Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Shipping Documents_pdf.scr.exe

Overview

General Information

Sample name:Shipping Documents_pdf.scr.exe
Analysis ID:1451239
MD5:ced83aeda1a9654139778170b565e99c
SHA1:e35cf928ba8735176469cb0d99a38538313d6a0d
SHA256:035b784824ed07c31f8d100b3d92777b5c83ca9113d882a75f13e8b0e283892d
Tags:AgentTeslaexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AgentTesla
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Internet Provider seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.wapination.net", "Username": "pop@wapination.net", "Password": "sync@#1235"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 6 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              3.2.Shipping Documents_pdf.scr.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                3.2.Shipping Documents_pdf.scr.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  3.2.Shipping Documents_pdf.scr.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x32f9b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x3300d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x33097:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x33129:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x33193:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x33205:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x3329b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3332b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  3.2.Shipping Documents_pdf.scr.exe.400000.0.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                  • 0x304d0:$s2: GetPrivateProfileString
                  • 0x2fbf2:$s3: get_OSFullName
                  • 0x31187:$s5: remove_Key
                  • 0x31324:$s5: remove_Key
                  • 0x3220e:$s6: FtpWebRequest
                  • 0x32f7d:$s7: logins
                  • 0x334ef:$s7: logins
                  • 0x36200:$s7: logins
                  • 0x362b2:$s7: logins
                  • 0x37bba:$s7: logins
                  • 0x36e56:$s9: 1.85 (Hash, version 2, native byte-order)
                  0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 17 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:06/03/24-18:33:58.945232
                    SID:2029927
                    Source Port:49713
                    Destination Port:21
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:06/03/24-18:33:59.443970
                    SID:2855542
                    Source Port:49714
                    Destination Port:35846
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:06/03/24-18:33:59.443970
                    SID:2851779
                    Source Port:49714
                    Destination Port:35846
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Shipping Documents_pdf.scr.exeAvira: detected
                    Found malware configuration
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.wapination.net", "Username": "pop@wapination.net", "Password": "sync@#1235"}
                    Multi AV Scanner detection for submitted file
                    Source: Shipping Documents_pdf.scr.exeReversingLabs: Detection: 42%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for sample
                    Source: Shipping Documents_pdf.scr.exeJoe Sandbox ML: detected
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: lKxi.pdb source: Shipping Documents_pdf.scr.exe
                    Source: Binary string: lKxi.pdbSHA256 source: Shipping Documents_pdf.scr.exe

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2029927 ET TROJAN AgentTesla Exfil via FTP 192.168.2.6:49713 -> 108.179.234.136:21
                    Source: TrafficSnort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.6:49714 -> 108.179.234.136:35846
                    Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.6:49714 -> 108.179.234.136:35846
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.6:49714 -> 108.179.234.136:35846
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: unknownFTP traffic detected: 108.179.234.136:21 -> 192.168.2.6:49713 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.220-Local time is now 11:33. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.220-Local time is now 11:33. Server port: 21.220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.220-Local time is now 11:33. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficDNS traffic detected: DNS query: ftp.wapination.net
                    Source: Shipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000301C000.00000004.00000800.00020000.00000000.sdmp, Shipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.wapination.net
                    Source: Shipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Shipping Documents_pdf.scr.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                    Source: Shipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000301C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wapination.net
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Shipping Documents_pdf.scr.exe, 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, SKTzxzsJw.cs.Net Code: Fe9wfWKc5
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, SKTzxzsJw.cs.Net Code: Fe9wfWKc5

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.Shipping Documents_pdf.scr.exe.6f80000.11.raw.unpack, .csLarge array initialization: : array initializer size 28702
                    Source: 0.2.Shipping Documents_pdf.scr.exe.26ec04c.5.raw.unpack, .csLarge array initialization: : array initializer size 28702
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Shipping Documents_pdf.scr.exe
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_0252D5BC0_2_0252D5BC
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C367F80_2_04C367F8
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C3A24C0_2_04C3A24C
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C367F30_2_04C367F3
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C300400_2_04C30040
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C300070_2_04C30007
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C3A27C0_2_04C3A27C
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C3D3080_2_04C3D308
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_06BECE300_2_06BECE30
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_06BE17600_2_06BE1760
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_06D384180_2_06D38418
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_06D384080_2_06D38408
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C819C80_2_09C819C8
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C819D80_2_09C819D8
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C815910_2_09C81591
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C815A00_2_09C815A0
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C811680_2_09C81168
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C830800_2_09C83080
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C834B80_2_09C834B8
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C834B00_2_09C834B0
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_09C870200_2_09C87020
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_01669BC03_2_01669BC0
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_01664A603_2_01664A60
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_01663E483_2_01663E48
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_0166CE503_2_0166CE50
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_016641903_2_01664190
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_063500403_2_06350040
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_0635DC303_2_0635DC30
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_0635BD083_2_0635BD08
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_06358B933_2_06358B93
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_063532533_2_06353253
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_063550083_2_06355008
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2092420383.00000000008DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5e940590-bd07-4e56-ae86-61e052f8ff28.exe4 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2100517188.0000000006F80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2096338399.00000000026C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2096338399.00000000026C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5e940590-bd07-4e56-ae86-61e052f8ff28.exe4 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000000.00000002.2100746438.00000000089E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000003.00000002.3320553627.0000000000DE9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exe, 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename5e940590-bd07-4e56-ae86-61e052f8ff28.exe4 vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exeBinary or memory string: OriginalFilenamelKxi.exe> vs Shipping Documents_pdf.scr.exe
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, JoVdKtnmeTjEXD8d4f.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, JoVdKtnmeTjEXD8d4f.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, f0TRh5CYMkq6kU1aQB.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, f0TRh5CYMkq6kU1aQB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, f0TRh5CYMkq6kU1aQB.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, f0TRh5CYMkq6kU1aQB.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, f0TRh5CYMkq6kU1aQB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, f0TRh5CYMkq6kU1aQB.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Shipping Documents_pdf.scr.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMutant created: NULL
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Shipping Documents_pdf.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Shipping Documents_pdf.scr.exeReversingLabs: Detection: 42%
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile read: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe "C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe"
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess created: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe "C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe"
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess created: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe "C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: lKxi.pdb source: Shipping Documents_pdf.scr.exe
                    Source: Binary string: lKxi.pdbSHA256 source: Shipping Documents_pdf.scr.exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Shipping Documents_pdf.scr.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: Shipping Documents_pdf.scr.exe, Form1.cs.Net Code: InitializeComponent
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, f0TRh5CYMkq6kU1aQB.cs.Net Code: PlDiHfT9KK System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Shipping Documents_pdf.scr.exe.6f80000.11.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Shipping Documents_pdf.scr.exe.26ec04c.5.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, f0TRh5CYMkq6kU1aQB.cs.Net Code: PlDiHfT9KK System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C376A1 pushad ; retn 0004h0_2_04C376A2
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C37799 pushad ; retn 0004h0_2_04C3779A
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C37718 pushad ; retn 0004h0_2_04C3771A
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04C33F14 push 00000039h; ret 0_2_04C33F16
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 0_2_04D126A8 pushad ; retn 0004h0_2_04D126A9
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_06356381 push ecx; ret 3_2_06356382
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_06352021 push cs; ret 3_2_0635202A
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_0635202B push cs; ret 3_2_06352032
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_06352CFB push ds; ret 3_2_06352E1A
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeCode function: 3_2_06356AA8 push esp; ret 3_2_06356AAE
                    Source: Shipping Documents_pdf.scr.exeStatic PE information: section name: .text entropy: 7.90940063403504
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, RNm4uivncdFBFqtqtI.csHigh entropy of concatenated method names: 'FPmA4SpmvC', 'fNEAUda5Zi', 'a62AiWBcAJ', 'zYMANvdq78', 'WkiAaInwFf', 'ffbAgqHvty', 'GJlAGGmxZK', 'Ov7WkrOdBk', 'wi8Wd6J6as', 'zMrWTlkv9L'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, wylsmZVNq8uqIaB8Tn.csHigh entropy of concatenated method names: 'ToString', 'QPHDZp5sNs', 'N9LDe6DkZ1', 'x2ODcoYcc4', 'jgqD3AMi60', 'l1HDLnQgLm', 'Na6DYsbgjB', 'lIFD21OfWJ', 'KpsD1eQZXA', 'kiTDRGRIdV'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, yXxjHRMKXOya0VQlWds.csHigh entropy of concatenated method names: 'xOYA6u5Rei', 'CT0At6w39m', 'i5IAHeKVuS', 'mXAAKwqFOC', 'BAyABPXWoI', 'kI6AxMmk9T', 'iOmAPglJ8H', 'ErXA5bW4I8', 'KxpAJZcCVO', 'oBQApE47LL'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, PfxIAYMttkJCkAV4fIT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sHSSnXQCwf', 'WfBSv1eWqb', 'aS7SIikr0G', 'SmjS9bak7N', 'qDCSEKGN1O', 'r5aSC6Nsbw', 'EPMSkyCupl'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, KCY2h9IxcPcnvpTFoa.csHigh entropy of concatenated method names: 'CcJw5fAUJ2', 'FMCwJh8y4W', 'qelwqx2GcQ', 'jVhweHCrUD', 'd57w3U6fDm', 'bj4wLOGvol', 'JsUw2JDkO6', 'RJ4w1YtpMH', 'CFIw05PvKe', 'H8QwZo5fwv'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, a88XXuG73Ljl3k1cEK.csHigh entropy of concatenated method names: 'eoFgB0L4NR', 'Qp3gPx4Ri3', 'VWxlc3LiSA', 'Lurl3yDvZv', 'L3MlLtsN0P', 'IM3lYnruHb', 'v6Al29Nn1Y', 'F25l19oKcx', 'WmmlR8ADRU', 'lhsl0vLJAl'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, LNGGWIuy5wTwAc6ZQ9.csHigh entropy of concatenated method names: 'W09QmvTvCG', 'KxLQ8IHtbE', 'ToString', 'V7jQNHeh5w', 'pdXQaHGaKK', 'TffQl7FE7b', 'SZQQgn1O9m', 'ilFQGWEkAj', 'M7FQXTu3F1', 'MFeQrhCbxJ'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, K2iHZcS6r0ohrZ5T5a.csHigh entropy of concatenated method names: 'xvBX6TuMrN', 'zuNXt1lEg2', 'uSoXHSAblE', 'KKDXKEtsBD', 'jjkXBFgmQU', 'CfhXxFZyM8', 'aiVXPT7Bb5', 'N3AX53Tl4a', 'KQHXJAdddH', 'HdXXpqreUH'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, B3FQ6JY4aMhqM0QOja.csHigh entropy of concatenated method names: 'RE0HhIFMQ', 'qGxKyem2e', 'BjcxlKS1U', 'lKcPJm5DD', 'IELJjmFn9', 'fOMpD3ceV', 'nPanCQX8TUMEip2N5s', 's00QOSftcg1L0LMv2Y', 'JRdPoijdbsj4MW86OW', 'BaxW4bkOw'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, JoVdKtnmeTjEXD8d4f.csHigh entropy of concatenated method names: 'oRbanaO033', 'V7SavWnSOL', 'celaIbH4pq', 'TLFa9ke3ZF', 'JWsaEoVBRY', 'sQoaCs4Q6E', 'miqakIvSO4', 'bmAadW8EBw', 'iwUaT6JWXN', 'BIiaht2MF5'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, lcDYURg1GCAuRwDeil.csHigh entropy of concatenated method names: 'TQlGMtbAe5', 'TLvGatsj3h', 'zp6GgqjNky', 'KKhGXINOf1', 'fo3GrMwBWH', 'AdjgEVpBxI', 'wfIgCqNcsV', 'GpFgkJaC9t', 'TwkgdWTcTS', 'fIPgTvmNAM'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, daA4sgz2dxTVxtNq5o.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'A06AwwO4YE', 'zSXAF4UrsC', 'unqADGwcFW', 'cPiAQLcJwq', 'Pm7AWIqNRX', 'oGHAAth6gR', 'EnwASK8NWT'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, xFgEZgBiCtuukcGWFu.csHigh entropy of concatenated method names: 'rVCXN2ksnM', 'P85XldEgL7', 'Ix1XGkfMpr', 'lOSGhrwiXP', 'FFbGzlWkKr', 'uZLXbf0j0q', 'Kj6X4G7WGk', 'OBVXowpkFh', 'cFxXU2g7bm', 'U1IXiDCNBh'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, gKUOFBOuAIPAi32Ikx.csHigh entropy of concatenated method names: 'IgJGIkQGd1', 'glTG9aN0nx', 'hWvGE1uISr', 'ToString', 'TCtGCCmmGw', 'QcyGkhTjii', 'RkbswqZigVl28S3YFVN', 'N4hNNLZCW9lqZrfAkKd', 'OEvAHhZAUVCAP8qBsDW', 'NsiETMZ8nveWxMcq02P'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, X9J0VKJn9LjH7wwVSQ.csHigh entropy of concatenated method names: 'Dispose', 'Yu54TMgdbe', 'q6loeQrmK8', 'MB977rqN8F', 'qvF4hGg12x', 'b5I4z8lFtt', 'ProcessDialogKey', 'n1qobqhG2k', 'MmMo4P8H0Q', 'NiVooTL6hD'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, fFdqLBsyciIIWsPojS.csHigh entropy of concatenated method names: 'AxIQd9tHcS', 'U9aQh8pG1o', 'GsWWbD7nJB', 'fgTW4gGqON', 'iWrQZxXXBP', 'kc1QObO2EC', 'HDxQjrgAhg', 'N0DQnwd1uV', 'cL1Qv7SUUj', 'NoiQIRHkpH'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, vo8uEI00eUoN2qWIUn.csHigh entropy of concatenated method names: 's8AlK55hFW', 'sSJlxL1DAB', 'Qb0l5LeR1W', 'rbIlJald7g', 'JnrlFj6kks', 'hp7lDEkk7k', 'rKqlQBeaRk', 'WcclWtvQvZ', 'X06lA84J0B', 'RIblSn7sBN'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, pk5gjMbnlbw9pdiZDa.csHigh entropy of concatenated method names: 'E5B4X6ehGP', 'T9a4rMkEbH', 'x2K4mkmT3M', 'HQk48nnJld', 'x6P4Fon0AH', 'VkB4DHhK5I', 'CIHxJ9PGdARVefjse0', 'EYs9snVyr38VS4OiZY', 'Tqh44dDVdW', 'UaO4Um3iUt'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, f0TRh5CYMkq6kU1aQB.csHigh entropy of concatenated method names: 'M5JUMcTMu9', 'OqRUNEP77M', 'baqUatAOnv', 'SQjUlt7pjh', 'Fl8Ug9RGTq', 'XrZUGDTRvn', 'NO8UXH00hW', 'g3CUrfJ6FR', 'fEgUu6bI81', 'tMBUmB9mkm'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, JxrecbyL9GXyQ5Mdtw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'T1qoTnfI8v', 'yQJohYWSjn', 'hwsozHEfmi', 'O5lUbQorEL', 'j14U4aYAhS', 'ggJUoT8jpF', 'VvZUUPlSlx', 'D1wXQhN2pSv0fbqPsrx'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.3a26ec0.9.raw.unpack, uLKxVNfrGluJnvWg6a.csHigh entropy of concatenated method names: 'Ma0WN9LMVS', 'BvsWagwGi0', 'RbxWloHjdI', 'DQSWgIGq15', 'jB7WGC3sq5', 'XkfWXZ3pU2', 'GePWrkcniG', 'shGWuUWeYV', 'vkeWmhr7nH', 'KDhW8axJc4'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, RNm4uivncdFBFqtqtI.csHigh entropy of concatenated method names: 'FPmA4SpmvC', 'fNEAUda5Zi', 'a62AiWBcAJ', 'zYMANvdq78', 'WkiAaInwFf', 'ffbAgqHvty', 'GJlAGGmxZK', 'Ov7WkrOdBk', 'wi8Wd6J6as', 'zMrWTlkv9L'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, wylsmZVNq8uqIaB8Tn.csHigh entropy of concatenated method names: 'ToString', 'QPHDZp5sNs', 'N9LDe6DkZ1', 'x2ODcoYcc4', 'jgqD3AMi60', 'l1HDLnQgLm', 'Na6DYsbgjB', 'lIFD21OfWJ', 'KpsD1eQZXA', 'kiTDRGRIdV'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, yXxjHRMKXOya0VQlWds.csHigh entropy of concatenated method names: 'xOYA6u5Rei', 'CT0At6w39m', 'i5IAHeKVuS', 'mXAAKwqFOC', 'BAyABPXWoI', 'kI6AxMmk9T', 'iOmAPglJ8H', 'ErXA5bW4I8', 'KxpAJZcCVO', 'oBQApE47LL'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, PfxIAYMttkJCkAV4fIT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sHSSnXQCwf', 'WfBSv1eWqb', 'aS7SIikr0G', 'SmjS9bak7N', 'qDCSEKGN1O', 'r5aSC6Nsbw', 'EPMSkyCupl'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, KCY2h9IxcPcnvpTFoa.csHigh entropy of concatenated method names: 'CcJw5fAUJ2', 'FMCwJh8y4W', 'qelwqx2GcQ', 'jVhweHCrUD', 'd57w3U6fDm', 'bj4wLOGvol', 'JsUw2JDkO6', 'RJ4w1YtpMH', 'CFIw05PvKe', 'H8QwZo5fwv'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, a88XXuG73Ljl3k1cEK.csHigh entropy of concatenated method names: 'eoFgB0L4NR', 'Qp3gPx4Ri3', 'VWxlc3LiSA', 'Lurl3yDvZv', 'L3MlLtsN0P', 'IM3lYnruHb', 'v6Al29Nn1Y', 'F25l19oKcx', 'WmmlR8ADRU', 'lhsl0vLJAl'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, LNGGWIuy5wTwAc6ZQ9.csHigh entropy of concatenated method names: 'W09QmvTvCG', 'KxLQ8IHtbE', 'ToString', 'V7jQNHeh5w', 'pdXQaHGaKK', 'TffQl7FE7b', 'SZQQgn1O9m', 'ilFQGWEkAj', 'M7FQXTu3F1', 'MFeQrhCbxJ'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, K2iHZcS6r0ohrZ5T5a.csHigh entropy of concatenated method names: 'xvBX6TuMrN', 'zuNXt1lEg2', 'uSoXHSAblE', 'KKDXKEtsBD', 'jjkXBFgmQU', 'CfhXxFZyM8', 'aiVXPT7Bb5', 'N3AX53Tl4a', 'KQHXJAdddH', 'HdXXpqreUH'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, B3FQ6JY4aMhqM0QOja.csHigh entropy of concatenated method names: 'RE0HhIFMQ', 'qGxKyem2e', 'BjcxlKS1U', 'lKcPJm5DD', 'IELJjmFn9', 'fOMpD3ceV', 'nPanCQX8TUMEip2N5s', 's00QOSftcg1L0LMv2Y', 'JRdPoijdbsj4MW86OW', 'BaxW4bkOw'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, JoVdKtnmeTjEXD8d4f.csHigh entropy of concatenated method names: 'oRbanaO033', 'V7SavWnSOL', 'celaIbH4pq', 'TLFa9ke3ZF', 'JWsaEoVBRY', 'sQoaCs4Q6E', 'miqakIvSO4', 'bmAadW8EBw', 'iwUaT6JWXN', 'BIiaht2MF5'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, lcDYURg1GCAuRwDeil.csHigh entropy of concatenated method names: 'TQlGMtbAe5', 'TLvGatsj3h', 'zp6GgqjNky', 'KKhGXINOf1', 'fo3GrMwBWH', 'AdjgEVpBxI', 'wfIgCqNcsV', 'GpFgkJaC9t', 'TwkgdWTcTS', 'fIPgTvmNAM'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, daA4sgz2dxTVxtNq5o.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'A06AwwO4YE', 'zSXAF4UrsC', 'unqADGwcFW', 'cPiAQLcJwq', 'Pm7AWIqNRX', 'oGHAAth6gR', 'EnwASK8NWT'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, xFgEZgBiCtuukcGWFu.csHigh entropy of concatenated method names: 'rVCXN2ksnM', 'P85XldEgL7', 'Ix1XGkfMpr', 'lOSGhrwiXP', 'FFbGzlWkKr', 'uZLXbf0j0q', 'Kj6X4G7WGk', 'OBVXowpkFh', 'cFxXU2g7bm', 'U1IXiDCNBh'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, gKUOFBOuAIPAi32Ikx.csHigh entropy of concatenated method names: 'IgJGIkQGd1', 'glTG9aN0nx', 'hWvGE1uISr', 'ToString', 'TCtGCCmmGw', 'QcyGkhTjii', 'RkbswqZigVl28S3YFVN', 'N4hNNLZCW9lqZrfAkKd', 'OEvAHhZAUVCAP8qBsDW', 'NsiETMZ8nveWxMcq02P'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, X9J0VKJn9LjH7wwVSQ.csHigh entropy of concatenated method names: 'Dispose', 'Yu54TMgdbe', 'q6loeQrmK8', 'MB977rqN8F', 'qvF4hGg12x', 'b5I4z8lFtt', 'ProcessDialogKey', 'n1qobqhG2k', 'MmMo4P8H0Q', 'NiVooTL6hD'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, fFdqLBsyciIIWsPojS.csHigh entropy of concatenated method names: 'AxIQd9tHcS', 'U9aQh8pG1o', 'GsWWbD7nJB', 'fgTW4gGqON', 'iWrQZxXXBP', 'kc1QObO2EC', 'HDxQjrgAhg', 'N0DQnwd1uV', 'cL1Qv7SUUj', 'NoiQIRHkpH'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, vo8uEI00eUoN2qWIUn.csHigh entropy of concatenated method names: 's8AlK55hFW', 'sSJlxL1DAB', 'Qb0l5LeR1W', 'rbIlJald7g', 'JnrlFj6kks', 'hp7lDEkk7k', 'rKqlQBeaRk', 'WcclWtvQvZ', 'X06lA84J0B', 'RIblSn7sBN'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, pk5gjMbnlbw9pdiZDa.csHigh entropy of concatenated method names: 'E5B4X6ehGP', 'T9a4rMkEbH', 'x2K4mkmT3M', 'HQk48nnJld', 'x6P4Fon0AH', 'VkB4DHhK5I', 'CIHxJ9PGdARVefjse0', 'EYs9snVyr38VS4OiZY', 'Tqh44dDVdW', 'UaO4Um3iUt'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, f0TRh5CYMkq6kU1aQB.csHigh entropy of concatenated method names: 'M5JUMcTMu9', 'OqRUNEP77M', 'baqUatAOnv', 'SQjUlt7pjh', 'Fl8Ug9RGTq', 'XrZUGDTRvn', 'NO8UXH00hW', 'g3CUrfJ6FR', 'fEgUu6bI81', 'tMBUmB9mkm'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, JxrecbyL9GXyQ5Mdtw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'T1qoTnfI8v', 'yQJohYWSjn', 'hwsozHEfmi', 'O5lUbQorEL', 'j14U4aYAhS', 'ggJUoT8jpF', 'VvZUUPlSlx', 'D1wXQhN2pSv0fbqPsrx'
                    Source: 0.2.Shipping Documents_pdf.scr.exe.89e0000.14.raw.unpack, uLKxVNfrGluJnvWg6a.csHigh entropy of concatenated method names: 'Ma0WN9LMVS', 'BvsWagwGi0', 'RbxWloHjdI', 'DQSWgIGq15', 'jB7WGC3sq5', 'XkfWXZ3pU2', 'GePWrkcniG', 'shGWuUWeYV', 'vkeWmhr7nH', 'KDhW8axJc4'
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 24D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 26C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 46C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 8A70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 9A70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 9D90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: AD90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 2FC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: Shipping Documents_pdf.scr.exe, 00000003.00000002.3321666496.0000000001312000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeMemory written: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeProcess created: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe "C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Documents_pdf.scr.exe PID: 936, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Shipping Documents_pdf.scr.exe PID: 5064, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Documents_pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Documents_pdf.scr.exe PID: 936, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Shipping Documents_pdf.scr.exe PID: 5064, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 3.2.Shipping Documents_pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.395eab0.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Documents_pdf.scr.exe.3924690.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Documents_pdf.scr.exe PID: 936, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Shipping Documents_pdf.scr.exe PID: 5064, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		111
                    Process Injection                    		1
                    Masquerading                    		2
                    OS Credential Dumping                    		111
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		1
                    Encrypted Channel                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		12
                    Virtualization/Sandbox Evasion                    		1
                    Input Capture                    		12
                    Virtualization/Sandbox Evasion                    		Remote Desktop Protocol1
                    Input Capture                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                    Disable or Modify Tools                    		1
                    Credentials in Registry                    		1
                    Process Discovery                    		SMB/Windows Admin Shares11
                    Archive Collected Data                    		1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    File and Directory Discovery                    		Distributed Component Object Model2
                    Data from Local System                    		11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets24
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Obfuscated Files or Information                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Shipping Documents_pdf.scr.exe42%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                    Shipping Documents_pdf.scr.exe100%AviraHEUR/AGEN.1357443
                    Shipping Documents_pdf.scr.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://tempuri.org/DataSet1.xsd0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    wapination.net
                    		108.179.234.136
                    		truetrue
                      		unknown
                      ftp.wapination.net
                      		unknown
                      		unknowntrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://ftp.wapination.netShipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000301C000.00000004.00000800.00020000.00000000.sdmp, Shipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          https://account.dyn.com/Shipping Documents_pdf.scr.exe, 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Shipping Documents_pdf.scr.exe, 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameShipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://wapination.netShipping Documents_pdf.scr.exe, 00000003.00000002.3322292909.000000000301C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://tempuri.org/DataSet1.xsdShipping Documents_pdf.scr.exefalse
                            • URL Reputation: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            108.179.234.136
                            		wapination.netUnited States
                            		46606UNIFIEDLAYER-AS-1UStrue

