e5fd2ce0faa83
                        • Instruction ID: 5eee84f1b0b356dffed79306a71c3cdee6a587c5fa24b0379c5a8824f9eed057
                        • Opcode Fuzzy Hash: 5405a67f46f1d01c587bed9b2d498904bfe9c446c49689d78f8e5fd2ce0faa83
                        • Instruction Fuzzy Hash: 2B318B75B146118FCB15DF38C8989AE7BF6EF89601B1501AAE552CB372DB75EC01CB80
                        Function 05F2C1A7 Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b2c55738b0c5bf7583fd7d612f95e23f49f9b92773a60b99222a0838c4cbf105
                        • Instruction ID: f5507efe3205d8c1d6fe442774e9abdf29fabf31a9ce6e49d0fbcb632b5bba36
                        • Opcode Fuzzy Hash: b2c55738b0c5bf7583fd7d612f95e23f49f9b92773a60b99222a0838c4cbf105
                        • Instruction Fuzzy Hash: 3A41AFB4D103589FDB14CFEAD884A9EFBB5BF48710F20822AE419AB250DB746945CF51
                        Function 07E7176F Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f896864ac21242b69b0f1737e40dd9d84d8a3c708a593d06a1543ba71859c494
                        • Instruction ID: 13f0c56db9d82e3effaa3ff334f32a948ba5bfff8798a44f0c22517fca2333f7
                        • Opcode Fuzzy Hash: f896864ac21242b69b0f1737e40dd9d84d8a3c708a593d06a1543ba71859c494
                        • Instruction Fuzzy Hash: 3041687091070A9FDB05EFA8C484A9DFBB1EF89314F14C669D8496B261EB70A9C1CB91
                        Function 05F2D810 Relevance: .1, Instructions: 85COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cec0d05e77b6b0e985a6b63311951809c9c84ff58e2dd78b3440e015992fdef3
                        • Instruction ID: bf28f56d1ef99a9dfed7a211347980bf112f95c754d8b575aca858d993fae9ee
                        • Opcode Fuzzy Hash: cec0d05e77b6b0e985a6b63311951809c9c84ff58e2dd78b3440e015992fdef3
                        • Instruction Fuzzy Hash: 0C319FB0E05A169FC718DF6AC444A6ABBF6FF88300B14C529E41ADB210DB34E842CB90
                        Function 0811CFD8 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 655236209b880912e1c0f91fd8832248c5ecece7c5b9a28719bd7e7d7062d9f5
                        • Instruction ID: b8b20ee01e3652bc0d81f537375789e07e268024e9deee7ef75aaddc06682e9d
                        • Opcode Fuzzy Hash: 655236209b880912e1c0f91fd8832248c5ecece7c5b9a28719bd7e7d7062d9f5
                        • Instruction Fuzzy Hash: BD2192343105118B8E196678652823F7AD79FC8AA3705417DD906D7384EF35CC839BB6
                        Function 0811F1E0 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 319119a24d6dea622923ce2e57d10a72fa16a4ee65fce62b64f3fcba59c7921c
                        • Instruction ID: 401e0905d5f85611ce38feb0853f4c917361b5ce1d053c10ab9e0b35a59cf053
                        • Opcode Fuzzy Hash: 319119a24d6dea622923ce2e57d10a72fa16a4ee65fce62b64f3fcba59c7921c
                        • Instruction Fuzzy Hash: 17316E30200700CFCB64DB28D488B6677A5FF84726F55856DE15E8B2A1DF74E88BCB50
                        Function 05F2DEA0 Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c0048e57967b3e1ceca0124358f3ce72ef11c6d4f92e1209bf57f98c9a37de31
                        • Instruction ID: c1c8a35f497b2103fd82633d0c10efe4938da5e6a3b7401acf24c97cac31bcc2
                        • Opcode Fuzzy Hash: c0048e57967b3e1ceca0124358f3ce72ef11c6d4f92e1209bf57f98c9a37de31
                        • Instruction Fuzzy Hash: EE3161B0E05A169FD718DF6AC544A6ABBF6FF88700B15C51CE45ADB710DB34E842CB90
                        Function 05F2E868 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b16636392e0761fdb71f0c51b0eb54d3a2ba90f852be0592ce4b9c1d06af11d
                        • Instruction ID: 7e4052226d8636a915564084da7b9b68e883b48343a731f25c25215a17edebb4
                        • Opcode Fuzzy Hash: 4b16636392e0761fdb71f0c51b0eb54d3a2ba90f852be0592ce4b9c1d06af11d
                        • Instruction Fuzzy Hash: 5E312BB0A147119FDB31DF38C441A66B7F6FB45210F140E2AE1EACB641D734E845CB91
                        Function 05F2F2CF Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a4030884855236e7bc021bab02acad64a0b2efde27e83560331ea2b4cd1b7740
                        • Instruction ID: d86dc9a54ee136b00ba40303a9a9349485ecf132970e16eb1ce9ac6531065713
                        • Opcode Fuzzy Hash: a4030884855236e7bc021bab02acad64a0b2efde27e83560331ea2b4cd1b7740
                        • Instruction Fuzzy Hash: D921B0703103218BCB25AB7588A096A77FBFFC5245B54496CD942CB7A1EF39DC46CB60
                        Function 0811CC95 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f1cc8349f85b23fdcc70784fa5b3a58140d1270f2acc56ae383d011a7367450
                        • Instruction ID: 496c791b846395390272c1e4fd59219506b54fcb39d9cdf7ba75b16edae08f45
                        • Opcode Fuzzy Hash: 3f1cc8349f85b23fdcc70784fa5b3a58140d1270f2acc56ae383d011a7367450
                        • Instruction Fuzzy Hash: 8931C535610204CFCF14DF68D554AADBBF2AF88362F154569D806AB3A0DB31ED81CFA5
                        Function 05F2BF70 Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6326e2285278292e4b3270b0df4b6f0820d68191c5f123a488d55dc48c55062f
                        • Instruction ID: 0f05131ffc5d17c91205fc177ed02e89cca73a608f2cadcdf5bab45348a635e4
                        • Opcode Fuzzy Hash: 6326e2285278292e4b3270b0df4b6f0820d68191c5f123a488d55dc48c55062f
                        • Instruction Fuzzy Hash: 5831A4B1C093998FCB02DF6DC4546CEFFF5AF46210F09859BD455AB252D2395808CBA5
                        Function 08110E7F Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f6c0b3490d2d2b71f82afeb567f1037d049e8fb6fc4f5e50709a8f36f026c641
                        • Instruction ID: 5d2cc48c2309545df9defe9dce5c84843f5d4531ffdf5e13243a7ca868546c50
                        • Opcode Fuzzy Hash: f6c0b3490d2d2b71f82afeb567f1037d049e8fb6fc4f5e50709a8f36f026c641
                        • Instruction Fuzzy Hash: 1E314232D14B4ADECB01AF78C8544D9FB71FF99310B118B5AE99967121EB30E695CB80
                        Function 05F2E878 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ff9ea13b8be8a4a3378e13ff42c537e87636e91efc864e4dea743c9cd0a2538
                        • Instruction ID: a2cb33e3ce7052c0455033d02976e60471d1c596c62cc3fff6d99077fade86ba
                        • Opcode Fuzzy Hash: 1ff9ea13b8be8a4a3378e13ff42c537e87636e91efc864e4dea743c9cd0a2538
                        • Instruction Fuzzy Hash: 80210AB0B10B148BDB70CF38C482B66B7FAFB45210F140E2AE1AACBA01D734F4048B50