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1451239
                            Start date and time:2024-06-03 18:33:07 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 21s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:9
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Shipping Documents_pdf.scr.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@3/1@1/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 98%
                            • Number of executed functions: 372
                            • Number of non-executed functions: 15
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • VT rate limit hit for: Shipping Documents_pdf.scr.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            12:33:54API Interceptor1x Sleep call for process: Shipping Documents_pdf.scr.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            108.179.234.136Quotation_#432768#_pdf.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              Payment Advice Copy-EUR 5500,00 20240419165413-docx.pif.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                Payment_Advice-pdf.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  UNIFIEDLAYER-AS-1USSecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.25325.32677.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                  • 192.185.117.4
                                  vtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                                  • 69.49.241.24
                                  PO82107048.exeGet hashmaliciousAgentTeslaBrowse
                                  • 192.254.225.166
                                  https://asap911.com/Get hashmaliciousUnknownBrowse
                                  • 192.185.52.227
                                  https://pmchri.ac.in/login/Exceloffice.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 192.185.154.161
                                  DEBIT NOTE.exeGet hashmaliciousFormBookBrowse
                                  • 162.240.81.18
                                  DHL Shipping Documents_SGNIR00210459.exeGet hashmaliciousAgentTeslaBrowse
                                  • 192.185.143.105
                                  Purchase Order_20240503.exeGet hashmaliciousFormBookBrowse
                                  • 108.179.192.228
                                  STATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                  • 50.87.235.85
                                  STATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                  • 50.87.235.85

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Shipping Documents_pdf.scr.exe.log

                                  Download File
                                  Process:C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):1216
                                  Entropy (8bit):5.34331486778365
                                  Encrypted:false
                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                  Malicious:false
                                  Reputation:high, very likely benign file
                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.902443996261693
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Windows Screen Saver (13104/52) 0.07%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  File name:Shipping Documents_pdf.scr.exe
                                  File size:714'240 bytes
                                  MD5:ced83aeda1a9654139778170b565e99c
                                  SHA1:e35cf928ba8735176469cb0d99a38538313d6a0d
                                  SHA256:035b784824ed07c31f8d100b3d92777b5c83ca9113d882a75f13e8b0e283892d
                                  SHA512:95f02caa7d63163e842d9a73703dd25e444021e4464192c739af98d27edbae3e8ab2b23fac47667bfce33a95554590c33bf22f3626f485a0d659af59b2fa4d76
                                  SSDEEP:12288:GaLKt/rFfaZ6Q97aY2nfn+HQOtKbS0TrQVnN7okQWVl2Guzrcd9frVF:xLKN5iUAR2n/o8JA5QhGCrcdRVF
                                  TLSH:C9E4121133D45B15C97E57B83C69A00067B636233ABBE79D0DD0E1EA2D76F028A7178B
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R]f..............0.............6.... ........@.. .......................@............@................................

                                  File Icon

                                  Icon Hash:00928e8e8686b000

                                  Static PE Info

                                  General

                                  Entrypoint:0x4afb36
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x665D52D5 [Mon Jun 3 05:21:25 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xafae30x4f.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x600.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xad19c0x54.text
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000xadb3c0xadc0059e104ecfc8b8191e92e7cc2f95c533dFalse0.9186769334532374data7.90940063403504IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rsrc0xb00000x6000x600c254568d585dbf49f13cd8db6eaa0485False0.4401041666666667data4.176828671280458IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0xb20000xc0x2000248017704b70f343ae3454241bcc461False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_VERSION0xb00900x370data0.4329545454545455
                                  RT_MANIFEST0xb04100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  06/03/24-18:33:58.945232TCP2029927ET TROJAN AgentTesla Exfil via FTP4971321192.168.2.6108.179.234.136
                                  06/03/24-18:33:59.443970TCP2855542ETPRO TROJAN Agent Tesla CnC Exfil Activity4971435846192.168.2.6108.179.234.136
                                  06/03/24-18:33:59.443970TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil4971435846192.168.2.6108.179.234.136

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jun 3, 2024 18:33:57.492630959 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:57.497654915 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:57.497786999 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.002420902 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.010833025 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.015837908 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.148181915 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.148327112 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.153321981 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.366647005 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.366826057 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.371685982 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.504143000 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.504462004 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.509490967 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.642128944 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.656157970 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.661139965 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.793607950 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.801346064 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.806471109 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.939114094 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.940076113 CEST4971435846192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.945086956 CEST3584649714108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:58.945166111 CEST4971435846192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.945231915 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:58.950229883 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:59.443531990 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:59.443969965 CEST4971435846192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:59.444037914 CEST4971435846192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:59.448952913 CEST3584649714108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:59.449600935 CEST3584649714108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:59.449677944 CEST4971435846192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:59.493211031 CEST4971321192.168.2.6108.179.234.136
                                  Jun 3, 2024 18:33:59.583136082 CEST2149713108.179.234.136192.168.2.6
                                  Jun 3, 2024 18:33:59.633835077 CEST4971321192.168.2.6108.179.234.136

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jun 3, 2024 18:33:57.272360086 CEST5232253192.168.2.61.1.1.1
                                  Jun 3, 2024 18:33:57.486628056 CEST53523221.1.1.1192.168.2.6

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Jun 3, 2024 18:33:57.272360086 CEST192.168.2.61.1.1.10x871fStandard query (0)ftp.wapination.netA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Jun 3, 2024 18:33:57.486628056 CEST1.1.1.1192.168.2.60x871fNo error (0)ftp.wapination.netwapination.netCNAME (Canonical name)IN (0x0001)false
                                  Jun 3, 2024 18:33:57.486628056 CEST1.1.1.1192.168.2.60x871fNo error (0)wapination.net108.179.234.136A (IP address)IN (0x0001)false

                                  FTP Packets

                                  TimestampSource PortDest PortSource IPDest IPCommands
                                  Jun 3, 2024 18:33:58.002420902 CEST2149713108.179.234.136192.168.2.6220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.220-Local time is now 11:33. Server port: 21.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.220-Local time is now 11:33. Server port: 21.220-IPv6 connections are also welcome on this server.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 150 allowed.220-Local time is now 11:33. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                  Jun 3, 2024 18:33:58.010833025 CEST4971321192.168.2.6108.179.234.136USER pop@wapination.net
                                  Jun 3, 2024 18:33:58.148181915 CEST2149713108.179.234.136192.168.2.6331 User pop@wapination.net OK. Password required
                                  Jun 3, 2024 18:33:58.148327112 CEST4971321192.168.2.6108.179.234.136PASS sync@#1235
                                  Jun 3, 2024 18:33:58.366647005 CEST2149713108.179.234.136192.168.2.6230 OK. Current restricted directory is /
                                  Jun 3, 2024 18:33:58.504143000 CEST2149713108.179.234.136192.168.2.6504 Unknown command
                                  Jun 3, 2024 18:33:58.504462004 CEST4971321192.168.2.6108.179.234.136PWD
                                  Jun 3, 2024 18:33:58.642128944 CEST2149713108.179.234.136192.168.2.6257 "/" is your current location
                                  Jun 3, 2024 18:33:58.656157970 CEST4971321192.168.2.6108.179.234.136TYPE I
                                  Jun 3, 2024 18:33:58.793607950 CEST2149713108.179.234.136192.168.2.6200 TYPE is now 8-bit binary
                                  Jun 3, 2024 18:33:58.801346064 CEST4971321192.168.2.6108.179.234.136PASV
                                  Jun 3, 2024 18:33:58.939114094 CEST2149713108.179.234.136192.168.2.6227 Entering Passive Mode (108,179,234,136,140,6)
                                  Jun 3, 2024 18:33:58.945231915 CEST4971321192.168.2.6108.179.234.136STOR PW_user-849224_2024_06_03_12_33_56.html
                                  Jun 3, 2024 18:33:59.443531990 CEST2149713108.179.234.136192.168.2.6150 Accepted data connection
                                  Jun 3, 2024 18:33:59.583136082 CEST2149713108.179.234.136192.168.2.6226-File successfully transferred
                                  226-File successfully transferred226 0.138 seconds (measured here), 2.27 Kbytes per second

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:12:33:54
                                  Start date:03/06/2024
                                  Path:C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe"
                                  Imagebase:0x2e0000
                                  File size:714'240 bytes
                                  MD5 hash:CED83AEDA1A9654139778170B565E99C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2097465493.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:12:33:55
                                  Start date:03/06/2024
                                  Path:C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\Shipping Documents_pdf.scr.exe"
                                  Imagebase:0xba0000
                                  File size:714'240 bytes
                                  MD5 hash:CED83AEDA1A9654139778170B565E99C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3322292909.000000000300E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3320224187.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3322292909.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low
                                  Has exited:false

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:11.9%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:225
                                    Total number of Limit Nodes:15
                                    execution_graph 64673 9c87458 64674 9c875e3 64673->64674 64676 9c8747e 64673->64676 64676->64674 64677 9c86784 64676->64677 64678 9c876d8 PostMessageW 64677->64678 64679 9c87744 64678->64679 64679->64676 64680 9c85058 64681 9c85072 64680->64681 64697 9c85649 64681->64697 64702 9c85834 64681->64702 64707 9c85653 64681->64707 64712 9c85851 64681->64712 64716 9c8553f 64681->64716 64722 9c85b9f 64681->64722 64727 9c856dd 64681->64727 64732 9c855d9 64681->64732 64738 9c85998 64681->64738 64743 9c85a38 64681->64743 64751 9c85758 64681->64751 64763 9c856c6 64681->64763 64768 9c85a84 64681->64768 64773 9c85501 64681->64773 64682 9c85096 64698 9c8563f 64697->64698 64699 9c85e17 64698->64699 64779 9c83f28 64698->64779 64783 9c83f21 64698->64783 64703 9c856f4 64702->64703 64704 9c85715 64702->64704 64705 9c83f28 WriteProcessMemory 64703->64705 64706 9c83f21 WriteProcessMemory 64703->64706 64704->64682 64705->64704 64706->64704 64708 9c85660 64707->64708 64710 9c83f28 WriteProcessMemory 64708->64710 64711 9c83f21 WriteProcessMemory 64708->64711 64709 9c85699 64709->64682 64710->64709 64711->64709 64787 9c83e68 64712->64787 64791 9c83e60 64712->64791 64713 9c8586f 64713->64682 64717 9c85545 64716->64717 64718 9c855a8 64717->64718 64795 9c841b0 64717->64795 64799 9c841a5 64717->64799 64718->64682 64724 9c8563f 64722->64724 64723 9c85e17 64724->64722 64724->64723 64725 9c83f28 WriteProcessMemory 64724->64725 64726 9c83f21 WriteProcessMemory 64724->64726 64725->64724 64726->64724 64728 9c856e3 64727->64728 64730 9c83f28 WriteProcessMemory 64728->64730 64731 9c83f21 WriteProcessMemory 64728->64731 64729 9c85715 64729->64682 64730->64729 64731->64729 64733 9c8552d 64732->64733 64734 9c8556c 64732->64734 64733->64682 64734->64733 64736 9c841b0 CreateProcessA 64734->64736 64737 9c841a5 CreateProcessA 64734->64737 64735 9c85614 64735->64682 64736->64735 64737->64735 64739 9c8599e 64738->64739 64803 9c84018 64739->64803 64807 9c84010 64739->64807 64740 9c859c1 64744 9c85a3e 64743->64744 64811 9c83cd8 64744->64811 64815 9c83ce0 64744->64815 64745 9c85e17 64745->64682 64746 9c8563f 64746->64745 64749 9c83f28 WriteProcessMemory 64746->64749 64750 9c83f21 WriteProcessMemory 64746->64750 64749->64746 64750->64746 64752 9c85903 64751->64752 64753 9c85765 64751->64753 64754 9c85c8c 64752->64754 64759 9c83cd8 ResumeThread 64752->64759 64760 9c83ce0 ResumeThread 64752->64760 64819 9c83d90 64753->64819 64823 9c83d88 64753->64823 64754->64682 64755 9c8563f 64756 9c85e17 64755->64756 64761 9c83f28 WriteProcessMemory 64755->64761 64762 9c83f21 WriteProcessMemory 64755->64762 64756->64682 64759->64755 64760->64755 64761->64755 64762->64755 64764 9c856d0 64763->64764 64766 9c83f28 WriteProcessMemory 64764->64766 64767 9c83f21 WriteProcessMemory 64764->64767 64765 9c85715 64765->64682 64766->64765 64767->64765 64827 9c86100 64768->64827 64832 9c86110 64768->64832 64769 9c859ea 64769->64768 64770 9c858fc 64769->64770 64770->64682 64774 9c85507 64773->64774 64776 9c855a8 64774->64776 64777 9c841b0 CreateProcessA 64774->64777 64778 9c841a5 CreateProcessA 64774->64778 64775 9c85614 64775->64682 64776->64682 64777->64775 64778->64775 64780 9c83f70 WriteProcessMemory 64779->64780 64782 9c83fc7 64780->64782 64782->64698 64784 9c83f28 WriteProcessMemory 64783->64784 64786 9c83fc7 64784->64786 64786->64698 64788 9c83ea8 VirtualAllocEx 64787->64788 64790 9c83ee5 64788->64790 64790->64713 64792 9c83e68 VirtualAllocEx 64791->64792 64794 9c83ee5 64792->64794 64794->64713 64796 9c84239 CreateProcessA 64795->64796 64798 9c843fb 64796->64798 64800 9c841b0 CreateProcessA 64799->64800 64802 9c843fb 64800->64802 64804 9c84063 ReadProcessMemory 64803->64804 64806 9c840a7 64804->64806 64806->64740 64808 9c84063 ReadProcessMemory 64807->64808 64810 9c840a7 64808->64810 64810->64740 64812 9c83ce0 ResumeThread 64811->64812 64814 9c83d51 64812->64814 64814->64746 64816 9c83d20 ResumeThread 64815->64816 64818 9c83d51 64816->64818 64818->64746 64820 9c83dd5 Wow64SetThreadContext 64819->64820 64822 9c83e1d 64820->64822 64822->64755 64824 9c83d90 Wow64SetThreadContext 64823->64824 64826 9c83e1d 64824->64826 64826->64755 64828 9c86125 64827->64828 64830 9c83d88 Wow64SetThreadContext 64828->64830 64831 9c83d90 Wow64SetThreadContext 64828->64831 64829 9c8613b 64829->64769 64830->64829 64831->64829 64833 9c86125 64832->64833 64835 9c83d88 Wow64SetThreadContext 64833->64835 64836 9c83d90 Wow64SetThreadContext 64833->64836 64834 9c8613b 64834->64769 64835->64834 64836->64834 64837 252d040 64838 252d086 64837->64838 64842 252d628 64838->64842 64845 252d619 64838->64845 64839 252d173 64843 252d656 64842->64843 64848 252d27c 64842->64848 64843->64839 64846 252d27c DuplicateHandle 64845->64846 64847 252d656 64846->64847 64847->64839 64849 252d690 DuplicateHandle 64848->64849 64850 252d726 64849->64850 64850->64843 64938 252acb0 64942 252ad97 64938->64942 64950 252ada8 64938->64950 64939 252acbf 64943 252adb9 64942->64943 64944 252addc 64942->64944 64943->64944 64958 252b040 64943->64958 64962 252b030 64943->64962 64944->64939 64945 252add4 64945->64944 64946 252afe0 GetModuleHandleW 64945->64946 64947 252b00d 64946->64947 64947->64939 64951 252adb9 64950->64951 64952 252addc 64950->64952 64951->64952 64956 252b040 LoadLibraryExW 64951->64956 64957 252b030 LoadLibraryExW 64951->64957 64952->64939 64953 252add4 64953->64952 64954 252afe0 GetModuleHandleW 64953->64954 64955 252b00d 64954->64955 64955->64939 64956->64953 64957->64953 64959 252b054 64958->64959 64961 252b079 64959->64961 64966 252a130 64959->64966 64961->64945 64963 252b054 64962->64963 64964 252a130 LoadLibraryExW 64963->64964 64965 252b079 64963->64965 64964->64965 64965->64945 64967 252b220 LoadLibraryExW 64966->64967 64969 252b299 64967->64969 64969->64961 64872 244d01c 64873 244d034 64872->64873 64874 244d08e 64873->64874 64877 4c32808 64873->64877 64882 4c32818 64873->64882 64879 4c32845 64877->64879 64878 4c32877 64879->64878 64887 4c32990 64879->64887 64892 4c329a0 64879->64892 64883 4c32845 64882->64883 64884 4c32877 64883->64884 64885 4c32990 2 API calls 64883->64885 64886 4c329a0 2 API calls 64883->64886 64885->64884 64886->64884 64888 4c329b4 64887->64888 64897 4c32a48 64888->64897 64900 4c32a58 64888->64900 64889 4c32a40 64889->64878 64894 4c329b4 64892->64894 64893 4c32a40 64893->64878 64895 4c32a48 2 API calls 64894->64895 64896 4c32a58 2 API calls 64894->64896 64895->64893 64896->64893 64898 4c32a69 64897->64898 64903 4c3401e 64897->64903 64898->64889 64901 4c32a69 64900->64901 64902 4c3401e 2 API calls 64900->64902 64901->64889 64902->64901 64907 4c34040 64903->64907 64911 4c34030 64903->64911 64904 4c3402a 64904->64898 64908 4c34082 64907->64908 64910 4c34089 64907->64910 64909 4c340da CallWindowProcW 64908->64909 64908->64910 64909->64910 64910->64904 64912 4c34082 64911->64912 64914 4c34089 64911->64914 64913 4c340da CallWindowProcW 64912->64913 64912->64914 64913->64914 64914->64904 64915 4d1f488 64917 4d1f4a9 64915->64917 64916 4d1f4c1 64917->64916 64921 252ffb0 64917->64921 64925 252ffa0 64917->64925 64918 4d1f5d4 64930 4c3fe50 64921->64930 64934 4c3fe49 64921->64934 64922 252ffcd 64922->64918 64926 252ffa4 64925->64926 64928 4c3fe50 DrawTextExW 64926->64928 64929 4c3fe49 DrawTextExW 64926->64929 64927 252ffcd 64927->64918 64928->64927 64929->64927 64932 4c3fe9e DrawTextExW 64930->64932 64933 4c3fef6 64932->64933 64933->64922 64935 4c3fe4c DrawTextExW 64934->64935 64937 4c3fef6 64935->64937 64937->64922 64851 2524668 64852 252467a 64851->64852 64853 2524686 64852->64853 64855 2524778 64852->64855 64856 252479d 64855->64856 64860 2524878 64856->64860 64864 2524888 64856->64864 64861 25248af 64860->64861 64862 252498c 64861->64862 64868 25244b0 64861->64868 64866 25248af 64864->64866 64865 252498c 64865->64865 64866->64865 64867 25244b0 CreateActCtxA 64866->64867 64867->64865 64869 2525918 CreateActCtxA 64868->64869 64871 25259db 64869->64871