                        Function 0171D63C Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2901329680.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_171d000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44649310db5cf048c1c8f71852e067d8e5f812d3c86394fb8de8883b01473146
                        • Instruction ID: 76670cdb99a110f99f970913616d80f8f8a4bf233409f1497f8da0a39ff8cc7f
                        • Opcode Fuzzy Hash: 44649310db5cf048c1c8f71852e067d8e5f812d3c86394fb8de8883b01473146
                        • Instruction Fuzzy Hash: 7E2148B1500240DFCB11DF58D8C8B16FF65FB98320F20C9A8E8090B25AC336D416CBA1
                        Function 05F28F05 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c840ab6a284c816f7d14941d20c87d429f9ebbc1f557e0a22125d054111a6b52
                        • Instruction ID: 996efa019893835b22057a26adff6e1fe430d84d05c41c5c59558a7a1778f71d
                        • Opcode Fuzzy Hash: c840ab6a284c816f7d14941d20c87d429f9ebbc1f557e0a22125d054111a6b52
                        • Instruction Fuzzy Hash: 7F21DE75E1020AAFCB059FA4D848AEEBFB7FF88310F048525E102BB254DF34A845CB91
                        Function 05F28F08 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c181d671cded04479a989d8d3e8e23ab2c582fefe486ad85560cdca323a51f1d
                        • Instruction ID: 843e52ca2e8b7605a4c80913d42d1b2db1fc9c3a239d583eeca5d4a96ada21a3
                        • Opcode Fuzzy Hash: c181d671cded04479a989d8d3e8e23ab2c582fefe486ad85560cdca323a51f1d
                        • Instruction Fuzzy Hash: FF21E075E1020AAFCB059FA4D848AEEBFB7FFC9310F048525E502AB254DF74A845CB91
                        Function 08114AC5 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 32a9c5980cd20efbf9e6178e21596c3f0b8fc437f17b89dc9edc7367f9ba43b1
                        • Instruction ID: 5592ab79e710716e4a22a259bf84ffa411c23b430c0c3c1d146fa0ae1e13ad64
                        • Opcode Fuzzy Hash: 32a9c5980cd20efbf9e6178e21596c3f0b8fc437f17b89dc9edc7367f9ba43b1
                        • Instruction Fuzzy Hash: 4521C5367009119BCB105F98D884A7FB7ABEF85B23F018025E905D7294DF79DC81C3A9
                        Function 08110E90 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8dfd98131234de8c0f9f2ccd7a5274ad3915f5900466ea70e1345bb44897f27e
                        • Instruction ID: ff8b5f26979af1210047041df3130639c5e9ae55dca40f090e1ca36efc9e1a40
                        • Opcode Fuzzy Hash: 8dfd98131234de8c0f9f2ccd7a5274ad3915f5900466ea70e1345bb44897f27e
                        • Instruction Fuzzy Hash: 8F31F132D10B0ADECB01AFB9C854499FB71FF99300B119B5AE95967221FB30E6D5CB81
                        Function 0811C304 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c9f51b513648c3290be57fec85a5ec617e5138fcd0f170ed67988433928a9e60
                        • Instruction ID: 6eef03f55cf17ea8521cf7c97afa5acb6bc80406bff964142e9c118209f4a913
                        • Opcode Fuzzy Hash: c9f51b513648c3290be57fec85a5ec617e5138fcd0f170ed67988433928a9e60
                        • Instruction Fuzzy Hash: C7312C30250605CFCB54DB28C488BA677E6FF85722F1585B9E15ECB361DF71A886CB90
                        Function 0811CFC8 Relevance: .1, Instructions: 73COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d2afcfbfd2508a6a5551d5bd518b8b0f0b1e402ca908943946bb94efa1db2560
                        • Instruction ID: b151daa1e21644f4cc29bcf1706bed09570acfac759417f2225348b120609430
                        • Opcode Fuzzy Hash: d2afcfbfd2508a6a5551d5bd518b8b0f0b1e402ca908943946bb94efa1db2560
                        • Instruction Fuzzy Hash: CA21A2343046108B8F1A5739A52853E7AA6AFC5A6370941BED906C7381EF35CC439BB6
                        Function 0172D1D4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2901399715.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_172d000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f9406ba50a5cc97e15d481865d19fcc4a29866f1ffd840849cec9ad56a20ed9
                        • Instruction ID: 88773a65efe713f6d8070f32fbab0cfedb8cea3e48ec155199598cfdd0f90c49
                        • Opcode Fuzzy Hash: 3f9406ba50a5cc97e15d481865d19fcc4a29866f1ffd840849cec9ad56a20ed9
                        • Instruction Fuzzy Hash: 6321F5B1608200EFDB25DF98D9C4B25FBA5FB85324F24C6ADD90A4B252C336D407CA61
                        Function 0172D01C Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2901399715.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_172d000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e0f387682888b4b457db4edbaee8f32493d5bd9aae565e7d653c008336fa5ef
                        • Instruction ID: f9cee9a275607ce8f4430f37ec3814f7fef7fc495d2d740ae5ece41c03bb6a7f
                        • Opcode Fuzzy Hash: 5e0f387682888b4b457db4edbaee8f32493d5bd9aae565e7d653c008336fa5ef
                        • Instruction Fuzzy Hash: FF210371604240DFCB35DF58D9C4B16FBA5EB84314F20C5ADD90A0B2A2C33AD407CA61
                        Function 05F26D28 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 567cd32f2e9183ad78f256833e9484b48213c6791a53fad0f0b6d04d1ac94cf6
                        • Instruction ID: 60ada6c5e987148fca1591d1d27613f6c6ca1c0a4e04c1e7d56a30d36bb65994
                        • Opcode Fuzzy Hash: 567cd32f2e9183ad78f256833e9484b48213c6791a53fad0f0b6d04d1ac94cf6
                        • Instruction Fuzzy Hash: 90212F75A002198FCF04DF69D8844EEBBB5FF883007508669E905E7355EB34E945CBA0
                        Function 05F27339 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a80ef2621218903f7cfe40cf25057a16db7abb1fd5016cda735ed6b6cc23ff33
                        • Instruction ID: 94916f93240684902b8e3c1b2d41fbb19579d44ec9b9d97ff62501c446eb9faa
                        • Opcode Fuzzy Hash: a80ef2621218903f7cfe40cf25057a16db7abb1fd5016cda735ed6b6cc23ff33
                        • Instruction Fuzzy Hash: AA213B707512208FCB18EB3CC454A6A77E6EF89726B1084ADE906CB3A1DB76DC46CB51
                        Function 0811C880 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4297e68376dd93901e5f27a96cae8cc9f725775bcce54e57f6c91b233640dd29
                        • Instruction ID: 723695ccbbfe26588f89d47b27df6d82ddf8ed605f16abea302b87d7d6cd59c1
                        • Opcode Fuzzy Hash: 4297e68376dd93901e5f27a96cae8cc9f725775bcce54e57f6c91b233640dd29