                                    Executed Functions

                                    Function 04C367F8 Relevance: 1.9, Strings: 1, Instructions: 661COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q
                                    • API String ID: 0-3806008745
                                    • Opcode ID: d2852afe8c7636b8b1019f2dbb22c4e675f4ed28cda65b520b5475963b6c9fda
                                    • Instruction ID: 097d2e00ac50bbd53fc83dd85860a74bd0765980188f2fb49cdc82b4c8a6316a
                                    • Opcode Fuzzy Hash: d2852afe8c7636b8b1019f2dbb22c4e675f4ed28cda65b520b5475963b6c9fda
                                    • Instruction Fuzzy Hash: D362B234A00219DFDB64DF64C894AD9BBB2FF89301F1181EAD509AB365DB31AE85CF50
                                    Function 04C367F3 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1009 4c367f3-4c36823 1010 4c36825 1009->1010 1011 4c3682a-4c368bc 1009->1011 1010->1011 1016 4c368c6-4c368d2 call 4c357b8 1011->1016 1018 4c368d7-4c36920 call 4c357b8 1016->1018 1024 4c3692a-4c36936 call 4c3659c 1018->1024 1026 4c3693b-4c36bb8 call 4c365ac call 4c365bc call 4c365cc call 4c365dc call 4c365ec call 4c365fc 1024->1026 1055 4c36bbe-4c36bcb 1026->1055 1146 4c36bd1 call 6bec99a 1055->1146 1147 4c36bd1 call 6bec9a8 1055->1147 1056 4c36bd7-4c36beb 1148 4c36bee call 6bee3f8 1056->1148 1149 4c36bee call 6bee3e7 1056->1149 1057 4c36bf1-4c36d1d call 4c365ac call 4c365bc call 4c365cc 1071 4c36dea-4c36e03 1057->1071 1072 4c36d22-4c36d5c 1071->1072 1073 4c36e09-4c370df call 4c365dc call 4c365ec call 4c365fc call 4c365bc call 4c365cc call 4c365dc call 4c365ec call 4c3660c call 4c3661c call 4c3662c call 4c3663c 1071->1073 1080 4c36d63-4c36d77 1072->1080 1081 4c36d5e 1072->1081 1117 4c370e4-4c370fe 1073->1117 1083 4c36d79 1080->1083 1084 4c36d7e-4c36da8 1080->1084 1081->1080 1083->1084 1085 4c36daa 1084->1085 1086 4c36daf-4c36dd8 1084->1086 1085->1086 1088 4c36dda 1086->1088 1089 4c36ddf-4c36de7 1086->1089 1088->1089 1089->1071 1150 4c37101 call 6bef980 1117->1150 1151 4c37101 call 6bef970 1117->1151 1118 4c37104-4c3712a 1120 4c37130-4c37140 1118->1120 1121 4c37142 1120->1121 1122 4c37147-4c371f3 call 4c3664c 1120->1122 1121->1122 1130 4c371fe-4c3721c 1122->1130 1131 4c37227-4c372db call 4c3663c * 2 call 4c3665c call 4c365cc call 4c3666c 1130->1131 1146->1056 1147->1056 1148->1057 1149->1057 1150->1118 1151->1118
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q
                                    • API String ID: 0-3806008745
                                    • Opcode ID: 4dde937e2a39959bca17c4a3d4e0619120a5b404e50f5e77d116b8654ebda7ad
                                    • Instruction ID: 585d8e0812368200ad0868fd1ceaa04ed5a26e5fbe134f07a79bc734c83487aa
                                    • Opcode Fuzzy Hash: 4dde937e2a39959bca17c4a3d4e0619120a5b404e50f5e77d116b8654ebda7ad
                                    • Instruction Fuzzy Hash: 8B529134A00219CFDB64DF64C894AD9B7B2FF8A305F1181EAD509AB365DB31AE85CF50
                                    Function 04C3A27C Relevance: .6, Instructions: 602COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0c55420620c4c9a62f7e11d62709d28f4eb93ee5abba89c659c347c381f0a64
                                    • Instruction ID: 2c857107596fdc16effa0d5f8d770e6b94724c82c6e1576b1b29567fa1e22be3
                                    • Opcode Fuzzy Hash: b0c55420620c4c9a62f7e11d62709d28f4eb93ee5abba89c659c347c381f0a64
                                    • Instruction Fuzzy Hash: D3526C75A00246CFDB14DF28C844B98B7B2FF89314F2582E9D5596F3A1DB71A986CF80
                                    Function 04C3A24C Relevance: .6, Instructions: 592COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4de1b3e36e246a478a099ad603c015e16d5b044c7a54f558a074ad21af025b17
                                    • Instruction ID: 88392320512ed156b8447b046554b54b71183b84623ac8d44a3dce530d3c570c
                                    • Opcode Fuzzy Hash: 4de1b3e36e246a478a099ad603c015e16d5b044c7a54f558a074ad21af025b17
                                    • Instruction Fuzzy Hash: 49525A75A00206CFDB14DF28C844B98B7B2FF89314F2582A9D5596F3A1DB71AD86CF81
                                    Function 04C3D308 Relevance: .6, Instructions: 574COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 910eb197de8c6982507d92e04552b28f9cc7fc52a75723e112c15dfa83d919f8
                                    • Instruction ID: 3a50cff3bff9a0fed750f1bd05ed773eafe51d839f8fe88c9a2141b6f1fc746c
                                    • Opcode Fuzzy Hash: 910eb197de8c6982507d92e04552b28f9cc7fc52a75723e112c15dfa83d919f8
                                    • Instruction Fuzzy Hash: FA525B75A00206CFDB14DF28C844B98B7B2FF89314F2582E9D5596F3A1DB71A986CF80
                                    Function 06BECE30 Relevance: .4, Instructions: 381COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f775601ad3205e146b0e3420f4040473dae582916316efe82686effb44c25bc0
                                    • Instruction ID: 529e873cee5dd59155d5f85578b9022279190cf2ed01e0daaed4e22b427ccc85
                                    • Opcode Fuzzy Hash: f775601ad3205e146b0e3420f4040473dae582916316efe82686effb44c25bc0
                                    • Instruction Fuzzy Hash: C2E18F70A002088FDB18DFA9D49469EBBF6EF89300F24856EE506EB395DF749C46CB51
                                    Function 09C841A5 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1152 9c841a5-9c84245 1155 9c8427e-9c8429e 1152->1155 1156 9c84247-9c84251 1152->1156 1163 9c842a0-9c842aa 1155->1163 1164 9c842d7-9c84306 1155->1164 1156->1155 1157 9c84253-9c84255 1156->1157 1158 9c84278-9c8427b 1157->1158 1159 9c84257-9c84261 1157->1159 1158->1155 1161 9c84263 1159->1161 1162 9c84265-9c84274 1159->1162 1161->1162 1162->1162 1165 9c84276 1162->1165 1163->1164 1166 9c842ac-9c842ae 1163->1166 1172 9c84308-9c84312 1164->1172 1173 9c8433f-9c843f9 CreateProcessA 1164->1173 1165->1158 1168 9c842b0-9c842ba 1166->1168 1169 9c842d1-9c842d4 1166->1169 1170 9c842bc 1168->1170 1171 9c842be-9c842cd 1168->1171 1169->1164 1170->1171 1171->1171 1174 9c842cf 1171->1174 1172->1173 1175 9c84314-9c84316 1172->1175 1184 9c843fb-9c84401 1173->1184 1185 9c84402-9c84488 1173->1185 1174->1169 1177 9c84318-9c84322 1175->1177 1178 9c84339-9c8433c 1175->1178 1179 9c84324 1177->1179 1180 9c84326-9c84335 1177->1180 1178->1173 1179->1180 1180->1180 1182 9c84337 1180->1182 1182->1178 1184->1185 1195 9c84498-9c8449c 1185->1195 1196 9c8448a-9c8448e 1185->1196 1198 9c844ac-9c844b0 1195->1198 1199 9c8449e-9c844a2 1195->1199 1196->1195 1197 9c84490 1196->1197 1197->1195 1200 9c844c0-9c844c4 1198->1200 1201 9c844b2-9c844b6 1198->1201 1199->1198 1202 9c844a4 1199->1202 1204 9c844d6-9c844dd 1200->1204 1205 9c844c6-9c844cc 1200->1205 1201->1200 1203 9c844b8 1201->1203 1202->1198 1203->1200 1206 9c844df-9c844ee 1204->1206 1207 9c844f4 1204->1207 1205->1204 1206->1207 1209 9c844f5 1207->1209 1209->1209
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09C843E6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: a2878562ece2084e35530f340a9367135a0a07e3e3eab14284198e01c0f6767d
                                    • Instruction ID: 834321ae5a3eab18b38eb101e4fb8904bf542218ee186a8cf82a16fa93d4811d
                                    • Opcode Fuzzy Hash: a2878562ece2084e35530f340a9367135a0a07e3e3eab14284198e01c0f6767d
                                    • Instruction Fuzzy Hash: 13A14E71D0025ADFEF14DFA8D8417DEBBB2BF48314F1485A9E808A7290D7749A85CF91
                                    Function 09C841B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1210 9c841b0-9c84245 1212 9c8427e-9c8429e 1210->1212 1213 9c84247-9c84251 1210->1213 1220 9c842a0-9c842aa 1212->1220 1221 9c842d7-9c84306 1212->1221 1213->1212 1214 9c84253-9c84255 1213->1214 1215 9c84278-9c8427b 1214->1215 1216 9c84257-9c84261 1214->1216 1215->1212 1218 9c84263 1216->1218 1219 9c84265-9c84274 1216->1219 1218->1219 1219->1219 1222 9c84276 1219->1222 1220->1221 1223 9c842ac-9c842ae 1220->1223 1229 9c84308-9c84312 1221->1229 1230 9c8433f-9c843f9 CreateProcessA 1221->1230 1222->1215 1225 9c842b0-9c842ba 1223->1225 1226 9c842d1-9c842d4 1223->1226 1227 9c842bc 1225->1227 1228 9c842be-9c842cd 1225->1228 1226->1221 1227->1228 1228->1228 1231 9c842cf 1228->1231 1229->1230 1232 9c84314-9c84316 1229->1232 1241 9c843fb-9c84401 1230->1241 1242 9c84402-9c84488 1230->1242 1231->1226 1234 9c84318-9c84322 1232->1234 1235 9c84339-9c8433c 1232->1235 1236 9c84324 1234->1236 1237 9c84326-9c84335 1234->1237 1235->1230 1236->1237 1237->1237 1239 9c84337 1237->1239 1239->1235 1241->1242 1252 9c84498-9c8449c 1242->1252 1253 9c8448a-9c8448e 1242->1253 1255 9c844ac-9c844b0 1252->1255 1256 9c8449e-9c844a2 1252->1256 1253->1252 1254 9c84490 1253->1254 1254->1252 1257 9c844c0-9c844c4 1255->1257 1258 9c844b2-9c844b6 1255->1258 1256->1255 1259 9c844a4 1256->1259 1261 9c844d6-9c844dd 1257->1261 1262 9c844c6-9c844cc 1257->1262 1258->1257 1260 9c844b8 1258->1260 1259->1255 1260->1257 1263 9c844df-9c844ee 1261->1263 1264 9c844f4 1261->1264 1262->1261 1263->1264 1266 9c844f5 1264->1266 1266->1266
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09C843E6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: 014b2e116531c9fb52a3f44b49be481730978c5f8fa5502c7e0761687c464d6f
                                    • Instruction ID: f3bd21059dfa65e4eac41a752fc794a6a8cfc8dd9dfece808516abe47ead4b18
                                    • Opcode Fuzzy Hash: 014b2e116531c9fb52a3f44b49be481730978c5f8fa5502c7e0761687c464d6f
                                    • Instruction Fuzzy Hash: C4915F71D0025ADFDF14DFA8D8417DEBBB2BF48314F1485A9E808A7250D7749A85CF91
                                    Function 06D3241B Relevance: 1.7, Strings: 1, Instructions: 452COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1267 6d3241b-6d32466 1268 6d32488-6d3248c 1267->1268 1269 6d32492-6d32497 1268->1269 1270 6d32be7-6d32c17 1268->1270 1271 6d32468-6d3246b 1269->1271 1274 6d32474-6d32486 1271->1274 1275 6d3246d 1271->1275 1274->1271 1275->1268 1275->1274 1276 6d32751-6d32760 1275->1276 1277 6d32677-6d3269e 1275->1277 1278 6d326b6-6d326bc 1275->1278 1279 6d32499-6d32501 call 6d319a8 1275->1279 1280 6d3279e-6d32811 1275->1280 1281 6d3281d-6d32837 1275->1281 1282 6d3263c-6d32664 1275->1282 1283 6d32763-6d32768 1275->1283 1284 6d32702-6d32740 call 6d320c4 1275->1284 1285 6d326c1-6d326d8 1275->1285 1286 6d326a0-6d326b1 1275->1286 1287 6d32585-6d32594 1275->1287 1288 6d32504-6d32506 1275->1288 1289 6d325a4-6d32637 1275->1289 1290 6d3250b-6d32555 1275->1290 1291 6d3276a-6d32796 1275->1291 1292 6d32669-6d32672 1275->1292 1293 6d326ec-6d326ff 1275->1293 1276->1283 1277->1286 1278->1271 1279->1288 1294 6d32745-6d32748 1280->1294 1309 6d3283c-6d3283f 1281->1309 1282->1271 1283->1294 1284->1294 1316 6d326da 1285->1316 1317 6d326dd-6d326e0 1285->1317 1286->1271 1318 6d32af6-6d32b3b 1287->1318 1319 6d3259a-6d3259f 1287->1319 1288->1271 1289->1271 1378 6d3255e-6d32560 1290->1378 1291->1280 1292->1271 1293->1284 1294->1276 1310 6d3274a 1294->1310 1321 6d32841 1309->1321 1322 6d32848-6d32890 1309->1322 1310->1276 1310->1280 1310->1281 1310->1283 1310->1291 1310->1322 1323 6d32899-6d328a6 1310->1323 1324 6d328ae 1310->1324 1316->1317 1317->1271 1418 6d32b53-6d32b6a 1318->1418 1419 6d32b3d-6d32b45 1318->1419 1319->1271 1321->1270 1321->1318 1321->1322 1321->1323 1321->1324 1332 6d32a33-6d32a77 1321->1332 1333 6d32bd0-6d32be4 1321->1333 1334 6d32ab8-6d32ae3 1321->1334 1335 6d329ff-6d32a2e 1321->1335 1336 6d329a2-6d329fa 1321->1336 1337 6d32aa1-6d32aa6 1321->1337 1338 6d32aab-6d32ab3 1321->1338 1339 6d328cb-6d328cf 1321->1339 1340 6d32b6f-6d32bad 1321->1340 1341 6d32aef-6d32af1 1321->1341 1322->1309 1323->1324 1345 6d328b6-6d328b9 1324->1345 1413 6d32a91-6d32a9a 1332->1413 1414 6d32a79-6d32a81 1332->1414 1334->1345 1336->1345 1346 6d328f2-6d328f7 1339->1346 1347 6d328d1-6d328f0 1339->1347 1345->1339 1356 6d328bb 1345->1356 1353 6d328f9-6d32901 1346->1353 1354 6d3290f-6d3297b call 6d33a76 1346->1354 1347->1346 1353->1354 1426 6d32981-6d3299d 1354->1426 1356->1270 1356->1318 1356->1332 1356->1333 1356->1334 1356->1335 1356->1336 1356->1337 1356->1338 1356->1339 1356->1340 1356->1341 1390 6d32562-6d3256a 1378->1390 1391 6d32578-6d32580 1378->1391 1390->1391 1391->1271 1413->1337 1414->1413 1419->1418 1426->1336 1426->1345
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \
                                    • API String ID: 0-417808876
                                    • Opcode ID: bbde42a7c1d8203810224edbc9546770781e7616c796e5caa417716d00133a4a
                                    • Instruction ID: 27d4851f1877084f1ddcf2ebc76028cbfbad93dee72e316da72daff58fa80868
                                    • Opcode Fuzzy Hash: bbde42a7c1d8203810224edbc9546770781e7616c796e5caa417716d00133a4a
                                    • Instruction Fuzzy Hash: D402B030E04268DFEB55CF94D854BADBBB2BB44300F64842AE542AF399CB74DE41CB91
                                    Function 0252ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1429 252ada8-252adb7 1430 252ade3-252ade7 1429->1430 1431 252adb9-252adc6 call 252a0cc 1429->1431 1433 252adfb-252ae3c 1430->1433 1434 252ade9-252adf3 1430->1434 1436 252adc8 1431->1436 1437 252addc 1431->1437 1440 252ae49-252ae57 1433->1440 1441 252ae3e-252ae46 1433->1441 1434->1433 1484 252adce call 252b040 1436->1484 1485 252adce call 252b030 1436->1485 1437->1430 1442 252ae7b-252ae7d 1440->1442 1443 252ae59-252ae5e 1440->1443 1441->1440 1447 252ae80-252ae87 1442->1447 1445 252ae60-252ae67 call 252a0d8 1443->1445 1446 252ae69 1443->1446 1444 252add4-252add6 1444->1437 1448 252af18-252afd8 1444->1448 1450 252ae6b-252ae79 1445->1450 1446->1450 1451 252ae94-252ae9b 1447->1451 1452 252ae89-252ae91 1447->1452 1479 252afe0-252b00b GetModuleHandleW 1448->1479 1480 252afda-252afdd 1448->1480 1450->1447 1454 252aea8-252aeaa call 252a0e8 1451->1454 1455 252ae9d-252aea5 1451->1455 1452->1451 1458 252aeaf-252aeb1 1454->1458 1455->1454 1460 252aeb3-252aebb 1458->1460 1461 252aebe-252aec3 1458->1461 1460->1461 1462 252aee1-252aeee 1461->1462 1463 252aec5-252aecc 1461->1463 1470 252aef0-252af0e 1462->1470 1471 252af11-252af17 1462->1471 1463->1462 1465 252aece-252aede call 252a0f8 call 252a108 1463->1465 1465->1462 1470->1471 1481 252b014-252b028 1479->1481 1482 252b00d-252b013 1479->1482 1480->1479 1482->1481 1484->1444 1485->1444
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0252AFFE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 97cdea47e142063521c58f4a080152650a1d33fece70cf5647ceeebe77466b8d
                                    • Instruction ID: ea43c682bb743b82b1e3c04b65683ec8bac879743632e53741998d39e611d916
                                    • Opcode Fuzzy Hash: 97cdea47e142063521c58f4a080152650a1d33fece70cf5647ceeebe77466b8d
                                    • Instruction Fuzzy Hash: CE711670A00B158FD724DF29D44475ABBF1FF89304F008A2ED496D7A90DB75E84ACB94
                                    Function 0252590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1486 252590c-25259d9 CreateActCtxA 1488 25259e2-2525a3c 1486->1488 1489 25259db-25259e1 1486->1489 1496 2525a4b-2525a4f 1488->1496 1497 2525a3e-2525a41 1488->1497 1489->1488 1498 2525a60 1496->1498 1499 2525a51-2525a5d 1496->1499 1497->1496 1500 2525a61 1498->1500 1499->1498 1500->1500
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 025259C9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 63a952f2df0ce7c7144e68e867a82c27307a1d055aeabc70543e32022381b834
                                    • Instruction ID: e9e44c46f9ccfcf5fca57db6d34f153c158cd05b5acb05f90db45353ae7fd089
                                    • Opcode Fuzzy Hash: 63a952f2df0ce7c7144e68e867a82c27307a1d055aeabc70543e32022381b834
                                    • Instruction Fuzzy Hash: EA41F2B1C00719CFDB24CFA9C8857CDBBB1BF89714F2081AAD448AB291DB75694ACF50
                                    Function 025244B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1502 25244b0-25259d9 CreateActCtxA 1505 25259e2-2525a3c 1502->1505 1506 25259db-25259e1 1502->1506 1513 2525a4b-2525a4f 1505->1513 1514 2525a3e-2525a41 1505->1514 1506->1505 1515 2525a60 1513->1515 1516 2525a51-2525a5d 1513->1516 1514->1513 1517 2525a61 1515->1517 1516->1515 1517->1517
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 025259C9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 5aed7c1fd9265b92a8b0268411289c9ec0e3be5e246cce4001f60d30eb8045f5
                                    • Instruction ID: f44118c2114879cdb23812aaf11a918eca1ee7803f2322ab6ddfbb9fc2f1f2f3
                                    • Opcode Fuzzy Hash: 5aed7c1fd9265b92a8b0268411289c9ec0e3be5e246cce4001f60d30eb8045f5
                                    • Instruction Fuzzy Hash: 7641D3B0C0071DCBDB24CFA9C8457DEBBB5BF49704F6080AAD448AB291E7756949CF90
                                    Function 04C34040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1519 4c34040-4c3407c 1520 4c34082-4c34087 1519->1520 1521 4c3412c-4c3414c 1519->1521 1522 4c340da-4c34112 CallWindowProcW 1520->1522 1523 4c34089-4c340c0 1520->1523 1527 4c3414f-4c3415c 1521->1527 1524 4c34114-4c3411a 1522->1524 1525 4c3411b-4c3412a 1522->1525 1530 4c340c2-4c340c8 1523->1530 1531 4c340c9-4c340d8 1523->1531 1524->1525 1525->1527 1530->1531 1531->1527
                                    APIs
                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 04C34101
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: CallProcWindow
                                    • String ID:
                                    • API String ID: 2714655100-0
                                    • Opcode ID: 7293e368066f72e1f8790daa5c51988f48d74c5fccc071c9c75ca41191b46004
                                    • Instruction ID: 78a97d8f46290f5b447174a69a6a8eda993616ea7ad996d975bbe48fbebe2ae9
                                    • Opcode Fuzzy Hash: 7293e368066f72e1f8790daa5c51988f48d74c5fccc071c9c75ca41191b46004
                                    • Instruction Fuzzy Hash: 8A414BB9A00309DFDB14CF99C448AAAFBF5FB88314F24C459D519AB321D374A941CFA4
                                    Function 04C3FE49 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1533 4c3fe49-4c3fe4a 1534 4c3fe50-4c3fe9c 1533->1534 1535 4c3fe4c-4c3fe4d 1533->1535 1536 4c3fea7-4c3feb6 1534->1536 1537 4c3fe9e-4c3fea4 1534->1537 1535->1534 1538 4c3febb-4c3fef4 DrawTextExW 1536->1538 1539 4c3feb8 1536->1539 1537->1536 1540 4c3fef6-4c3fefc 1538->1540 1541 4c3fefd-4c3ff1a 1538->1541 1539->1538 1540->1541
                                    APIs
                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 04C3FEE7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: DrawText
                                    • String ID:
                                    • API String ID: 2175133113-0
                                    • Opcode ID: 2e7175f0edf95fd029dd24d5dcfa49fee7327f6e3820a09320c2aca260260ba7
                                    • Instruction ID: ff146569be2bc9e5684cb9fbe9a4c89ad225eeaefe981c982177ea670eeb6e72
                                    • Opcode Fuzzy Hash: 2e7175f0edf95fd029dd24d5dcfa49fee7327f6e3820a09320c2aca260260ba7
                                    • Instruction Fuzzy Hash: 2A31E2B5D002499FDB10CF9AD880AEEBBF5BB48310F24842EE518A7311D774A944CFA4
                                    Function 09C83F21 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1544 9c83f21-9c83f76 1547 9c83f78-9c83f84 1544->1547 1548 9c83f86-9c83fc5 WriteProcessMemory 1544->1548 1547->1548 1550 9c83fce-9c83ffe 1548->1550 1551 9c83fc7-9c83fcd 1548->1551 1551->1550
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09C83FB8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 934160e9477b04247d410e5fffcaa6fe1aefee8f3aa58653bbb513efaa42f312
                                    • Instruction ID: 2ab50d977db245390d10b0fa08b9be9d5112b4928d41249063d2a40a3f4718ba
                                    • Opcode Fuzzy Hash: 934160e9477b04247d410e5fffcaa6fe1aefee8f3aa58653bbb513efaa42f312
                                    • Instruction Fuzzy Hash: 352124759003599FDB10DFA9D881BEEBBF5FF88320F10842AE918A7240D7789954CBA4
                                    Function 04C3FE50 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1555 4c3fe50-4c3fe9c 1556 4c3fea7-4c3feb6 1555->1556 1557 4c3fe9e-4c3fea4 1555->1557 1558 4c3febb-4c3fef4 DrawTextExW 1556->1558 1559 4c3feb8 1556->1559 1557->1556 1560 4c3fef6-4c3fefc 1558->1560 1561 4c3fefd-4c3ff1a 1558->1561 1559->1558 1560->1561
                                    APIs
                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 04C3FEE7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: DrawText
                                    • String ID:
                                    • API String ID: 2175133113-0
                                    • Opcode ID: 14dbc578dd5e52b42a2c2dbbbc13344e5075670516a06f1e67edbdc3e47ba095
                                    • Instruction ID: 1380fa3772aa3c4e8c88dc02343322fa3882972d503a4db93bd5af85f77ed344
                                    • Opcode Fuzzy Hash: 14dbc578dd5e52b42a2c2dbbbc13344e5075670516a06f1e67edbdc3e47ba095
                                    • Instruction Fuzzy Hash: D421CEB5D002499FDB10CF9AD880ADEFBF5FB48320F24842EE919A7211D775A944CFA5
                                    Function 09C83F28 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1564 9c83f28-9c83f76 1566 9c83f78-9c83f84 1564->1566 1567 9c83f86-9c83fc5 WriteProcessMemory 1564->1567 1566->1567 1569 9c83fce-9c83ffe 1567->1569 1570 9c83fc7-9c83fcd 1567->1570 1570->1569
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09C83FB8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 377d42ed920ba4dc265be968652c89677618aacb8778978da1674cc2a9c1d514
                                    • Instruction ID: 54dd0c12b93b6a322897aee67edad027bf3e1922aa8342755c84d697e57f4612
                                    • Opcode Fuzzy Hash: 377d42ed920ba4dc265be968652c89677618aacb8778978da1674cc2a9c1d514
                                    • Instruction Fuzzy Hash: 38212671D003599FDB10DFA9C881BEEBBF5FF88314F108429E918A7240D7789954CBA4
                                    Function 09C83D88 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 09C83E0E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID:
                                    • API String ID: 983334009-0
                                    • Opcode ID: c1363f763fb80bcc190a8ca1d909a38a71bdcee40c6a1ae0a00a2cef4bcca239
                                    • Instruction ID: 388bb24f572a27a54ed9045429b9a01453f5b1e044df1382e9be4f60a0014dfd
                                    • Opcode Fuzzy Hash: c1363f763fb80bcc190a8ca1d909a38a71bdcee40c6a1ae0a00a2cef4bcca239
                                    • Instruction Fuzzy Hash: 92214871D003498FEB10DFAAC4817EFBBF4EF88324F14842AD419A7240DB789944CBA5
                                    Function 09C84010 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09C84098
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: a53f9507d92fc466cf1768fcf330d70dd1dfae101f6a6e7325af654ad2fe19db
                                    • Instruction ID: df695270ef0fb021a5e6b787fa957e922e83263cccbdd7e704cf346d769b9ce2
                                    • Opcode Fuzzy Hash: a53f9507d92fc466cf1768fcf330d70dd1dfae101f6a6e7325af654ad2fe19db
                                    • Instruction Fuzzy Hash: 7C2125B1C003499FDB10DFA9C980AEEBBF5FF48310F14842AE558A7250C7789554CBA4
                                    Function 0252D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0252D656,?,?,?,?,?), ref: 0252D717
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: e441d15901bf3c50b081e7b501f6df1f07c94d5df41f1e736f189460e2631eb9
                                    • Instruction ID: e99b9f68bd588b8ce20803337c00b0ec384e31b18dc9734ad08398e2ed2a7b6b
                                    • Opcode Fuzzy Hash: e441d15901bf3c50b081e7b501f6df1f07c94d5df41f1e736f189460e2631eb9
                                    • Instruction Fuzzy Hash: 462103B5900258DFDB10CFAAD884ADEBBF4FB48310F14801AE918A7350D378A954CFA4
                                    Function 09C83D90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 09C83E0E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID:
                                    • API String ID: 983334009-0
                                    • Opcode ID: 7518879f07c69081b88d14791c9f17fa59695b60c2a06019bac035ddcdc0dd26
                                    • Instruction ID: 0a5414cac7813e4683431eba6cd25068bdbad6760588c8637171133dbf9b4299
                                    • Opcode Fuzzy Hash: 7518879f07c69081b88d14791c9f17fa59695b60c2a06019bac035ddcdc0dd26
                                    • Instruction Fuzzy Hash: 42213771D003498FEB10DFAAC4857AEBBF4EF88724F14842AD519A7240C7789944CFA4
                                    Function 09C84018 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09C84098
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: aa20c41195e7b98a3a9c5ef019adcc4f68594523cb48fa8bb66f2e561d2ed804
                                    • Instruction ID: 31f0d575dc5dd1f1c7248aec82f762517f22555a612d07754b285e63270f7981
                                    • Opcode Fuzzy Hash: aa20c41195e7b98a3a9c5ef019adcc4f68594523cb48fa8bb66f2e561d2ed804
                                    • Instruction Fuzzy Hash: 70212871C003599FDB10DFAAC881BEEBBF5FF48310F50842AE518A7250C7799540CBA4
                                    Function 0252D689 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0252D656,?,?,?,?,?), ref: 0252D717
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 00285ff0d0f58c4b2130bd1a2df0dad1536494842b087ba1262d909c81f993fe
                                    • Instruction ID: a8966c8dc961c7c7fe0050925becd669810b8debdb2448c6c73d982e54f1b50e
                                    • Opcode Fuzzy Hash: 00285ff0d0f58c4b2130bd1a2df0dad1536494842b087ba1262d909c81f993fe
                                    • Instruction Fuzzy Hash: 642112B5900259DFDB10CFAAD984ADEBBF4FB48324F14801AE918B7350D338A954CFA4
                                    Function 09C83E60 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09C83ED6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 60ebebad82369cc19d9efb1a0cdacd8ee778233234f96fe02a22cc39f0ff607f
                                    • Instruction ID: ff195a70eb224f919f2469e4cfd1f6b9891e0d3a62c48731d9967b9e388db245
                                    • Opcode Fuzzy Hash: 60ebebad82369cc19d9efb1a0cdacd8ee778233234f96fe02a22cc39f0ff607f
                                    • Instruction Fuzzy Hash: CD1186728002499FDB10DFAAD845BEFBBF5EF88320F208419E515A7250C7399540CFA0
                                    Function 0252A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0252B079,00000800,00000000,00000000), ref: 0252B28A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: bb7c49c89bdff19d57061cb32729984d61106da74f449b05daefc76457630a71
                                    • Instruction ID: 5f69449cfaf174a6d3a759df27a4cbd6e97db795dae2f7cb2fbeb827019a4dd7
                                    • Opcode Fuzzy Hash: bb7c49c89bdff19d57061cb32729984d61106da74f449b05daefc76457630a71
                                    • Instruction Fuzzy Hash: 841100B69043599FDB20CF9AD444BDEFBF4EB88314F10842AE519A7240C375A548CFA9
                                    Function 09C83E68 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09C83ED6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 0fbf70a8f7fe9e791741d12eb4ac7293a51a711c59f42a58a55e45f2ec311c51
                                    • Instruction ID: c1d0cd9ab3d191e01711d9e91b58f9eb8c2cd5876f8f9dd8e35ccae138681828
                                    • Opcode Fuzzy Hash: 0fbf70a8f7fe9e791741d12eb4ac7293a51a711c59f42a58a55e45f2ec311c51
                                    • Instruction Fuzzy Hash: 38116472C002499FDB10DFAAC845BEFBBF5EF88720F248419E519A7250C735A940CFA4
                                    Function 0252B218 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0252B079,00000800,00000000,00000000), ref: 0252B28A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: deb960f5f395a5284a7615edae6b60bae74b87af2f1e7e40598a560c6c8abbf3
                                    • Instruction ID: af660d518aa6b31eaa891fa398141366d1c0dd064f9c1e2fe638151a712c8dca
                                    • Opcode Fuzzy Hash: deb960f5f395a5284a7615edae6b60bae74b87af2f1e7e40598a560c6c8abbf3
                                    • Instruction Fuzzy Hash: 3B1142B6C003498FDB14CFAAC444BDEFBF4BB88314F14842AD459A7240C379A545CFA4
                                    Function 09C83CD8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: 1237dbdfad3b8c27cd79ec672e9767b6e9eb8d569e5a131f1fda39bf9e76d133
                                    • Instruction ID: 64d19d1ce419fe5c16af5abc08a188d27cafc57d84eb2c32fca05b6043e645e5
                                    • Opcode Fuzzy Hash: 1237dbdfad3b8c27cd79ec672e9767b6e9eb8d569e5a131f1fda39bf9e76d133
                                    • Instruction Fuzzy Hash: 47113771D002498BEB20DFAAD8457DFFBF4EB88624F24841AD519A7240CB35A944CBA5
                                    Function 09C83CE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: 87207cce7b68d2262907c6c8d897d5023016a9ffbaf25aac5fbec9c5a4117148
                                    • Instruction ID: 1ff344c43495f9cfe171009a2294ac0bd94b75bd12e38e595ae708ce1abea6a5
                                    • Opcode Fuzzy Hash: 87207cce7b68d2262907c6c8d897d5023016a9ffbaf25aac5fbec9c5a4117148
                                    • Instruction Fuzzy Hash: F3112871D003898FEB10DFAAD44579FFBF4AF88724F24841AD519A7240C775A544CBA4
                                    Function 09C86784 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 09C87735
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: fffdc818b4058af697e990aa8cdac9beb875216752621d27689a45c643255c11
                                    • Instruction ID: 97d05e740d563bdd10cafe3c25b7ba5bb9c8efdc9761b6108fa8321699f43509
                                    • Opcode Fuzzy Hash: fffdc818b4058af697e990aa8cdac9beb875216752621d27689a45c643255c11
                                    • Instruction Fuzzy Hash: A21133B5800349DFDB10DF9AD889BDFBBF8EB48324F208459E518A7600D375A954CFA5
                                    Function 0252AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0252AFFE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: d979261be1ad3fef0d66ea957a7af616117d266d7a243120fcf72767ddec5e30
                                    • Instruction ID: 601181583eb5d46fca4ebc51c3b89d432404fca6c6c94e37f52b7297d198af82
                                    • Opcode Fuzzy Hash: d979261be1ad3fef0d66ea957a7af616117d266d7a243120fcf72767ddec5e30
                                    • Instruction Fuzzy Hash: 0C1113B5C002498FDB10CF9AC444BDEFBF4BB88314F10841AD428A7650D379A545CFA5
                                    Function 09C876D1 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 09C87735
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: b92a6db0ec21cafbd9257d53211877ae0653f206a9202897367b41280da52ce6
                                    • Instruction ID: 4cbae7bd11a0daf07bb8bae18528de835d32e0633c27837785ef6c8f1f596499
                                    • Opcode Fuzzy Hash: b92a6db0ec21cafbd9257d53211877ae0653f206a9202897367b41280da52ce6
                                    • Instruction Fuzzy Hash: 1F1122B5800249DFDB10DF99D584BDFBFF8EB48324F24840AE558A7610C375A594CFA1
                                    Function 06D3EDD0 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r
                                    • API String ID: 0-1812594589
                                    • Opcode ID: 31dc2379c90c0832e35ba17596a405e023a6a8c0b4c98a8c81341a7ae953dbac
                                    • Instruction ID: cfe6b12d0aca5ea052d63955b5ca3004b7b2ec81208f24e0d376a6cbb1909828
                                    • Opcode Fuzzy Hash: 31dc2379c90c0832e35ba17596a405e023a6a8c0b4c98a8c81341a7ae953dbac
                                    • Instruction Fuzzy Hash: 0E512774D09228CFDB98CFAAD0445EDBBFABB8D301F10D06AE44AA7251CB309941CF90
                                    Function 04D1F488 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 49aa0e7b1a14436e62ac9f2ba55e523f5b17dab5889dbfa94a7aa21aa97fed09
                                    • Instruction ID: a805e107a949aee61417363b4b35ee71d91844cd5a606e7e7d80ed15b620a509
                                    • Opcode Fuzzy Hash: 49aa0e7b1a14436e62ac9f2ba55e523f5b17dab5889dbfa94a7aa21aa97fed09
                                    • Instruction Fuzzy Hash: 67511871A0020ADFDB14DF69E444A9EBBF1FF88315F14C22AE819A7264D734E991CF90
                                    Function 04D1DC09 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @
                                    • API String ID: 0-2766056989
                                    • Opcode ID: 0e1a74e79eb79a66f628e5a9e5eabcf2091c2aa084d5d90bfc2db9f5b6ca849e
                                    • Instruction ID: 7dc6e005093050f1dfbf068ab2e6d07fc72a16db820b2221e24901b94f799d92
                                    • Opcode Fuzzy Hash: 0e1a74e79eb79a66f628e5a9e5eabcf2091c2aa084d5d90bfc2db9f5b6ca849e
                                    • Instruction Fuzzy Hash: 9821E770B05351EFDF15AB74A48026E7BB3EF89205B0444BAD805DB362DB75DC46C3A1
                                    Function 04D17930 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: W
                                    • API String ID: 0-655174618
                                    • Opcode ID: 2cf4fab74b326ee8f1c5dd810756a1349a02485b4b3d33c28a85575157ba8475
                                    • Instruction ID: 963576dcc654312241967acf2c33b6eb3dfa83b74d04daaebecd5c18009503e2
                                    • Opcode Fuzzy Hash: 2cf4fab74b326ee8f1c5dd810756a1349a02485b4b3d33c28a85575157ba8475
                                    • Instruction Fuzzy Hash: B02183B1B00145AFDB11EF69D8009BFBBFAEFC4304F14855AE955E7265DA70EA01CBA0
                                    Function 04D17634 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: W
                                    • API String ID: 0-655174618
                                    • Opcode ID: 586c64484561e0feae069455fedfc92c4ddbf3ab25a1e134f9f1c1ec55fba4f1
                                    • Instruction ID: d4556b1f01f6b4fe45daa28407c90ab6da8dde2c8bb0f512fd58b9dbb738c7e8
                                    • Opcode Fuzzy Hash: 586c64484561e0feae069455fedfc92c4ddbf3ab25a1e134f9f1c1ec55fba4f1
                                    • Instruction Fuzzy Hash: E921F875F0021A9FDF05EFA9D8405EEBBB6FF88300B14056AD905F3261EB30A901CBA1
                                    Function 06D30B12 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0,q
                                    • API String ID: 0-385376986
                                    • Opcode ID: 6b2c9acf370583e18b45bf7537bb378724cfb98e13db5310431e09d38cf7ec43
                                    • Instruction ID: d916f7e93648d648750af616a3dd9c2f729021dc201b319a42dbfe78c9121448
                                    • Opcode Fuzzy Hash: 6b2c9acf370583e18b45bf7537bb378724cfb98e13db5310431e09d38cf7ec43
                                    • Instruction Fuzzy Hash: 43F0E2762006509BCB05E765DCA099EBB67AFC8322B04852EE5094B355CE34888B8694
                                    Function 06D30B20 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0,q
                                    • API String ID: 0-385376986
                                    • Opcode ID: 7a96c2ae7ac0a7e6333174533d5c8bd8ed1edcd0f0a237b2192ae882244fb7d9
                                    • Instruction ID: 83d9a99dabcd51091a2d38dd86518ef2052a3d78a4637c509f1f444c5e5324c1
                                    • Opcode Fuzzy Hash: 7a96c2ae7ac0a7e6333174533d5c8bd8ed1edcd0f0a237b2192ae882244fb7d9
                                    • Instruction Fuzzy Hash: E6F0EC3130051497C705E62ADC9089FFB6BEFC4321B00C51ED9094F354DE709C4785E4
                                    Function 06BE06C0 Relevance: .5, Instructions: 530COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c5e90fe1ad7addd665f78e7b63286d191589e2ac0a447e83bc6c91f46e4a6480
                                    • Instruction ID: 01fcacdfb431d3979048c58755b24dcfb41971cca2b622468d10bab9a86c951d
                                    • Opcode Fuzzy Hash: c5e90fe1ad7addd665f78e7b63286d191589e2ac0a447e83bc6c91f46e4a6480
                                    • Instruction Fuzzy Hash: 0F127D74B002158FEB68EF78C844BAA77B2FF89310F1495A9D4069B3A1DB75DC52CB90