                        • Instruction Fuzzy Hash: 8B312A30240611CFCB54DB28C498BA5B7E6FF84316F1585A9E05ECB361DF71AC86CB90
                        Function 08110CE1 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8e93425b4bf8f339ab7d20c137f326b588754922eac7312d43969d2c7c83483d
                        • Instruction ID: db08e9a6735296d84367f2e89217dc8bbf2040a1db26090370214afa05dd7051
                        • Opcode Fuzzy Hash: 8e93425b4bf8f339ab7d20c137f326b588754922eac7312d43969d2c7c83483d
                        • Instruction Fuzzy Hash: B711A2383042245BE704A768D4217AF7697EFC9714F00502AE546D7796CEB9AC5187E1
                        Function 08114D18 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d1217feafb6341191bae27dd63e52dc601c94f7e7401d1f2832f0c8c57ff87d5
                        • Instruction ID: 6303ee75cc7f2d79eae157d1005fc2c9f8ba867dceb3e897b12f6e7121e5c9c0
                        • Opcode Fuzzy Hash: d1217feafb6341191bae27dd63e52dc601c94f7e7401d1f2832f0c8c57ff87d5
                        • Instruction Fuzzy Hash: 1021CF7590021A8BCF00CF68D8804BFBBB6FF45701B14846AEC04EB242E734DD51C7A5
                        Function 05F27010 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 59cbc64d1195bd63968e473bb81317a1248e468b3b38bed0e2eeb6f254b05760
                        • Instruction ID: 4ab29cab3c65eb35be6a3c238b170a5fc0d79c14c006da2c5cdfb0f8e02794e8
                        • Opcode Fuzzy Hash: 59cbc64d1195bd63968e473bb81317a1248e468b3b38bed0e2eeb6f254b05760
                        • Instruction Fuzzy Hash: 7311D271F016268BDB20EEB988416BFB7B6FFC8610F10853AD505E7340DB7999058B82
                        Function 07E719A8 Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2ea1981e61215c0ebf5e8798c744f7d1fa24a47801d3350ca674daf4af64ae5d
                        • Instruction ID: e69254c77a0cfdfd140fd1147de713b75d83e6042c035b29e669a349c687bcb9
                        • Opcode Fuzzy Hash: 2ea1981e61215c0ebf5e8798c744f7d1fa24a47801d3350ca674daf4af64ae5d
                        • Instruction Fuzzy Hash: C031E3B0C11318DFDB10CF99C588B9EBBF5EB48314F24841AE404B7240C7B55985CFA1
                        Function 05F2C380 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5ef12e3f7353c0f87c48b3d31f697f01cffcc16ef3c3ff099f31c4b489f6d8e6
                        • Instruction ID: 505ae73ddf21d301c30ffb01771c20586b5f25b3004dd79067559f7ab0c7d9ab
                        • Opcode Fuzzy Hash: 5ef12e3f7353c0f87c48b3d31f697f01cffcc16ef3c3ff099f31c4b489f6d8e6
                        • Instruction Fuzzy Hash: 5511ACB1A006158FCB04EB79C4089AFB7F6EFC4311B508969DA0A9B354EF74AC048B90
                        Function 08110CF0 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 11ae0a13e5fb5f7bbb4efd8af2918d7562c39f44a00c4397299dedcb1ef34662
                        • Instruction ID: 9a3af33946dc021fa7051e48c276953336f16fd5dc5dbb145ceb7b03afe104a4
                        • Opcode Fuzzy Hash: 11ae0a13e5fb5f7bbb4efd8af2918d7562c39f44a00c4397299dedcb1ef34662
                        • Instruction Fuzzy Hash: 1911A7383006244BEB08A76CD42176F76DBEFC8B14F105029F546D7795CEB9EC4187A1
                        Function 08117EC0 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ef57e0cc6cf8834fdfdf083a13d1fab3a82b33696261bf260dd2e27a6f2b537
                        • Instruction ID: ffb034064c0c72b94e8bbdd39df92cd9b8df3d709edc3278b81bfe2d0d589358
                        • Opcode Fuzzy Hash: 0ef57e0cc6cf8834fdfdf083a13d1fab3a82b33696261bf260dd2e27a6f2b537
                        • Instruction Fuzzy Hash: 91216A702007069FC716AB38940461BB7E2FFC52227288CBDC11A9B7A8DF34E946CBD0
                        Function 08113E34 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0281bbeaa293b109810e5835f84bec818d724a47b04dd95ccbe3a57fefdf9759
                        • Instruction ID: 590389fc83ae3ddd83d7d1fb973c72633d8976405a55652cae933ac2e6f7e16e
                        • Opcode Fuzzy Hash: 0281bbeaa293b109810e5835f84bec818d724a47b04dd95ccbe3a57fefdf9759
                        • Instruction Fuzzy Hash: 07119DB02007069BC715AB39D40062BB7E2FFC02527288C7C901A8B7A8DF31E945CBD0
                        Function 0811C238 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2fb0b8d170d7411928e42429dab2575232b1587f8e9f5ecaf65b8aeb65656431
                        • Instruction ID: 8c1b2908a8ef8bcbe7a9041faa2b9e79821d9fbc1b1bd132c89ea020cf934867
                        • Opcode Fuzzy Hash: 2fb0b8d170d7411928e42429dab2575232b1587f8e9f5ecaf65b8aeb65656431
                        • Instruction Fuzzy Hash: F811B231344614CFCB249FB9D54085AB7B5EF8621271546BDE00ACB370EB31E985CB61
                        Function 05F26120 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e0a5e34dd12900936cf77ad09c3b8b54eb9169d99504f11235f2ef4579284cd
                        • Instruction ID: 987d28d466ee8d74fc10dc3e51b2067b847cdf0b0b3952a363ae059905f9d351
                        • Opcode Fuzzy Hash: 2e0a5e34dd12900936cf77ad09c3b8b54eb9169d99504f11235f2ef4579284cd
                        • Instruction Fuzzy Hash: 8E21FC71E0020A9FCB04DFADC8448AFFBF9FF98200B10C55AE519E7210E770A952CB90
                        Function 08118EAF Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 33726d99016bc1691a5c88b8cd00d531f4311c761b3014597d5a54f415e867f3
                        • Instruction ID: 9147e619c0ff31d13b2df2ae0885a581048a4390e8c4a1c3a0d0b780ffc14565
                        • Opcode Fuzzy Hash: 33726d99016bc1691a5c88b8cd00d531f4311c761b3014597d5a54f415e867f3
                        • Instruction Fuzzy Hash: 3211C430915312CFCF3AAB2480041BDBBB3EF42212B14C4BEC49AC6690D735D481CF61
                        Function 07E71D17 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b86100f6be486044ed6b720270929d6c9085c45f54fea1737e9cd40f1c461bed
                        • Instruction ID: dfb820aed0264a8b46ccdbb52ec95630e088cc7df4583ec53c596cc41dde9109
                        • Opcode Fuzzy Hash: b86100f6be486044ed6b720270929d6c9085c45f54fea1737e9cd40f1c461bed
                        • Instruction Fuzzy Hash: 1601247AB127265B4B16EA395C504BFBBEBEFC60203064629D008D73C4DE309C028361
                        Function 08119F78 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d4a04f1b9ad06ebd73189a473807ad9eb4d876657e947611d04af4a33814d78
                        • Instruction ID: 06953c6dd02385d8d04d9cffbadc61cee166c5fb45a555740dbac14661be63bd