                                    Function 06BEAB58 Relevance: .5, Instructions: 523COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: af68a7839df0675b4165312e5ac21d6431f824ae1508c87962f3adb66096f322
                                    • Instruction ID: 6e8124e7079a66178397344e02d66095f301ee4ec471046584d4096fd38b0bfd
                                    • Opcode Fuzzy Hash: af68a7839df0675b4165312e5ac21d6431f824ae1508c87962f3adb66096f322
                                    • Instruction Fuzzy Hash: C342EF70D10619CFCB55EFA8C8446ECBBB1FF49300F5182E9D5497B264EB30AA98CB81
                                    Function 04D10ED9 Relevance: .5, Instructions: 477COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ebcb5ddc69222d34c0925b2faa415f69e9caba044190f2bc4bfde0fb370bad7d
                                    • Instruction ID: 65053ccc46a3a3f87b66a050c3b25079c13a9676b1d70f6d9f7c780dcaa931cd
                                    • Opcode Fuzzy Hash: ebcb5ddc69222d34c0925b2faa415f69e9caba044190f2bc4bfde0fb370bad7d
                                    • Instruction Fuzzy Hash: 7B227FB0955B82DADB709F64B4843DDBEE0BB09300F205A5BC6FACE265C734A087CB45
                                    Function 04D10F28 Relevance: .5, Instructions: 454COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: acb9a17f7a2acfe166ee433a9a7c26f03615654f432ca7b0eadb49f94ce9be51
                                    • Instruction ID: 02df5e90744ac0ce6c721caf144fbac2f50234b7bf6b2f6f3c59a6932153b9e5
                                    • Opcode Fuzzy Hash: acb9a17f7a2acfe166ee433a9a7c26f03615654f432ca7b0eadb49f94ce9be51
                                    • Instruction Fuzzy Hash: A0125EB0955B82DADB749F64B4843DEBEE0BB09300F205A5BC6FACD265D734A087CB45
                                    Function 06D30B90 Relevance: .4, Instructions: 443COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e9e7346bc0bcb0dcb89c5b03afc7bf391cc0cf74be8b005cc85a2c04aca7e787
                                    • Instruction ID: 33bcb9734afe366983ed50dfac2583fc2d56e2d66524f07db7c5faad4ab74de5
                                    • Opcode Fuzzy Hash: e9e7346bc0bcb0dcb89c5b03afc7bf391cc0cf74be8b005cc85a2c04aca7e787
                                    • Instruction Fuzzy Hash: D4F19034F04229DFEB549B69D814BBEBBB6BB84700F148069E546EB389CE74CC41CB95
                                    Function 06D30B80 Relevance: .4, Instructions: 388COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93e2de16729517856ea72adc6fbd67d201abdd13f205af398b7c1a07dbbcb2a4
                                    • Instruction ID: a25026a35d8af03119d31deb46f3aba918382bd6de190d99ddf38354e1854360
                                    • Opcode Fuzzy Hash: 93e2de16729517856ea72adc6fbd67d201abdd13f205af398b7c1a07dbbcb2a4
                                    • Instruction Fuzzy Hash: E2E1B034F04229DFEB549B65D814BBDBBB6BB88700F148469E506EB388CE74CC41CB95
                                    Function 04D1066C Relevance: .4, Instructions: 361COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 06a612d42be9b2162fa7344e6b1986936d37c59fd2167415ad811818562dba10
                                    • Instruction ID: 225dbd56daedef4ab0a5d47ceef2c60d2623a7bd791dc933ebac9593d8904515
                                    • Opcode Fuzzy Hash: 06a612d42be9b2162fa7344e6b1986936d37c59fd2167415ad811818562dba10
                                    • Instruction Fuzzy Hash: 54F1BE70955B82DADB70DF64B4883EE7AF0BB05300F205A5BD9F9CE261D734A486CB45
                                    Function 06BE834C Relevance: .3, Instructions: 342COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 99f5a990c764e44c997b509d307a0be23cbbbee9c2fb54f7cca48eae2d5e7387
                                    • Instruction ID: 34d1111d7450b973c44649a6bf3010150c2140d4766b9b82eb6828d6840359f5
                                    • Opcode Fuzzy Hash: 99f5a990c764e44c997b509d307a0be23cbbbee9c2fb54f7cca48eae2d5e7387
                                    • Instruction Fuzzy Hash: 84B1AB71E04209CFDF65EFB9C8506AEBBB2FF88300F2041AAC509A7285DB319955CF91
                                    Function 06D328CA Relevance: .2, Instructions: 248COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e1a11efcc412857d4a4cf76853de65f39b158c30bb94783a4b77c4a19b80232
                                    • Instruction ID: 07f1241c6bd1a202da4666d551e7fef774be28e466df7c3ff53525d988983c7d
                                    • Opcode Fuzzy Hash: 1e1a11efcc412857d4a4cf76853de65f39b158c30bb94783a4b77c4a19b80232
                                    • Instruction Fuzzy Hash: 7591AF30E04268DFEB55CF94D855A6DB7B2FF80710F25855AE542AF299CB30DE41CB90
                                    Function 06BE0180 Relevance: .2, Instructions: 233COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 80f6c3d98908f1e1de97c735093376461a6ac6c25affde419401d36cda3e6687
                                    • Instruction ID: b33b3bfc4faf367cc3ffd3cc8f16a3d9815e7a31dc9588c1fafbe52a901b0b53
                                    • Opcode Fuzzy Hash: 80f6c3d98908f1e1de97c735093376461a6ac6c25affde419401d36cda3e6687
                                    • Instruction Fuzzy Hash: DF81B031B006018FDB55EF64C884BAEB7B2EF84314F1085AAD559CB2A1CF74ED86CB91
                                    Function 06BEA670 Relevance: .2, Instructions: 232COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7e16400c3670184b9cc0032b53ac136b692139ac840b00445141feb687f6d3e2
                                    • Instruction ID: a3323c61c98e03d57bd44b388bc2fde6dcde97ab1a0ee73d92dd1d9cec51f76a
                                    • Opcode Fuzzy Hash: 7e16400c3670184b9cc0032b53ac136b692139ac840b00445141feb687f6d3e2
                                    • Instruction Fuzzy Hash: 7F91D5B0E10219DFCB51EF68D8886EDBFB5FF45300F1184A9E455AB2A4EB30D965CB81
                                    Function 06BE5C68 Relevance: .2, Instructions: 221COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f61fa53bf63fbd898df65534caccb6e1ca912c82e9151fac0fc56df836e290b8
                                    • Instruction ID: 4ac2270d6a7f26c54e54ad82a28af7476efef9d67c6a6cd30ec49e410066976f
                                    • Opcode Fuzzy Hash: f61fa53bf63fbd898df65534caccb6e1ca912c82e9151fac0fc56df836e290b8
                                    • Instruction Fuzzy Hash: CBA13775A00209CFDB45DF68C584AADBBF2EF49314F258199D408AB366C732ED46CF90
                                    Function 04D15F48 Relevance: .2, Instructions: 219COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 12a1d4c8bf8301110906720ca0676ea3f59b0acc81645112ae3250cee769845b
                                    • Instruction ID: 9652efbac230879f245176c5aa1e77957700713b89b2cd12e8873c4fb76a97fa
                                    • Opcode Fuzzy Hash: 12a1d4c8bf8301110906720ca0676ea3f59b0acc81645112ae3250cee769845b
                                    • Instruction Fuzzy Hash: 9D81D2357106109FCB14EF28D5989697BF6FF89B04B1541AAE902CB3B6DB71EC45CB80
                                    Function 06D30E9C Relevance: .2, Instructions: 211COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c14b03b306b7d4653e11e9c400d81cb8f857f6385e82d283f5865ea406aba87f
                                    • Instruction ID: f24bdc56f8cf8b07fa0a9528a3588d9126c7c5c32a5dd00d188570a5362e3294
                                    • Opcode Fuzzy Hash: c14b03b306b7d4653e11e9c400d81cb8f857f6385e82d283f5865ea406aba87f
                                    • Instruction Fuzzy Hash: 5171AF34B14229DFEB648B65D815BBDBBB6EB88750F148069E502EB384CF74CC41CB95
                                    Function 06BEF130 Relevance: .2, Instructions: 211COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e8f34d38c9e019cdc21d6d50d69775cc93ba4fcb5338860dc4b53a287656184
                                    • Instruction ID: d0bfca9ea42beb11a36bd7446eccfa09f191e8205a3536e93f59fe37a596a84a
                                    • Opcode Fuzzy Hash: 0e8f34d38c9e019cdc21d6d50d69775cc93ba4fcb5338860dc4b53a287656184
                                    • Instruction Fuzzy Hash: 7591E4B5A0060A9FDB51CFA8D980AEEBBF6FF48310F1485A9E82997350D730E951CF50
                                    Function 04D17648 Relevance: .2, Instructions: 210COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82c9e0e73a7f116bcf094667f2022cc612f4689d5aa522d8e3d1910e65f16c5c
                                    • Instruction ID: 4b6f094774e78ff855940a4d7e3782125d6dc3dc58014d1871c875cce2c88c78
                                    • Opcode Fuzzy Hash: 82c9e0e73a7f116bcf094667f2022cc612f4689d5aa522d8e3d1910e65f16c5c
                                    • Instruction Fuzzy Hash: 90817D70E003599FDB08DFA9D4946EEBBF2FF88300F14816AE405AB364DB749905CBA1
                                    Function 06BE7470 Relevance: .2, Instructions: 210COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2bafc2fdc420105b6823e8cda28b90ac9ea4bdf3d058122c9a6a7b26cde84e75
                                    • Instruction ID: d73f31ccc43775515050616c241c8557532306f61cef3d86b87c42471f49b1f0
                                    • Opcode Fuzzy Hash: 2bafc2fdc420105b6823e8cda28b90ac9ea4bdf3d058122c9a6a7b26cde84e75
                                    • Instruction Fuzzy Hash: 36819571A10205DFDB04EFA4D8549ADBBB5FF89304F1085A9E502AB364EF71E945CF90
                                    Function 04D1D970 Relevance: .2, Instructions: 205COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13cfc9f49971ab9a9e13c30124a0c0bf8229f37461df6b016cbf691de9b8e77f
                                    • Instruction ID: 183d0d32e90fd602eaca9ae7ca4b1feb14ba375f406af01b5781f5c8fb31e9a3
                                    • Opcode Fuzzy Hash: 13cfc9f49971ab9a9e13c30124a0c0bf8229f37461df6b016cbf691de9b8e77f
                                    • Instruction Fuzzy Hash: 9D816031B002049FDB14EF64D494AAEB7F2FF89310F1584B9D44AAB661DB35BC81CB91
                                    Function 06BE1C70 Relevance: .2, Instructions: 202COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3a0b6984964d04352e6b48f7e666b6fc7a0392437a83956486f2d0f8435b10a9
                                    • Instruction ID: 7d2b19523a11a30acfd17810232b6749c12905e0452cf5bac638158819104f30
                                    • Opcode Fuzzy Hash: 3a0b6984964d04352e6b48f7e666b6fc7a0392437a83956486f2d0f8435b10a9
                                    • Instruction Fuzzy Hash: 5471AE75B105048FDB54DF68C890AAEBBF6FF89700F2484A9E8059B7A5DB35EC05CB90
                                    Function 04D159F8 Relevance: .2, Instructions: 199COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd97d92074d804591fc65af4b3501208e72adf1857905ef39472cd74d1de600c
                                    • Instruction ID: e45abc7bdf6f605d1b0143c5d5ab45e6aaa6eea7cbd82d8a3617ccf1c9209371
                                    • Opcode Fuzzy Hash: bd97d92074d804591fc65af4b3501208e72adf1857905ef39472cd74d1de600c
                                    • Instruction Fuzzy Hash: 46713C35B002189FDB14EFA4E594AAE77F2FF89314B244099D801AB3A1CB75EC41CF65
                                    Function 04D1A670 Relevance: .2, Instructions: 183COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 39c091a4fe8f56ecc140a4aea503e94cf2738a3ca3c79a7a791489540a3faee9
                                    • Instruction ID: b9c41460876217a3fa03739bed9932c9e071ccdc9170b0522747e37c5f503ca3
                                    • Opcode Fuzzy Hash: 39c091a4fe8f56ecc140a4aea503e94cf2738a3ca3c79a7a791489540a3faee9
                                    • Instruction Fuzzy Hash: 14714E34E016099FDB15DF79E8586ADBBB1FF88301F148569E806A7360EB34EE45CB90
                                    Function 06D30F45 Relevance: .2, Instructions: 183COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5e4efcd23019dd133df6b3685af2d8b02e793fbf15b8ca020b012a642cd255d2
                                    • Instruction ID: 5793dba5b07f4aba6861537bd1d5c773def1dee1989053ac563e3e49279ae680
                                    • Opcode Fuzzy Hash: 5e4efcd23019dd133df6b3685af2d8b02e793fbf15b8ca020b012a642cd255d2
                                    • Instruction Fuzzy Hash: 2261A034B10228DFEB648B75D815BADBBB7EB88750F148069E506AB388CF74CC41CB95
                                    Function 06D34E81 Relevance: .2, Instructions: 178COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2ec46dfc18b9118cbff4ab206ab90a7251864c73a204c1e5a9aae74e7bfbd2e
                                    • Instruction ID: b02eefb31d1a35eee6f76211226c9b1d6ce8a1fa55c5e146b92bb0f42af76392
                                    • Opcode Fuzzy Hash: e2ec46dfc18b9118cbff4ab206ab90a7251864c73a204c1e5a9aae74e7bfbd2e
                                    • Instruction Fuzzy Hash: 89716E35A04224CFDB44CF69D584A6AFBF2FF44315F15869AD0929B2A6C335EC81CBD0
                                    Function 06D34E90 Relevance: .2, Instructions: 170COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f479ddd41f368c7aec05f1ab3f121345de66a208c3c5e343ffabbbddd5d244e4
                                    • Instruction ID: 5e4ba7616e2aa716a8cb71d27c8f3fbf20867555b1bed068ec946c43f19c6fad
                                    • Opcode Fuzzy Hash: f479ddd41f368c7aec05f1ab3f121345de66a208c3c5e343ffabbbddd5d244e4
                                    • Instruction Fuzzy Hash: 01615D31A04224CFDB94CF6AD584A6AFBF2FF44315F158696D0929B2A6C735EC81CBD0
                                    Function 04D14D50 Relevance: .2, Instructions: 168COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e58730793268fb5e8e34c4b23fbebef0a5e0583332eef2d6484caf292cad5b49
                                    • Instruction ID: 41a9b09a833ff7a94966f7ff34e02ff78c8754994d2b322f0596df8f56147ed2
                                    • Opcode Fuzzy Hash: e58730793268fb5e8e34c4b23fbebef0a5e0583332eef2d6484caf292cad5b49
                                    • Instruction Fuzzy Hash: 17718D74A01218AFCB15DF69E984DAEBBB6FF49724F114099F901AB361DB31EC81CB50
                                    Function 06D39BBF Relevance: .2, Instructions: 166COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ddb57bb4c78a5e68c3640f990f9dbc1dbeaae4e3f1b6b18e5be8d5711ae3ab5
                                    • Instruction ID: 93089cb9a46bbcb794a71040e39b7490d59295ba2b98098849acb96215bc3195
                                    • Opcode Fuzzy Hash: 4ddb57bb4c78a5e68c3640f990f9dbc1dbeaae4e3f1b6b18e5be8d5711ae3ab5
                                    • Instruction Fuzzy Hash: 5051D130F00265DFEB54CBA4D851BBEBBB6BF84300F108126E651AF295E774D842CB91
                                    Function 04D1D200 Relevance: .2, Instructions: 162COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 33d6dd9c1c62558d5bfa3d67c6b40e8a94c2cccc96d2b9cb95b3280c2f4f583c
                                    • Instruction ID: e4a5ca4a2a2b8f8c0b083f0bdbeff1906a16d51f3105daea37221de51705a61c
                                    • Opcode Fuzzy Hash: 33d6dd9c1c62558d5bfa3d67c6b40e8a94c2cccc96d2b9cb95b3280c2f4f583c
                                    • Instruction Fuzzy Hash: 38618030A10709DFDB01EF64D454AAEF7B6FF85304F118559E51AAB260EB30BD86CB90
                                    Function 06BEDFA8 Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b74bb3f9368b7303aaf8c79c492f366601cf93c4a00ee28f63db3ce849476df6
                                    • Instruction ID: 47832adf3495a19c46a9309a1b0fdc02fda74fb5e846a62ce942658b2c16a352
                                    • Opcode Fuzzy Hash: b74bb3f9368b7303aaf8c79c492f366601cf93c4a00ee28f63db3ce849476df6
                                    • Instruction Fuzzy Hash: C0513A30350A05CFD7A4DB38D898BA677AAFF84715F5184A9E14ACB361CF71E886CB40
                                    Function 06D3771C Relevance: .2, Instructions: 157COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8e45ae8abb638fd31f1fb3fedfa1931a816afedf87b562aec7c16167c91295b1
                                    • Instruction ID: 6ff8179294f1bb3c573660c82d3c5a85b2288546d7f7456c7f7a97efee21b34a
                                    • Opcode Fuzzy Hash: 8e45ae8abb638fd31f1fb3fedfa1931a816afedf87b562aec7c16167c91295b1
                                    • Instruction Fuzzy Hash: 9F51C171D083889FDB01DFA8D844ADEBFF5EF4A310F1480AAE444E7252D7359905CBA1
                                    Function 04D16654 Relevance: .2, Instructions: 153COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c2e4907aedd1eae9140d0805107711eff39bd236d50c1ba7d34a59317a04fc6
                                    • Instruction ID: c506fd62bf217a21b9812af3ed0103ada904c40059006057f636ff8c0c0659c2
                                    • Opcode Fuzzy Hash: 3c2e4907aedd1eae9140d0805107711eff39bd236d50c1ba7d34a59317a04fc6
                                    • Instruction Fuzzy Hash: 0D516F75F002459FDB14DFA9D804AAFBBF5EF88300F14845AE955E3360EB74A905CBA1
                                    Function 06BEE3E7 Relevance: .2, Instructions: 153COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c555fb8cb01860a63dda2938509bcfe08372e9cc40865bd74bffce6b290e5ffe
                                    • Instruction ID: d31eeed0252cc5859c019fef2db0fc26e5c3feab1cd02b0c7d7818200bef3d58
                                    • Opcode Fuzzy Hash: c555fb8cb01860a63dda2938509bcfe08372e9cc40865bd74bffce6b290e5ffe
                                    • Instruction Fuzzy Hash: 0D513775E00249DFDB54DFA8D894ADDBBB2FF88300F148199D906AB250DB34E846CF60
                                    Function 06BEE3F8 Relevance: .2, Instructions: 152COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 14e1e001f280da501d9167e5b789449d1bf74c596e652134b1b82391c2453824
                                    • Instruction ID: a39c60dfdb17a46c11b2dc7f7c7446cbd1044b2c055f1ceabda1d7c644523ccd
                                    • Opcode Fuzzy Hash: 14e1e001f280da501d9167e5b789449d1bf74c596e652134b1b82391c2453824
                                    • Instruction Fuzzy Hash: A8514B75E10249CFDB54DFA8D884A9DBBF6EF88300F1481A9D905AB354DB34E845CF60
                                    Function 06BEF980 Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2fe81afbc24d20efd7c1f08b36973d339b516e3be903a35498ee26cd79fc77e3
                                    • Instruction ID: 73e2f4107eb57f062d46ee8f738f510f15983850104a4b9561a6078cff564d27