                        • Opcode Fuzzy Hash: 1d4a04f1b9ad06ebd73189a473807ad9eb4d876657e947611d04af4a33814d78
                        • Instruction Fuzzy Hash: F7114C74B006008FCB14DF39D89096EBBF2BF88215B2085B9D4258B3A5CB71E846CB51
                        Function 0171D637 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2901329680.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_171d000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                        • Instruction ID: a568952ea9b64bebe4f6b37dbfa67e30575520186785f2d4c215293cf029deae
                        • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                        • Instruction Fuzzy Hash: 4611A276504280CFDB16CF58D9C4B16FF72FB88324F24C5A9D9094B25AC336D456CB91
                        Function 05F27DA9 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ee0bf501bea219fcd15a9bc5a045cfb4b891aeabfefb57e032cc13a66ab4837d
                        • Instruction ID: cd92109d84bd797ba94e7678f5ad98a807899fd504ba1a49cfd03b80452a5267
                        • Opcode Fuzzy Hash: ee0bf501bea219fcd15a9bc5a045cfb4b891aeabfefb57e032cc13a66ab4837d
                        • Instruction Fuzzy Hash: F211DB75B186104BE328EB38D45575F77EBFB88711F104529E186C7788DBB5B805C790
                        Function 05F274E0 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e938aa66c56bf888fa3d2c811027eca782ee349d589a736816519de49d030faa
                        • Instruction ID: 00ea62228d34b1e0852cba5e8183d5bd3dddaba06b50db9940251944b1ec02c8
                        • Opcode Fuzzy Hash: e938aa66c56bf888fa3d2c811027eca782ee349d589a736816519de49d030faa
                        • Instruction Fuzzy Hash: A301DE71B081281BCB48EB7D940426FBFE7EFD9664F148478950E9B388DE3989438391
                        Function 05F27DB0 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ded8eff8b17c4fea82c4cc578a541abe5459355e1b8bab95fddf9444658e099
                        • Instruction ID: d63c631695d98aa5dee5389ca19d66adb8fa1e906876752bdecf78352025bddf
                        • Opcode Fuzzy Hash: 6ded8eff8b17c4fea82c4cc578a541abe5459355e1b8bab95fddf9444658e099
                        • Instruction Fuzzy Hash: 9C11D675B186204BE328EA38D45576B77EBFB88710F104429E186C7788DBB5B845C790
                        Function 08111910 Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5443164d509ed3256e38909c09596b293bb3a0f187240a23612f71b010fce5de
                        • Instruction ID: c7d36698e25a1d196d75ec08e4d005bf36c435a88cfa3eaa6c25dcbf1bee2262
                        • Opcode Fuzzy Hash: 5443164d509ed3256e38909c09596b293bb3a0f187240a23612f71b010fce5de
                        • Instruction Fuzzy Hash: 491191B1700659AFCF15CF68C884AAEBBF5FF48210F14842EE968D7251DB30D910CBA0
                        Function 05F2D200 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 414bc2ff22d3e380594ffef12b69d152198d9bec05ae27239214f8c2289b3f83
                        • Instruction ID: 6814ff2f8dad3135eccb654b0ef2bc7dc31f37cd3f7709985313a051ad72c874
                        • Opcode Fuzzy Hash: 414bc2ff22d3e380594ffef12b69d152198d9bec05ae27239214f8c2289b3f83
                        • Instruction Fuzzy Hash: 70012671B083646BC709D6BC9C149FE7FEF9F86220B0488AAE40CC7282DD758C4283E5
                        Function 0172D017 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2901399715.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_172d000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                        • Instruction ID: 33959fd219b11bbb09ad62f408f4e4fbbc51384fe9a0da89451e6acd5d868c10
                        • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                        • Instruction Fuzzy Hash: 0211BE75504280CFDB22CF54D5C4B15FB62FB44314F24C6A9D8494B666C33AD40BCB61
                        Function 0172D1CF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2901399715.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_172d000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                        • Instruction ID: 3244b5849591c5c372f21bfd95d2cb0b3705a7ad1cf23ff2ed5a626335ac3798
                        • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                        • Instruction Fuzzy Hash: ED11BB75908280DFDB12CF54C5C4B15FBB2FB85224F24C6ADD8498B296C33AD40ACB61
                        Function 05F2BF30 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a21467e38820e358bd060cdcd00d7f89b4a8253dfce0c70b53ce562280c2233a
                        • Instruction ID: c8fc8c4f5b8ea7140bd980673766ff31787169bdd9936a066f9b9503d05d789d
                        • Opcode Fuzzy Hash: a21467e38820e358bd060cdcd00d7f89b4a8253dfce0c70b53ce562280c2233a
                        • Instruction Fuzzy Hash: 441104B5C007489FCB10DF9AD448B9EFBF5EB48320F14851AD859A7310D378A945CFA1
                        Function 0811E808 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d5f79d6a77ee78e18a94247634cd28788c0fdb74700fdeefc91987bb8ac8d983
                        • Instruction ID: ecf16c0805dac695b1430828aeb516e652447ba0abdd013e18d29b89b6b5e6b4
                        • Opcode Fuzzy Hash: d5f79d6a77ee78e18a94247634cd28788c0fdb74700fdeefc91987bb8ac8d983
                        • Instruction Fuzzy Hash: 28018F39B101014F8A49AB6D945457E37DBEFC966271A007AD90ACB3A0EF34DC0287A2
                        Function 08111920 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 62d9e18acf5e4c778011335e1bf19b795c990ff27d934b2bf7cd706cfaa7d9d2
                        • Instruction ID: ba6f1d7b033f9f36f5cba37b566448edcbc521d463c9225eb473b2b7303617ae
                        • Opcode Fuzzy Hash: 62d9e18acf5e4c778011335e1bf19b795c990ff27d934b2bf7cd706cfaa7d9d2
                        • Instruction Fuzzy Hash: 87115BB1A00619AFCF15DF69C884AAEBBF5FF48610F008429EA28D7250DB34D910CBA0
                        Function 05F2C923 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8077ae386014b7a01cd5e059977573ef0fc7d185f82b3a99f9043c294fe760d
                        • Instruction ID: 4aa641497652477e26602cd4d059188feaeae73da4f38c8cfb6ded5fbab8df51
                        • Opcode Fuzzy Hash: d8077ae386014b7a01cd5e059977573ef0fc7d185f82b3a99f9043c294fe760d
                        • Instruction Fuzzy Hash: A81102B5C002489FCB10DFAAD844B9EFBF5EB88320F14852AD459A3310D379A945CFA1