                                    • Opcode Fuzzy Hash: 2fe81afbc24d20efd7c1f08b36973d339b516e3be903a35498ee26cd79fc77e3
                                    • Instruction Fuzzy Hash: 1041CF71B047008BE769AB79942063A37ABEFC9244B1948AED946CF395DF24DC06C365
                                    Function 04D186A8 Relevance: .1, Instructions: 134COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 12f02666c37e390ad68c13cf5657a132abce746bddd36e024bb388058dd6bd8c
                                    • Instruction ID: 5cf0f5184b4b5bc2628ba544abd9b6c99a40ecb00db1c3c63db25192f4f5d641
                                    • Opcode Fuzzy Hash: 12f02666c37e390ad68c13cf5657a132abce746bddd36e024bb388058dd6bd8c
                                    • Instruction Fuzzy Hash: 5431C370E02318EFCB14EFA1F5545AEBBB2FF85310F108469E891673A5CB31A865CB90
                                    Function 06BECF30 Relevance: .1, Instructions: 134COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6d0f39792b9266af46499be8086fa728251655b2c6f038fa563c5371484139e
                                    • Instruction ID: c474dabbe28ded59793f9585b5c737cad34ca5ae2cda0aee76e27a0bda00da47
                                    • Opcode Fuzzy Hash: c6d0f39792b9266af46499be8086fa728251655b2c6f038fa563c5371484139e
                                    • Instruction Fuzzy Hash: 8F41D534E012099FDB19EFB4D4946AEBBB2EF89300F14496DE502EB291DF749C46CB91
                                    Function 06BE15B0 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f59475a1b473e52d4193311480447c5e2c29b790640005c21656f6df765e9db
                                    • Instruction ID: e2fbb32b938221d43d4c3d6b4a219fb187e584375d038db117c683a08f425d5b
                                    • Opcode Fuzzy Hash: 5f59475a1b473e52d4193311480447c5e2c29b790640005c21656f6df765e9db
                                    • Instruction Fuzzy Hash: 3A419C74700605CFD7149F6DD484A6AB7F6EF88315F2486ADD50A8B3A4DB71EC86CB80
                                    Function 06D3519F Relevance: .1, Instructions: 128COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f892fbd998e1f8ab68b441eb29b84b656e9a91f9ec83cc40e8a61ae3a875bea
                                    • Instruction ID: 03fa2ec6c47401444c35cc769bcc1b347848e0374ba28f7c58c9b78b8cdfabf5
                                    • Opcode Fuzzy Hash: 7f892fbd998e1f8ab68b441eb29b84b656e9a91f9ec83cc40e8a61ae3a875bea
                                    • Instruction Fuzzy Hash: 37518B30D04228DFFB95CF99E9807BDBBB2EF45301F148466E496AE282C7B5D940EB51
                                    Function 04D19F48 Relevance: .1, Instructions: 127COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ff45036d829ef0aa2a51ab9b4400175371c3c2bb87dbff371b2c3e20493805dc
                                    • Instruction ID: af6446d5af3a896113e2ed9004f0e66390ca6b45f2f2304b739fbbbe80fbf42f
                                    • Opcode Fuzzy Hash: ff45036d829ef0aa2a51ab9b4400175371c3c2bb87dbff371b2c3e20493805dc
                                    • Instruction Fuzzy Hash: 1D415870B14158AFDB14DFA9D894EADBBF6BF89704F1440A9E901EB3A5DB31E800CB50
                                    Function 06BE1DE8 Relevance: .1, Instructions: 127COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9111bdc1562b2b7b27fb8e229de1f6997d217a41479c71f749227728d10eb790
                                    • Instruction ID: e37b676f873ac5ad7dba6bff2cad904aa55c7f39f7d2557ab436d8c9dc0d9f76
                                    • Opcode Fuzzy Hash: 9111bdc1562b2b7b27fb8e229de1f6997d217a41479c71f749227728d10eb790
                                    • Instruction Fuzzy Hash: D941BD71B206018FD764DB6DC840A6AB7FAFF89710B6445A9E509C7BA4DB30DC01CB90
                                    Function 06D3DCB8 Relevance: .1, Instructions: 126COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1fd14eea545344f435c5797ae244488c59bd0c710236b7578c3243b248b29392
                                    • Instruction ID: 3ccff51cb986bd92850fb205f6b486aa8201ef81f3a44a243c32ee91d38d84ee
                                    • Opcode Fuzzy Hash: 1fd14eea545344f435c5797ae244488c59bd0c710236b7578c3243b248b29392
                                    • Instruction Fuzzy Hash: 7141D474E092188FEB48CFAAE4446FEBBF6EF89301F14D069D459A6251D7348941CFA4
                                    Function 04D16898 Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b3e6c8917899d8cf387fe4a855a3111365cc900d44b8b4c4e0a37e3d55e569c
                                    • Instruction ID: fa8cb7e0f2f81110bcdec444e51db2bfd10e68a6914924168bbb4a30db10d845
                                    • Opcode Fuzzy Hash: 3b3e6c8917899d8cf387fe4a855a3111365cc900d44b8b4c4e0a37e3d55e569c
                                    • Instruction Fuzzy Hash: F0418F31E00219DFEB14EF74D0543ED7AB2EB88718F145469D802BB3A4DB35E981CBA5
                                    Function 06BE9F40 Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 984b82f88693b484521c04bfc2d675ff25eaf1f990da37b8c94aa66833b551e6
                                    • Instruction ID: 0fdb32c9318e5414bfa061a88e772ff17fd9dc8e897596fb6d2febf75688332f
                                    • Opcode Fuzzy Hash: 984b82f88693b484521c04bfc2d675ff25eaf1f990da37b8c94aa66833b551e6
                                    • Instruction Fuzzy Hash: 0741D7F4E542169FDB82AF65C9846AA7BF9EB44300F1264A6E402E7295F735C910CAC0
                                    Function 06BEA930 Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64c714adb33c4c54ddd1372cc5138e7db6b80ca3cd774e9ddc4c0b8d19b5b676
                                    • Instruction ID: cb875f06d5fd71145b087fcb76eaf05ec9d7d6f4bafcf02bbfc2b23609815562
                                    • Opcode Fuzzy Hash: 64c714adb33c4c54ddd1372cc5138e7db6b80ca3cd774e9ddc4c0b8d19b5b676
                                    • Instruction Fuzzy Hash: 2D41EAF0E442169FDB82AF65C9446AA7BB9EF45300F1220E6E442F72D6E7358910CBD1
                                    Function 04D17D70 Relevance: .1, Instructions: 123COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1789dc4522f71685c685ef0544337f06b0f7ed0643c0e15e9cc59e131c86df76
                                    • Instruction ID: e4a191a353bc28703d2f9b90ec502a34b2f19324a70ddaa6f417604bff7e1cda
                                    • Opcode Fuzzy Hash: 1789dc4522f71685c685ef0544337f06b0f7ed0643c0e15e9cc59e131c86df76
                                    • Instruction Fuzzy Hash: 3B41E571B01109DFEB096FB5C4556AF3FB7FBC8340B1984AAE505AB3A5DE348C0687A4
                                    Function 06D3480A Relevance: .1, Instructions: 122COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b368a0b663c96faf3f359e6350076f66e4e91f619f887e0c632859e703b94043
                                    • Instruction ID: 6015bb080b9cb993e76a0e84b0e71286884f229cdedc9f0ad3de5d89389e36c1
                                    • Opcode Fuzzy Hash: b368a0b663c96faf3f359e6350076f66e4e91f619f887e0c632859e703b94043
                                    • Instruction Fuzzy Hash: 4441C2B591ABC08FC3279B3994601417FB0AF87301B0A99DFD4C5CF6A3CA389819CB52
                                    Function 06BE9478 Relevance: .1, Instructions: 121COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 683fe86142a2b57837fc505f53db261a4e0876582354e85d8d0984540f295cb9
                                    • Instruction ID: ce5a3a49ff6bf7903546bfed52eac187501f4bdc008d9f2f9a87625e0030c242
                                    • Opcode Fuzzy Hash: 683fe86142a2b57837fc505f53db261a4e0876582354e85d8d0984540f295cb9
                                    • Instruction Fuzzy Hash: 3F416971A002089FDB54EFA8D850AADBBF2EF89311F1485A9E511EB3A0DB71ED45CB50
                                    Function 04D14D4E Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fdcb0eb11cf3cdd832e50c501c0a885441fa792079b5a22932935983d991f7a3
                                    • Instruction ID: f62edd33767ce915a880dbc333d4b03c8b02696714dddd67d258e2b3363897ee
                                    • Opcode Fuzzy Hash: fdcb0eb11cf3cdd832e50c501c0a885441fa792079b5a22932935983d991f7a3
                                    • Instruction Fuzzy Hash: 99516F38A01214AFCB14DF68D494DAEBBB2FF89724B114499F902AB371DB31EC81CB50
                                    Function 06BE82FC Relevance: .1, Instructions: 119COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e67328cf5d41df1fc6941a775d1806ba2a594de6a21574038ed5cde5035beec2
                                    • Instruction ID: bebd9411204168b31fbae8775f9c5b69801ea70fb4c6674387df10d6eb510f21
                                    • Opcode Fuzzy Hash: e67328cf5d41df1fc6941a775d1806ba2a594de6a21574038ed5cde5035beec2
                                    • Instruction Fuzzy Hash: 92414B70E006089FDB54EF68D850AADBBF2EF89311F1485A9E511EB3A0DB71ED45CB90
                                    Function 04D1A248 Relevance: .1, Instructions: 118COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 62ea0e7a522cff9661fda92bca27dc7f3e067071ccb891ec8db1ae6acd47128c
                                    • Instruction ID: e97c07d724fe2e384d1347ece3156e92ad17fa2af86af59c41de75fdd13d9977
                                    • Opcode Fuzzy Hash: 62ea0e7a522cff9661fda92bca27dc7f3e067071ccb891ec8db1ae6acd47128c
                                    • Instruction Fuzzy Hash: 24410A34B012299FDB14EBA8D884BDDB7B1FF89714F114058D905AB3B1D735A805CFA0
                                    Function 06D312B8 Relevance: .1, Instructions: 117COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0ee115908f5afaef9c67a00481df2978347c2b59b6461ecf9b02b38620b82e0
                                    • Instruction ID: 700c22e4881866be516c878e8b299615ebb6dfd6b488f51b69f4dee7c2f6b3c7
                                    • Opcode Fuzzy Hash: d0ee115908f5afaef9c67a00481df2978347c2b59b6461ecf9b02b38620b82e0
                                    • Instruction Fuzzy Hash: 5C51D070E1025ACFCB50CF95D864A6EBBB6FF84304F25D459C0219B369DB35C945CBA1
                                    Function 04D18830 Relevance: .1, Instructions: 114COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44942a69da1e953e2c623b68496d91bf2da3deb0ec05a3b1570454d1e7110ca4
                                    • Instruction ID: 7f31710b2c77b136c7ed9a31e8e28cfe27d1eb827089196bab4d56f57f1da980
                                    • Opcode Fuzzy Hash: 44942a69da1e953e2c623b68496d91bf2da3deb0ec05a3b1570454d1e7110ca4
                                    • Instruction Fuzzy Hash: 2C314860B05244AFDB19EF76A41466E7FE6EBC6240F1444AFE845CB691DE30AC0587B2
                                    Function 04D10848 Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6b22ab782a26c156fb3f195ed49fa93048ba4b83046af3b8dfb2687e1090296
                                    • Instruction ID: 89659b05ec12134980f1cea290fca301d169d5ac38684979958d21293175d50a
                                    • Opcode Fuzzy Hash: c6b22ab782a26c156fb3f195ed49fa93048ba4b83046af3b8dfb2687e1090296
                                    • Instruction Fuzzy Hash: 3C312036700210ABE706BF68D85027F3AA7EB88301F048026E905DB2A1DF38DC8287E1
                                    Function 06BE9810 Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 958b816cbc1688c7ce70a253b24ad0acae72bab45748373f57d2af7c5d4700e4
                                    • Instruction ID: c782fc790b1ba9514f9046316016bef3c7b9633586486a84cb00aef234ced5f1
                                    • Opcode Fuzzy Hash: 958b816cbc1688c7ce70a253b24ad0acae72bab45748373f57d2af7c5d4700e4
                                    • Instruction Fuzzy Hash: 7F411271E05218DFEB21AFA5D9948ADBFB2FF84300F214198D4457B25ACB3189A1CF45
                                    Function 06BE7131 Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a3b6633902b94e2b4fb7ccfa0721b17f8a43d78178defb6fdf1723f90de79fda
                                    • Instruction ID: 5655f0ca489d47245f0726f573f02dc13b172e9250170fe2b58beecd4bb49df7
                                    • Opcode Fuzzy Hash: a3b6633902b94e2b4fb7ccfa0721b17f8a43d78178defb6fdf1723f90de79fda
                                    • Instruction Fuzzy Hash: AC415F31D20609DFCB00EFA8E8549DDBBB1FF59301F108169E945BB250EF30AA98CB91
                                    Function 04D16CF8 Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bfe1a248267da1d5b08099a8e575126d2467799a8c250fa9e3c6139177ae9699
                                    • Instruction ID: c9c5d25a567aed4ce8b3d1b057a5e6496fa4d8a51bf190a64cc1ee50eec9538a
                                    • Opcode Fuzzy Hash: bfe1a248267da1d5b08099a8e575126d2467799a8c250fa9e3c6139177ae9699
                                    • Instruction Fuzzy Hash: F331E534A00209EFDB05AFA5D46499EBBB6FFC9300F14855AE902AB354EF74AC44CF91
                                    Function 06BECF88 Relevance: .1, Instructions: 103COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1eea5a8607bbdf8020b31d0d38168e161bd4d82e3f6a73eaf5fb0f720a2c8b3a
                                    • Instruction ID: 6e28e77a1bd258bc10763388e0084954217eab13c5b44fbaf411b643e8e336aa
                                    • Opcode Fuzzy Hash: 1eea5a8607bbdf8020b31d0d38168e161bd4d82e3f6a73eaf5fb0f720a2c8b3a
                                    • Instruction Fuzzy Hash: 4241A730E002199FDB18DFA4D4947ADBBB6EF88300F548969E506EB390EFB49D46CB51
                                    Function 04D10B94 Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 60be2285d9720e55b5a160afc3ffefb3136aca566e7a6bade51970f69af77d08
                                    • Instruction ID: 066c4185cd3b9cf80ab568280d26aae47f6c806690e8d4e18202ed6170c60fae
                                    • Opcode Fuzzy Hash: 60be2285d9720e55b5a160afc3ffefb3136aca566e7a6bade51970f69af77d08
                                    • Instruction Fuzzy Hash: 1C41D2B1D01649DFEB21DFA9C5846CDBBB5FF48304F24802AD408BB251D775AA8ACF90
                                    Function 04D1A110 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ac774e078c496284d1b97962c2cb2144b31174378fa9c2a9345537b638d86a6
                                    • Instruction ID: d0ccbf508637de3a87699f7db0d4c8d6d51c86d65881d300e03cbde039527370
                                    • Opcode Fuzzy Hash: 7ac774e078c496284d1b97962c2cb2144b31174378fa9c2a9345537b638d86a6
                                    • Instruction Fuzzy Hash: 15314530B052409FD705EB78E8505AE7BF3FFC5200B1884AAC445DB3A1CE34EC468BA0
                                    Function 04D10654 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28dc38815b80e001339996ae71ec221d0c2cb971f25cd4d934d06884098551a4
                                    • Instruction ID: 430ae1076b18d50933b13aefcfe811715364f99848ae20db080590a63f580b2d
                                    • Opcode Fuzzy Hash: 28dc38815b80e001339996ae71ec221d0c2cb971f25cd4d934d06884098551a4
                                    • Instruction Fuzzy Hash: B741E2B1D01649DBDB21DF99C584ADDBBB5BF48304F24801AD408BB250D775A985CF90
                                    Function 06BE1C61 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2925bcf404a1c0fbf465fbc64df6119f7dad193781dfda9df6f98ee935bda32c
                                    • Instruction ID: 2d80cca9e9369224a979b4c717cb3879bde2a5e681e61504d3558d5ad6a61b9a
                                    • Opcode Fuzzy Hash: 2925bcf404a1c0fbf465fbc64df6119f7dad193781dfda9df6f98ee935bda32c
                                    • Instruction Fuzzy Hash: A1316D75A001099FDB05DFA4C994AEE7BF2EF89304F2480A9E905AB365DB35ED05CF90
                                    Function 06D3AB88 Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 797f7ce08c4a3b1e2d64f48e4bb2a171939e1e3b875ab4b3e4a5fab9b05bf9e0
                                    • Instruction ID: 75fe5f4371b21236228012d7055216d5fec0aca6cc0d601b20d73141e227760e
                                    • Opcode Fuzzy Hash: 797f7ce08c4a3b1e2d64f48e4bb2a171939e1e3b875ab4b3e4a5fab9b05bf9e0
                                    • Instruction Fuzzy Hash: B7312734F05268DFD7608F59C845B2ABBB2BB46745F28807AE5858F396CA72C841CB91
                                    Function 06BECE20 Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a6d87055c17ac5ae5f9537b32291da58e773aeedb25dccc1b2aa62a961afba64
                                    • Instruction ID: 1ed07cda1b284f93ce4f99797035fca873c76e1207a88838eb95fab9960ae23a
                                    • Opcode Fuzzy Hash: a6d87055c17ac5ae5f9537b32291da58e773aeedb25dccc1b2aa62a961afba64
                                    • Instruction Fuzzy Hash: D4316B357006408FD744EB3AD894A6ABFE6BF8971071584EDE14ACB366DB34EC05CB60
                                    Function 04D16648 Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 810c0435b0f9a6d7945b3e788f2a7e0a89f6084d0905a05a0599adbc9e617edd
                                    • Instruction ID: eca77b4c3c18db06286cd9ee95a33f0898416491eec39976f151a3e2998d95cb
                                    • Opcode Fuzzy Hash: 810c0435b0f9a6d7945b3e788f2a7e0a89f6084d0905a05a0599adbc9e617edd
                                    • Instruction Fuzzy Hash: 1141A2B0D10359DFDB14CF9AD884A9EFBB5BF88710F24812AE418BB264D7746845CF91
                                    Function 06BEDAF0 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2d1f3cfe947e0be0c5a62fc77bdfdef676a5d32efad22437080831064dc13d76
                                    • Instruction ID: 331aea6bb4d670cbd87caf51350471f7f6b4b44d24bf764162862af178ea0b78
                                    • Opcode Fuzzy Hash: 2d1f3cfe947e0be0c5a62fc77bdfdef676a5d32efad22437080831064dc13d76
                                    • Instruction Fuzzy Hash: BB316AB4F00A019B9B64DF7A889097BFBF6EFC8200704CA29D51997340EB70ED018BA1
                                    Function 06BED3D0 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5ee212034b743e7cdf9541152fbbcca4392325920d7d3b9823c7fd8b2e372f0d
                                    • Instruction ID: 231636ae7d54cfb47885eb842bfc9f9aeb7b9128685a593b39ce53625558bd3f
                                    • Opcode Fuzzy Hash: 5ee212034b743e7cdf9541152fbbcca4392325920d7d3b9823c7fd8b2e372f0d
                                    • Instruction Fuzzy Hash: 2E4126B1D01248DFEB54DFA9D444BDEBBF5EF88310F20806AE419A7290C7756845CF90
                                    Function 04D12708 Relevance: .1, Instructions: 93COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c5bccc66dcf5dc5e32ac9eb54477ca80cd6631efbf600901d742eb5d500c4e34