                        Function 05F286DA Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 65e2c76a0c6f989d3306e3f548f1e8557c0aff932e564df282397f31c19ee450
                        • Instruction ID: 9daf6b8622b899d7a54040ef1ae70e040fb497b92a91d209dae5a509a55b7a1f
                        • Opcode Fuzzy Hash: 65e2c76a0c6f989d3306e3f548f1e8557c0aff932e564df282397f31c19ee450
                        • Instruction Fuzzy Hash: 05118EB5E00729CBDB14DFB5C4547AD7AB2FB88395F104869C402BB280DB7C4945CBA1
                        Function 07E71088 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f184cdba0d06e9db720412c1ede5144bc1589b1be4f05e9231ccf795c9afec65
                        • Instruction ID: c9ff8e1beabbdad5667bd6adca7cb2b8b688e1a404686f73d488c83cb9145be5
                        • Opcode Fuzzy Hash: f184cdba0d06e9db720412c1ede5144bc1589b1be4f05e9231ccf795c9afec65
                        • Instruction Fuzzy Hash: 4A11C571D0070A8FCB10EFA9C8409EEFBF4EF49314B11966AD958B7211E730EA95CB91
                        Function 05F2E009 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b489368cfcc53a00908deb41e05a426a4c3672f23e1daad7540d21b56d61e3b5
                        • Instruction ID: f813cb5a476fc8ae996c39783d8d9b8e768348fcee1a22de6d13ffa4595a76e9
                        • Opcode Fuzzy Hash: b489368cfcc53a00908deb41e05a426a4c3672f23e1daad7540d21b56d61e3b5
                        • Instruction Fuzzy Hash: 571103B58003488FCB20DF9AD445BDEFBF8EB48320F20841AE519A7240C779A945CFA5
                        Function 05F2F0F8 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8a79d1e51a4b2a3159265e3d854454f5900b52f79fba38ccd00900b414684581
                        • Instruction ID: 5a05714617ef9cc17026d8dce78978c805ac6b7cb3faac54262c4c6c18ab0896
                        • Opcode Fuzzy Hash: 8a79d1e51a4b2a3159265e3d854454f5900b52f79fba38ccd00900b414684581
                        • Instruction Fuzzy Hash: 850184B5B153208FC715EA25C80197AB7B6BFC1321B94C56DD40A87354CF79DC06CB90
                        Function 05F2D9C8 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0154c0f19437974cf1178fc7e33b306b30f1874ad073bad0c514d0bc919f6f54
                        • Instruction ID: cc0b203797d36327acf6d9edb986beb5068e5a9b40119b6411fc3a2236b9e156
                        • Opcode Fuzzy Hash: 0154c0f19437974cf1178fc7e33b306b30f1874ad073bad0c514d0bc919f6f54
                        • Instruction Fuzzy Hash: EA1103B59003488FCB20DF9AD448BAEFBF8EB48320F20841AD559A7340C379A945CFA5
                        Function 05F2DA1C Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a458bbe9708e6da49a0e1aa0b4b5ec44fed4c36c64bdd67c3c711adefbe9bfd5
                        • Instruction ID: ba96b9492d53d943239b99a83e251b57e2a233af485ffea642fd0003ddaeba42
                        • Opcode Fuzzy Hash: a458bbe9708e6da49a0e1aa0b4b5ec44fed4c36c64bdd67c3c711adefbe9bfd5
                        • Instruction Fuzzy Hash: 961103B59003589FCB20DF9AD448BAEFBF8EB48320F20841AD559A7340C379A945CFA5
                        Function 0811C229 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: febef534d3cb58c882fe4d7a3fbb17ebad922bea00e1d8c88e5178a63ec70e17
                        • Instruction ID: 93f2b6c1eb6d823c066ba8bc1f2210e43b6d42075960a2166364f22014379d6a
                        • Opcode Fuzzy Hash: febef534d3cb58c882fe4d7a3fbb17ebad922bea00e1d8c88e5178a63ec70e17
                        • Instruction Fuzzy Hash: 6C01F536304250CFCB259F78D540869BBB1AF4621270505BEE049CB361DB31D941CB60
                        Function 05F2F070 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b2a6ea3199ac1cab4e4403be33120b8c72ab12643b9912f32a6405ca18d26137
                        • Instruction ID: 90d76cee9a13ecb3919c12813f12c44c052cf34ff235dea5a1d7eaf33a8716c0
                        • Opcode Fuzzy Hash: b2a6ea3199ac1cab4e4403be33120b8c72ab12643b9912f32a6405ca18d26137
                        • Instruction Fuzzy Hash: 44019A70614210CFC714CB68D405D6AB7FAEFC5321B24C5AAE40ACB365DB76EC028B91
                        Function 0811CF31 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: baf71ecf9faf8018341398b17bd69426f6f6eaab5a2851e221a3300dac2945c1
                        • Instruction ID: fb9f4e9016a767d401aecbd22feadaf11985ffa6988816eb79e20707072b5cfe
                        • Opcode Fuzzy Hash: baf71ecf9faf8018341398b17bd69426f6f6eaab5a2851e221a3300dac2945c1
                        • Instruction Fuzzy Hash: 4701B1212957819FCB1ADB38C5107667BA1AF82612B0904EFD1C5CB252DF355C15E7E1
                        Function 05F2F108 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1b5169432f31aee9b2218a197f8706feeb8fa2b922b4b0135b71e714ce73f44b
                        • Instruction ID: feaf12bddbb570accc34b19837c933fb9c82c854426e04d2deb31d8d3adf4735
                        • Opcode Fuzzy Hash: 1b5169432f31aee9b2218a197f8706feeb8fa2b922b4b0135b71e714ce73f44b
                        • Instruction Fuzzy Hash: 210167B4B142244FC718A62AC81592B77E6BFC5721794C46DD40A87354DF75DC468B90
                        Function 05F2D618 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71add62553345cbaac20eaf2f5db258ce405ce870bd7b5d0a69171bb6281f41c
                        • Instruction ID: 40a753a31e0a95f1b430a62e77f12310bba59f0224a66dc42327a1b836553672
                        • Opcode Fuzzy Hash: 71add62553345cbaac20eaf2f5db258ce405ce870bd7b5d0a69171bb6281f41c
                        • Instruction Fuzzy Hash: 3901A471B093945FCB16DFBD8C1889E7FEA9F82114B1588BED145D7282E9348846C791
                        Function 05F2D250 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ba4aa44326efa0f762546c69cac4f6f23b6ad60885f7b5d7e699b72b87a6320f
                        • Instruction ID: 7224b2d7dd45c287c9734b82c4725349acf101669d586d92ba8523af0bb73409
                        • Opcode Fuzzy Hash: ba4aa44326efa0f762546c69cac4f6f23b6ad60885f7b5d7e699b72b87a6320f
                        • Instruction Fuzzy Hash: AB01D6B5B00165AFCF06ABF49C515BEBFB6AF84110B140069E544E7241DA380E16C7D5
                        Function 081101D4 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 581f5503faa59d76ced42911024a0b44de15e5c6bbf93454aac7a6ec20d9b23b
                        • Instruction ID: 75ec1a87d79a23d13382693a5f82a71eb2d9eeab7c593e31c1bec693293d70fe
                        • Opcode Fuzzy Hash: 581f5503faa59d76ced42911024a0b44de15e5c6bbf93454aac7a6ec20d9b23b
                        • Instruction Fuzzy Hash: F2F062303151218B8B18DA7A985493E7BD9AF85E5370A407DE416C7364DF25DC428770
                        Function 05F2EE10 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b628a3a9819eff6c543e48994059cacaa3f59321354c98d298c5c5ee22c5c614
                        • Instruction ID: 5fc61f35f6fd8008c29b07592fab2cbfd419647c4b01f094a571a1210e1ca0ae
                        • Opcode Fuzzy Hash: b628a3a9819eff6c543e48994059cacaa3f59321354c98d298c5c5ee22c5c614
                        • Instruction Fuzzy Hash: 3D012D727047245FDB22CF24C8C0AB97BEAFF49214F19491AE296C7211CB3DE841C750
                        Function 05F26880 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c0fc382271cd69278b10d60f44c7c14fa9f7fda2328aee7d51ceaa15eb8cf61
                        • Instruction ID: 11fa2382bcf3a0c9f6b3b5e8a504044765a23b0f7f8932bbb314790b9d7cfc4c
                        • Opcode Fuzzy Hash: 3c0fc382271cd69278b10d60f44c7c14fa9f7fda2328aee7d51ceaa15eb8cf61
                        • Instruction Fuzzy Hash: F6014B747142208FC714DA69D444D6AB3EAEF89321B608469E50ACB664DF75EC468B90
                        Function 05F2F080 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 477ce8a686be892950543133ff6941cba39ea07236b090628362d2898c27c64a
                        • Instruction ID: b050f721e27719bb97fe34a52df0aacf4826d6fcf402217786efb170c846ebb6
                        • Opcode Fuzzy Hash: 477ce8a686be892950543133ff6941cba39ea07236b090628362d2898c27c64a
                        • Instruction Fuzzy Hash: D60186303242208FC724CBA9C405E2AB3EAFF84321B50C4A9E40ACB365DB75EC028B91
                        Function 08112FB0 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb6f8d96fbeea69e759391aae85b35b0e14c495de8ffa1f5933fdfdf80e4fce7
                        • Instruction ID: 3b70ef6f9b1a32f6399be755d5462338cd55dca3ca51df10f79f6c41ea88c7d2
                        • Opcode Fuzzy Hash: fb6f8d96fbeea69e759391aae85b35b0e14c495de8ffa1f5933fdfdf80e4fce7
                        • Instruction Fuzzy Hash: 38F0AF303051228FCF28DE79D44496E7BEAAF84E52B05407EE452CB364DB66DC82CBA0
                        Function 05F2D260 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 119a71bff363e6c0687107dd1596a0949a08b24b7e5e244d446468f5b6d6d65d
                        • Instruction ID: 1d637dee62eacf0903ee6939261b56c7c7d420aa01967e5a277363395ba9e7db
                        • Opcode Fuzzy Hash: 119a71bff363e6c0687107dd1596a0949a08b24b7e5e244d446468f5b6d6d65d
                        • Instruction Fuzzy Hash: FDF096B1B005246B8F05A7E99C545BFBBBBEBC8510F100029E505A7340DA390E0187D6
                        Function 05F2EE20 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 31c655dddd11cc944aa16bf77e92f3573defbd1e9bccfbf899dbd9f367466187
                        • Instruction ID: 2a8887109ad3359d93e884e9b19b5c7a8e0749d525df0a1fcb6558ab1e0b36e5
                        • Opcode Fuzzy Hash: 31c655dddd11cc944aa16bf77e92f3573defbd1e9bccfbf899dbd9f367466187
                        • Instruction Fuzzy Hash: 64F0BB72740A245BDB35DE15C8C0EBB7B9EFB89624F258819E656C7210CB3EEC41C750
                        Function 0811C324 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 73af0c1b0ef8325ae05135fd8c6ec73544608bd2eaf7b6cd8a8bc4231a04b01f
                        • Instruction ID: ceca7f57cdb02fd0d6fff59f76c436cf0a3e786b5ed0f729480aee1982e65a98
                        • Opcode Fuzzy Hash: 73af0c1b0ef8325ae05135fd8c6ec73544608bd2eaf7b6cd8a8bc4231a04b01f
                        • Instruction Fuzzy Hash: 37F06D353A02168BCE1DD63C8840B6A77D6AFD4A23F15447AE14AC7350EF71AC46E7E1
                        Function 05F26F28 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8f8eba03c7f1230aad27e66ad6dedcf424826a2cd750e7f5bfa65d193453df87
                        • Instruction ID: 8dbbb69588bd8b95ac2224236104e22c402481278916ec6e3c1738ed077dace5
                        • Opcode Fuzzy Hash: 8f8eba03c7f1230aad27e66ad6dedcf424826a2cd750e7f5bfa65d193453df87
                        • Instruction Fuzzy Hash: C7F01D343142108FC7449B6DD45896977EAEFCD622B1840AAE50ECB364DF71DC028BA0
                        Function 05F27ED8 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f6bd02df0ae8d46e6e15e1e14a88b113a1c9960e838a2b1c95405496dc84e07
                        • Instruction ID: f8246d8477534fe125c18ec0953609494ebf8911aaf57fcae935b15f0121909d
                        • Opcode Fuzzy Hash: 9f6bd02df0ae8d46e6e15e1e14a88b113a1c9960e838a2b1c95405496dc84e07
                        • Instruction Fuzzy Hash: 3FF0F672E09265CFC721EB6DDC081EA7BF0FB45301F0445AED499D7254E734AA0ACB90
                        Function 05F2DA58 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8e52946d0a148ea145fb0a07e6648c4684127bd6ed73a7047a9a59c3f7ad0ad
                        • Instruction ID: 99539825077eedea3fcb3343499cfe0b938f88389417883431090327c2f71e94
                        • Opcode Fuzzy Hash: d8e52946d0a148ea145fb0a07e6648c4684127bd6ed73a7047a9a59c3f7ad0ad
                        • Instruction Fuzzy Hash: BDF062729502098FCB50DF68C8427BD7BF0FB04305F4489B5E418D3241E638DA058B81
                        Function 0811CB79 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d5d205112a31b2814a579b489953d41c00a883bfb3e07cb3ea312184e06428a
                        • Instruction ID: 4637a973dad78dfa5c4b8f59a1c5311b9f2a0452a2ab04891e3d7b150c14245f
                        • Opcode Fuzzy Hash: 1d5d205112a31b2814a579b489953d41c00a883bfb3e07cb3ea312184e06428a
                        • Instruction Fuzzy Hash: 5301B679640104CFCB14DF68D584998BBF1FF48366F2541A9E905AB3A1C732EE91CF90
                        Function 05F2EFB1 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 716ab22c6502e3d923907d9d84e2107ff5db3781e5df59c92c6c1f8829059bc4
                        • Instruction ID: effa5b3e7ed9301d11ed64fb440754a4595564ac5070e226dcac7e04a4c45872
                        • Opcode Fuzzy Hash: 716ab22c6502e3d923907d9d84e2107ff5db3781e5df59c92c6c1f8829059bc4
                        • Instruction Fuzzy Hash: 20F0EC31A101199FCB00AA7CD8058EE7FB5EFC6325B018167E445AB310DB709D0ACB91
                        Function 05F2F189 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: df0ec721624a5d6b6f0a9d6c20a993021362f3e86235a6626114c7e36072b343
                        • Instruction ID: c83673b001a0a2fd310eda85d440c6d5b207f45802d52c7d215123d30ce0fc96
                        • Opcode Fuzzy Hash: df0ec721624a5d6b6f0a9d6c20a993021362f3e86235a6626114c7e36072b343
                        • Instruction Fuzzy Hash: 78F06D7291425A8FDB50DF68C8457ACBFB1FF04301F1485BAE054D7292E639C645CB80
                        Function 05F28735 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0832f0a1bdc922eda594798bce6d26e2c636ae15eb8b4da721bb8e4b7ce2f081
                        • Instruction ID: 1fd228931e5b91f554bf794d55199b44bf8e5d1a0fb0998746eda7b1e67caf80
                        • Opcode Fuzzy Hash: 0832f0a1bdc922eda594798bce6d26e2c636ae15eb8b4da721bb8e4b7ce2f081
                        • Instruction Fuzzy Hash: 9FF030B1A0021ACBDB189FB5C4552AD7AB2BF84355F008829C505AB280DF7C48418FA1
                        Function 08111B50 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e095551be3b27761ed4e77df9830a90ed0ba4096135ac8ed57b8da8de46b759d
                        • Instruction ID: 4e47ce29f2bea84ce23f7394f72ed0ed62a061a4a14fb2ab7f179dd8cd5ebae2
                        • Opcode Fuzzy Hash: e095551be3b27761ed4e77df9830a90ed0ba4096135ac8ed57b8da8de46b759d
                        • Instruction Fuzzy Hash: 98E01237245624D7C710DB98F4814B9B3F9EB44A6A318806AEA0CCA615E333D853C7D4
                        Function 07E71011 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919928941.0000000007E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E70000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_7e70000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 50a0d070b519085c64b33c568353182cbf8aff2df0523cff8f076ca525604fe5
                        • Instruction ID: 05d6e28df962a1e0da2baabc6c02bfa810ac5f1ba7f3a1adbb1fbd52798f74c8
                        • Opcode Fuzzy Hash: 50a0d070b519085c64b33c568353182cbf8aff2df0523cff8f076ca525604fe5
                        • Instruction Fuzzy Hash: 0CE026323062902FD705459874A5AFB2F998FC2131B0940AFF044CB243C9240C4583A0
                        Function 05F27E98 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b827595247bac1817bd80cb615ed32d633a53c871e61712e16a0b1293ac2ee86
                        • Instruction ID: b0a8b3b0d3cb3d995dcbc02275fc54c736e5ca8537f16b7c6bc0733d2c469ff3
                        • Opcode Fuzzy Hash: b827595247bac1817bd80cb615ed32d633a53c871e61712e16a0b1293ac2ee86
                        • Instruction Fuzzy Hash: 38E03936A001299BCB10EA69D8085DEBBF4EB88315F00496AD945D3244EB34AA1ACB90
                        Function 05F2EFC0 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e84e06498b073b20fedb4475f92feaf8edf1a5098b7736b882d92e9ab54eb82e
                        • Instruction ID: f57c82eac31d1e73358458aac26a15102d3cd31e9b188b71b0ea6ead97c22587
                        • Opcode Fuzzy Hash: e84e06498b073b20fedb4475f92feaf8edf1a5098b7736b882d92e9ab54eb82e
                        • Instruction Fuzzy Hash: B4E0D831A101198FCB00AA6DE8048DDBFB9EFC5225B008166E5059B310EF70ED09C7D1
                        Function 05F26FC0 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 136148bde6b6e82233f98f6d90c1192cf64ce57dcac6c6016eb28979d14fdcd4
                        • Instruction ID: a0a391952068362478a1013cae3dc48ddc5fe92ff7337ef0a3281fb4fca4665b
                        • Opcode Fuzzy Hash: 136148bde6b6e82233f98f6d90c1192cf64ce57dcac6c6016eb28979d14fdcd4
                        • Instruction Fuzzy Hash: 4AE02B7370C9B0034E3A311EE81986EB38ADBC5562708003AF457C7B90CD1DDC4182E9
                        Function 05F269F8 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96d3d21bf40cde76cefd9ef6b5403275bf2ca4ddf1b4756c45cf971059a9bc1a
                        • Instruction ID: cdd41c133ec524bd779b620e605953250483cdbb20cfbc95d0b74f24cb0cea9c
                        • Opcode Fuzzy Hash: 96d3d21bf40cde76cefd9ef6b5403275bf2ca4ddf1b4756c45cf971059a9bc1a
                        • Instruction Fuzzy Hash: 29E0D8326087520BC306D76CE88005BFBE2FFE4322344897FE4898B619DA606D4683D5
                        Function 05F2D5C6 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3cc7db24cee6027652adcf09b3b08161d8b5f78b213022165c11674705206894
                        • Instruction ID: 39652331f53126951c760e5572f3d6941d4f596292485f86d95be44e146aebc2
                        • Opcode Fuzzy Hash: 3cc7db24cee6027652adcf09b3b08161d8b5f78b213022165c11674705206894
                        • Instruction Fuzzy Hash: CFE0DFF2D5026DDACF109B80E1097FCBFB0FB4431AF20002AE002F1440C7B90582CB90
                        Function 08112D31 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0b858d75e610e206df64b95193a860cfc5a11debe13aaf402e94cc4001e21e60
                        • Instruction ID: 2bd8bc0ccd6111b7ba277a11458d110f5f46e88507f0ceda0780ac610ea36549
                        • Opcode Fuzzy Hash: 0b858d75e610e206df64b95193a860cfc5a11debe13aaf402e94cc4001e21e60
                        • Instruction Fuzzy Hash: 85E0863174DAA14FCF27376494241ACBFA14F5A511714447FD0C5CF682CE6C4982D3E6
                        Function 08113F24 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c4db40f2a9dbed8e5511f68bae412fd013df51a98363c33d8116cfa6efc8070e
                        • Instruction ID: bf5e8a9d7ae140688ff4baefa0c9c3ac830aab5fbfadfe7ca7c93e21ad37ea88
                        • Opcode Fuzzy Hash: c4db40f2a9dbed8e5511f68bae412fd013df51a98363c33d8116cfa6efc8070e
                        • Instruction Fuzzy Hash: 9CE0DF36210000CBCB00D71CC489BE533AAEF8A349F6949B3F51ADB210C636A88287A0
                        Function 08113E54 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d3931e985ff85d0f4e47ef08aa3423cb54f490954454ef9462e970f21680ce4
                        • Instruction ID: 1c3af87c83707ad11e67cb6e63872665f4dc88ba7854e6b91234fce75a8c2c0b
                        • Opcode Fuzzy Hash: 2d3931e985ff85d0f4e47ef08aa3423cb54f490954454ef9462e970f21680ce4
                        • Instruction Fuzzy Hash: 7FE0C23B145218AF8B065B8E9C84C96BFDAEF09720709C863F20E47232C6169810EB95
                        Function 08111B98 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e2843d1937b0d5c06688d85ce8d413a88e487c6d65f05ca7a14afaa865a185e2
                        • Instruction ID: 004b2936aef815c6e67927c65af78162b3ac88b8e8396f43c65d967fb0002dc5
                        • Opcode Fuzzy Hash: e2843d1937b0d5c06688d85ce8d413a88e487c6d65f05ca7a14afaa865a185e2
                        • Instruction Fuzzy Hash: 1DE09A3A600528EFCB108E6DE184BC4BFADEB05329F425264D20483000DB79F8418BAA
                        Function 05F2C328 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: feb213b5943ac7aea8d912fc52bef0d03c0cea0f1917a5872116c1b547e8a07c
                        • Instruction ID: 392b952481285ca2153250270bd6c7808e437cd4a05fd77e49b7bf8f0a21fbde
                        • Opcode Fuzzy Hash: feb213b5943ac7aea8d912fc52bef0d03c0cea0f1917a5872116c1b547e8a07c
                        • Instruction Fuzzy Hash: 6DE086F0D0120CEFC700DFE4E40185CBBBAFB45354B108594E80997304EA362F04EB51
                        Function 05F26908 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b2d11f1be4de0b21711e46f2dec97a5bf6a691ed81d830a3b5e584eb48d98a2f
                        • Instruction ID: 4cfa731e5d2d9231487c57480715f1ca64e4bbda3e675744f6a58aeae2a7ba1f
                        • Opcode Fuzzy Hash: b2d11f1be4de0b21711e46f2dec97a5bf6a691ed81d830a3b5e584eb48d98a2f
                        • Instruction Fuzzy Hash: E1D02B353042240BE7146728E8015AE339AEB813647045028E546D3320CE64AC4187D0
                        Function 08114CEF Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 373063e5a09f394134eae84d595d8f3dfcd7930cf52ecef3b3aac23426a04fd7
                        • Instruction ID: 76a2211137779f8e10e74097c3abbe0a7d7ffc72cf766524680807ee18e739b3
                        • Opcode Fuzzy Hash: 373063e5a09f394134eae84d595d8f3dfcd7930cf52ecef3b3aac23426a04fd7
                        • Instruction Fuzzy Hash: 37D05B3B105214BF8B125789DC44CC6FFDEEF0D270709C056F20D47232C6529850EBA1
                        Function 08112D40 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 82873926eef07f16950144723ced3528366b1d36f4b275514c377b6a8bdbf0a3
                        • Instruction ID: 792f8592d7fdb42ce2cefa14b4cab75bba0c0c1a2186b153e6d8a307fbd33605
                        • Opcode Fuzzy Hash: 82873926eef07f16950144723ced3528366b1d36f4b275514c377b6a8bdbf0a3
                        • Instruction Fuzzy Hash: B6D01222758D35534D2A7359A42967CB9494F8DD52B04043AE41A9B781CF9C8E5343EE
                        Function 0811AC08 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2919961317.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_8110000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d81884a6446a3aed2a7f850f018640819b6dcad3cfc993796c700e2a1183c30f
                        • Instruction ID: 2cfe9b677b4f6d21dba77d0043424e5605053063ab5f5929931aa2cd0be7b387
                        • Opcode Fuzzy Hash: d81884a6446a3aed2a7f850f018640819b6dcad3cfc993796c700e2a1183c30f
                        • Instruction Fuzzy Hash: 37D0A72272D2D00FC756977C742811CAFE29FAA66134900EED195CF356ED909845CF92
                        Function 05F2EDE0 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c0c2406687782416ea2e5d68f746e2644cbe1148aedfcfa033accb69eacbab0a
                        • Instruction ID: cb136f8130e076ee226b312ba01e1bf4f15df32e67bea6026ab23df9bcb88dde
                        • Opcode Fuzzy Hash: c0c2406687782416ea2e5d68f746e2644cbe1148aedfcfa033accb69eacbab0a
                        • Instruction Fuzzy Hash: E7D05E72540204AFCF02AB50CC04DACBF35FF56344B148146E6004E066E3778423DB40
                        Function 05F2DFD8 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d44e6d3f439578d36981d0c86716ebdb6bf3adffe8999ac9013589964c1be632
                        • Instruction ID: df356835b71af1fe0f5e5f799f05ae49c23aef64f88ef57da818dc521829a159
                        • Opcode Fuzzy Hash: d44e6d3f439578d36981d0c86716ebdb6bf3adffe8999ac9013589964c1be632
                        • Instruction Fuzzy Hash: 64D0127624820C5E4B41EBD5E800C527BEEBB646403408022F504CB021E622E465E751
                        Function 05F287A8 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c81c9f7afeb5a19d38e04edd6f991f4d4b002748ab0a7f8ba76f95a05c0a38ab
                        • Instruction ID: a8ffd2b4c18edb537cc764534e0a7c0665fb76703ee1643d4b1c39d0bdf03f38
                        • Opcode Fuzzy Hash: c81c9f7afeb5a19d38e04edd6f991f4d4b002748ab0a7f8ba76f95a05c0a38ab
                        • Instruction Fuzzy Hash: 65E0E2B9940209CFC700CFA4D5A9AAEBFB1AB08344F20881AE112B7260CB389804CF50
                        Function 05F2EDF0 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 37abd18727dbfd5cf206a463ed191fa50cdd378827892735a452493405e8e8c6
                        • Instruction ID: 3fde6f630b315b8dfe762a5a17f6d294c2d8ec19fefec23b7bec62cfa6ae25a0
                        • Opcode Fuzzy Hash: 37abd18727dbfd5cf206a463ed191fa50cdd378827892735a452493405e8e8c6
                        • Instruction Fuzzy Hash: 26C00236244108BBCB026A81DC05E59BF2ABB59694F548055FB040D162E6B3D562AB90
                        Function 05F27E60 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c6d3e37889659889beed0985a20186857ffd419d287576f828f5903020b1f640
                        • Instruction ID: 527806ab99d327b69505c9aef22e7bc5b13c886e3846663b363eaccaef083fa7
                        • Opcode Fuzzy Hash: c6d3e37889659889beed0985a20186857ffd419d287576f828f5903020b1f640
                        • Instruction Fuzzy Hash: 05C0126050C3C04BD711DB30A4101067F949F51204F0584AE89E486656E53858448B63
                        Function 05F27D80 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54ca549821705bcfa56753121f9316f26b4ac74a82cb52602f46da602f983697
                        • Instruction ID: adea5c34f0578eba8141f92915cc3dfc2e07c776aed17cd9143c19d8cf9b058a
                        • Opcode Fuzzy Hash: 54ca549821705bcfa56753121f9316f26b4ac74a82cb52602f46da602f983697
                        • Instruction Fuzzy Hash: 23B092F7A5020006D6C82780DCAA3926729A762204FE82BA8E040C9340EA6E5D06863A
                        Function 05F28628 Relevance: .0, Instructions: 6COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2913160557.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_5f20000_Zeew.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f26d99fae227851b4ace1c90766d9ae4a88c5da37d23245531811c982eed2b56
                        • Instruction ID: a8c2300a6855d882cdbdd9601b04de749dbcbecddf224405b5bfd028e34263f2
                        • Opcode Fuzzy Hash: f26d99fae227851b4ace1c90766d9ae4a88c5da37d23245531811c982eed2b56
                        • Instruction Fuzzy Hash: 47B092742011108ACE00C668F9907993666D7D8301B41A581546487A44CB74FC408A80