                                    • Instruction ID: 9d9adad5b0f29ea0f35c151bb3723718dab3d7f8f2d68d9ff7af782c73b1ae4f
                                    • Opcode Fuzzy Hash: c5bccc66dcf5dc5e32ac9eb54477ca80cd6631efbf600901d742eb5d500c4e34
                                    • Instruction Fuzzy Hash: 3131D631B05510ABD715AF25A01162F77A7BFC8700B1881AAD815A7794CF35BC42C7E1
                                    Function 06D34D08 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e3ac9cf824bc65ce451fc6439aaa54048ad539b144b691488e1ab8804876482c
                                    • Instruction ID: c7975084027339193335c3cc44a1ec181cff55666985286e4825e9f8f8b6b2c5
                                    • Opcode Fuzzy Hash: e3ac9cf824bc65ce451fc6439aaa54048ad539b144b691488e1ab8804876482c
                                    • Instruction Fuzzy Hash: CA214331A083349FE7649B69B84037A7BF2FBC4351F04486BE589CB284DF799C0187A1
                                    Function 06D33D08 Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8812a3ecd2d408124b3f4c5cc759f6ce97830b229348df032b1314d6d3b7c294
                                    • Instruction ID: eedcae0df792c93b5fd9c309da5e55f7926f0396afaff007342d21cbbac9f3c4
                                    • Opcode Fuzzy Hash: 8812a3ecd2d408124b3f4c5cc759f6ce97830b229348df032b1314d6d3b7c294
                                    • Instruction Fuzzy Hash: 7631E730E043A9CFD7949FA9DA4027ABBF5FB85240F068A67D195DB241D774C940CBD1
                                    Function 04D15F21 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 627b7d0761551ba050aa05f7ae985856483b8da829ac5cda936c6670cd4210b6
                                    • Instruction ID: 992f7b73001e7669a8d7d4afc126d79fac7db8c9b3924732469cf422742ff32e
                                    • Opcode Fuzzy Hash: 627b7d0761551ba050aa05f7ae985856483b8da829ac5cda936c6670cd4210b6
                                    • Instruction Fuzzy Hash: 29318E357006508FCB05DB28E8A88AD7BF2EF8A70431540EAE502CB3B2DA75EC46CB50
                                    Function 06D373A0 Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 562a4b0178ebac08a361e18104e1a749c74814020fb61c2c6284b42744fc622a
                                    • Instruction ID: 2f95f80fdd1d4eb561a064ce2db291c24226ec39a2e8c0633a2f2b12e11280c4
                                    • Opcode Fuzzy Hash: 562a4b0178ebac08a361e18104e1a749c74814020fb61c2c6284b42744fc622a
                                    • Instruction Fuzzy Hash: E821ABB0B016158FCB46EF7998589BF7BB6EBC5210715892AE41AD7340EF349D018771
                                    Function 06BE2ACC Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8125d11bbf691b36decd7ea98f32d1d8f5764c10320cb10b9ea0f610e4f3827d
                                    • Instruction ID: 6b2e3749b4012a81491af5c62060aad5f30bb1381b22e6f93942d86e667cf0b7
                                    • Opcode Fuzzy Hash: 8125d11bbf691b36decd7ea98f32d1d8f5764c10320cb10b9ea0f610e4f3827d
                                    • Instruction Fuzzy Hash: 51311A75E20619DFDB04DF68D894DACB7F5FF88700B1141A9E916AB361D730E840CB50
                                    Function 04D1682C Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cec17a95dff95ebad78d562f229298d765fa08d4adaa29202ac86650f3c2361a
                                    • Instruction ID: 008d3c4238087bf7c123ba331ac1d659c4ffc359d85cbda3c7cbce8beafce88c
                                    • Opcode Fuzzy Hash: cec17a95dff95ebad78d562f229298d765fa08d4adaa29202ac86650f3c2361a
                                    • Instruction Fuzzy Hash: 3D316BB1E003089FDB10DFA9D4846DEFBF5EB88310F14846AE948E3350D774A945CBA5
                                    Function 06D32327 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 38e5c02716f92ae0be90e18da0fb1ef4537dd110cc9a92927c134bf60656444a
                                    • Instruction ID: 49569c0d5f16683287c7b87189fe12636ddc11679f23b99aaffe643914ef85b0
                                    • Opcode Fuzzy Hash: 38e5c02716f92ae0be90e18da0fb1ef4537dd110cc9a92927c134bf60656444a
                                    • Instruction Fuzzy Hash: C021E85241D7E15EE703BB3898713D63F609F93254F0A44DBC1C48A1B3E918888AE7AA
                                    Function 06D3AB78 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed9f0adbfc608061273c2f4fed950a8f551aa4a2dae54298df801519ab742989
                                    • Instruction ID: 6d4aaf9ed02f7b8b750a9bad16fcb6081a8a5875593160069c98863db64d1895
                                    • Opcode Fuzzy Hash: ed9f0adbfc608061273c2f4fed950a8f551aa4a2dae54298df801519ab742989
                                    • Instruction Fuzzy Hash: 25312430F05364CFD7608F54C885B69BBB2EB42345F6981AAE4868F396C772C801CB91
                                    Function 06BE2868 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0d2e51bfde8d729ae925fd0a07351f26e2cd02c37b6a54bf61b83269ba2d176
                                    • Instruction ID: 63dff15684e80d9b0d3c8470dfb22f522ef8e507632a5781007de5bdb4d9589e
                                    • Opcode Fuzzy Hash: b0d2e51bfde8d729ae925fd0a07351f26e2cd02c37b6a54bf61b83269ba2d176
                                    • Instruction Fuzzy Hash: DE219D7AB102118FDB58EB29D41496E37EAEFC962471550FAD909CB361EF31ED01CBA0
                                    Function 06BE0170 Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 86dcf494f9afc1eb2322a211ec1247801bca2a0f377e6936b61a3c3ed459b83e
                                    • Instruction ID: 9acae0f2e5332eaec7607d16eb9341fd80b75f8dcfd7a5c1e90c698824d5a54c
                                    • Opcode Fuzzy Hash: 86dcf494f9afc1eb2322a211ec1247801bca2a0f377e6936b61a3c3ed459b83e
                                    • Instruction Fuzzy Hash: 8F3169716006018FDB64EB64D884B59B3F2FF89314F14D5A9E4498B265DBB0EC86CB90
                                    Function 06D37370 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ca09e97b1a91224b20872ed575e6833b4d4949ad1c2f9a24e8e8410eddc5711
                                    • Instruction ID: 7ca6dad7c2b9145ea6fcac7457ff717efe81edca2c46825b07538c138532f38d
                                    • Opcode Fuzzy Hash: 4ca09e97b1a91224b20872ed575e6833b4d4949ad1c2f9a24e8e8410eddc5711
                                    • Instruction Fuzzy Hash: D3213170A047A64FC746EB788C508BF7FB6EFC6220314896AD069CB242DA3098098771
                                    Function 06D3A064 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 94275f54a643123eac93a469511057f05824192f134f3bfa09c3d66a80f27062
                                    • Instruction ID: db3379051be023442f0517cd00d5113b9112103c9bee5ec4db4d223b4a0272e8
                                    • Opcode Fuzzy Hash: 94275f54a643123eac93a469511057f05824192f134f3bfa09c3d66a80f27062
                                    • Instruction Fuzzy Hash: 7931CD31E09535CED7888B7AC8102B9F7B2BB85311F0CC267F0E68A2C5D379C591DA91
                                    Function 06D3ACE8 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b1a87bb08fa3a64c0b74fe654175e6eb7425f8abce7067c25e1f37cc891e5fce
                                    • Instruction ID: 78ca7d76c8fe3c801314b2a9826852128b597222797fdf37c8e84acffbe873b6
                                    • Opcode Fuzzy Hash: b1a87bb08fa3a64c0b74fe654175e6eb7425f8abce7067c25e1f37cc891e5fce
                                    • Instruction Fuzzy Hash: 8831B130B04634CFD790CB69E8406BAB7F1FBC4212F58812AE9E6DB295EB74D941CB51
                                    Function 06BEBE62 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 388f1fe543c5401553108104d0eac2e130350f165031445096e118d5dd61d2b2
                                    • Instruction ID: 926ce519716c1528a6daaebc4959008fd77a55b1062ef9e3d7ea240df4d79cc6
                                    • Opcode Fuzzy Hash: 388f1fe543c5401553108104d0eac2e130350f165031445096e118d5dd61d2b2
                                    • Instruction Fuzzy Hash: 282179317146819FDB56933898946BE3FE5DF86210B0800EBE246CB3A2CF148C07C7A0
                                    Function 06BE7460 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d2a268bb97d4e3dd58403edb8a6ee77e56b369230f756848071b82387179e4a6
                                    • Instruction ID: 677fde4c2686e9f9aa160bbf4daf8ebf0caf1dec80b31cac4954362e1f5e6e9a
                                    • Opcode Fuzzy Hash: d2a268bb97d4e3dd58403edb8a6ee77e56b369230f756848071b82387179e4a6
                                    • Instruction Fuzzy Hash: 9F31F574A10209DFDB14EF64C854AEDBBB2FF89300F048569E502AB364EF719989CF90
                                    Function 04D1CC38 Relevance: .1, Instructions: 83COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 47c98be4236f6bb5853dc3a0c6e9ca03145171f9dd4f932ada7ae8922fa9bc34
                                    • Instruction ID: 8662094bf1475be70dc6e7235ac91a370ffc283d00a6d690289fb869345834ed
                                    • Opcode Fuzzy Hash: 47c98be4236f6bb5853dc3a0c6e9ca03145171f9dd4f932ada7ae8922fa9bc34
                                    • Instruction Fuzzy Hash: E1312975760B41ABD735CF38E481756B7F2FB45A40F140E2AE8A6CB621D770F8058B91
                                    Function 06D33A76 Relevance: .1, Instructions: 83COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a858d71ac68e9e9a6b290cd1fe79dabfe377a5b1734036730f538e391d3ef5a
                                    • Instruction ID: 8d0c6fb02f8da2ba173d13ff6fbc6bc68af2304cbea8305e4cb12694d7c54863
                                    • Opcode Fuzzy Hash: 0a858d71ac68e9e9a6b290cd1fe79dabfe377a5b1734036730f538e391d3ef5a
                                    • Instruction Fuzzy Hash: 5B31AE30A149A5CFDB54CF68CA80ABEF3F1FB44341F468166E4A6CB295E334D980CB55
                                    Function 06BE9F50 Relevance: .1, Instructions: 83COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 79f85d080ed86cb938e0439efa2904401f5376abbb91414bdf43abe097c80876
                                    • Instruction ID: 776e4b025d0f3570219a6ffef5cb8c72ba7ef4c6018c8b29e23902cdf54ff5c7
                                    • Opcode Fuzzy Hash: 79f85d080ed86cb938e0439efa2904401f5376abbb91414bdf43abe097c80876
                                    • Instruction Fuzzy Hash: 99217C71B101168FD750EF79C9889AAB7F9FF89700B1541AAE505DB321EB30E904CBA1
                                    Function 06BEEC82 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8fd36863085072b707a750f56af7f4255bf964d2fe40d3ba955caaacdced59f6
                                    • Instruction ID: 0c5000cf37dbea7f449ee367718f321653a4e6d19dd7b05a5d5bb66b6d987a51
                                    • Opcode Fuzzy Hash: 8fd36863085072b707a750f56af7f4255bf964d2fe40d3ba955caaacdced59f6
                                    • Instruction Fuzzy Hash: AF21F57BB106144FEB248E25C88167EB7E7EBC4324F2884A9D147D3794C734E942C761
                                    Function 06BED3C4 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d2634f264fa0e2d0aed02be0aef3e5ca047710f4a354f39d8a5355b047716069
                                    • Instruction ID: a5606102dfc6ad8f36020fc9006c26b44909da30056b23802671b2f597da471e
                                    • Opcode Fuzzy Hash: d2634f264fa0e2d0aed02be0aef3e5ca047710f4a354f39d8a5355b047716069
                                    • Instruction Fuzzy Hash: 013115B1D012489FEB54DFA9D584BDEBBF5EF88700F24806AE019AB290C7755849CF54
                                    Function 06BE832C Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f214c1d4604ecf240a2fce0231fbac5e37385a382a6b33fb0a2a3cddfab9df86
                                    • Instruction ID: cebfec22acff85698d66b446d4a0a9ecb079a6f481c1c97fc51ba11a004d27b9
                                    • Opcode Fuzzy Hash: f214c1d4604ecf240a2fce0231fbac5e37385a382a6b33fb0a2a3cddfab9df86
                                    • Instruction Fuzzy Hash: 8721D0B0E14216DFDBA57F75C8841AABBB0EF41300F6049AAC446A7285FB31D96CCAD1
                                    Function 06BEB879 Relevance: .1, Instructions: 80COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: de26982973cbc4cd4d328248f84395f4975eca5a5596c555416e5a57c5087c85
                                    • Instruction ID: 597fb8cb20c0aa481c880a1f8eaf0d8aa8abb0379ef207fc4035bd0b4ec225cb
                                    • Opcode Fuzzy Hash: de26982973cbc4cd4d328248f84395f4975eca5a5596c555416e5a57c5087c85
                                    • Instruction Fuzzy Hash: FA219F71B105158FC750EF79C9489AABBFAFF89300B1541AAE905DB371EB30D904CBA1
                                    Function 04D17F70 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ddda4080b7b821bd4dad510ee0c367bd3a9401b5414e8307adbadb59cf4f9076
                                    • Instruction ID: 27f46cae7259d9245acf5f541263cf4b77e75b3d436ba025d49e64a2019a917d
                                    • Opcode Fuzzy Hash: ddda4080b7b821bd4dad510ee0c367bd3a9401b5414e8307adbadb59cf4f9076
                                    • Instruction Fuzzy Hash: CE317C75A10248EFDF04DFA4E884ADDBBF1FF48300F1480AAE505AB261DB75E945DB60
                                    Function 06D33CF8 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d09e5a667f069b332611714a54c981bda035acef2c8d6db0fe58b83f092e0d67
                                    • Instruction ID: 22863e4503b946ff8ecb268b4c7e801dd9eefc3d0c8599af4fea72219c4e2b20
                                    • Opcode Fuzzy Hash: d09e5a667f069b332611714a54c981bda035acef2c8d6db0fe58b83f092e0d67
                                    • Instruction Fuzzy Hash: 9321D331E042A9CFD7808FA9EA403BABBB5FB84240F068A66D155DB245D374C940CBD1
                                    Function 06BEEC90 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7fc637f28d809d5d52e06eec7616678ad2766247dfc82d9bf4162b4a0fa7321b
                                    • Instruction ID: ebe01e249c824cbec25d23559e8a900b6349012cd29a3bdcc1ee961d59dff736
                                    • Opcode Fuzzy Hash: 7fc637f28d809d5d52e06eec7616678ad2766247dfc82d9bf4162b4a0fa7321b
                                    • Instruction Fuzzy Hash: 0421D17AB106104FEB248A25C88167EB7EAEBC4224F2884A9D147D3794C734E981CB61
                                    Function 04D1A517 Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9542eade1a976674d1e5bb790b33b08f94ad89f851f60f088ae0c8f5fbd4098a
                                    • Instruction ID: 454c0297d6087f5807928c25a6c4eec7e15a59cfbbb0aebdefdb16e384850ddf
                                    • Opcode Fuzzy Hash: 9542eade1a976674d1e5bb790b33b08f94ad89f851f60f088ae0c8f5fbd4098a
                                    • Instruction Fuzzy Hash: 3B214A303052019FE715DB29E458A2A77F6FF85715B2480AEE906CB3B1EB72EC46CB50
                                    Function 04D10838 Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 25d4f1253aa44c6485f7e21de49c5ce906f55327e78f16cb3ce0e604dc347e33
                                    • Instruction ID: 559f2fa83934f8b62db8bf945c874f6f85f5acb823f79b1eec90850f6a8c9836
                                    • Opcode Fuzzy Hash: 25d4f1253aa44c6485f7e21de49c5ce906f55327e78f16cb3ce0e604dc347e33
                                    • Instruction Fuzzy Hash: 5A214836600520ABE702BF68E44067FBBA7FB89311F048415ED05E76A1DB34DC82C7E1
                                    Function 06D38DD2 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72d44990d79ff3916c6f18e9d05ae0cadf39ddd7b814fdc8d62984d2aeee31f2
                                    • Instruction ID: 6df9b2d4c1206290139c4bce6051365b818a245cae74d951d7c60bfac1edfb42
                                    • Opcode Fuzzy Hash: 72d44990d79ff3916c6f18e9d05ae0cadf39ddd7b814fdc8d62984d2aeee31f2
                                    • Instruction Fuzzy Hash: D3213671A0D3C46FDB479764CC508EA7FB5CF03110B1940EBE484CB1A3D6215D06E765
                                    Function 06D37A34 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 17d380131a4d6ba9bbf53309fd02204bd397079a448afe3fd73191a355727bf2
                                    • Instruction ID: 1230e7ed704abe1b8564e5d2fdfb85cddd19875ee02704240e8a0010e96ebb0d
                                    • Opcode Fuzzy Hash: 17d380131a4d6ba9bbf53309fd02204bd397079a448afe3fd73191a355727bf2
                                    • Instruction Fuzzy Hash: 4631F2B4D01228DFDB60CFA9D984BDEBBF5EB48314F24846AE418BB250C3759945CFA4
                                    Function 04D1D0C7 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f19f2d627e028c561df8e9b17af7f5df7f390495805ea0c4a440dd51065d8513
                                    • Instruction ID: 210067fd0ea06219cd11d1386c60b7e27ea1694febf92abd3b7e7ae2fe8d7ea7
                                    • Opcode Fuzzy Hash: f19f2d627e028c561df8e9b17af7f5df7f390495805ea0c4a440dd51065d8513
                                    • Instruction Fuzzy Hash: E231E9302097C28FE7229B38D8507967FA2AF43304F04899ED5D98F2E3D7B5640AC792
                                    Function 04D1D1F1 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 53f2a85a7d7d5fda7f4b699c91c553edd33a7adbd9d8c4f77201c76837d83d38
                                    • Instruction ID: 8f08b3e4821b5296fae5acbe16f48cad26d896bf8723e76af053a457bb5ff2ed
                                    • Opcode Fuzzy Hash: 53f2a85a7d7d5fda7f4b699c91c553edd33a7adbd9d8c4f77201c76837d83d38
                                    • Instruction Fuzzy Hash: E631AD30E10719AFDB01DB68D4549AEFBB5FF85304F01815AE916AB260EB30BD49CB90
                                    Function 04D1CC48 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8712a5adfb725f024495ab8d0dc45b29d99b9d4ef4891ecfce316d76fdc3028
                                    • Instruction ID: 414f59f7b3985469463f6977b8d5f4c106c8719891b07d38c51809d22d2fff71
                                    • Opcode Fuzzy Hash: c8712a5adfb725f024495ab8d0dc45b29d99b9d4ef4891ecfce316d76fdc3028
                                    • Instruction Fuzzy Hash: 5B21B571760B41ABD734CF38E482716B7E2FB45650F140E29E8AACB620D770F8158B91
                                    Function 06BEDAE2 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b7f4cb5c92fbc603719e4f50ef43cfa5e77469ce5b26e0c7e4328982f6aa2906
                                    • Instruction ID: 3b1c13a55fb7f3a811d9e0f12395255b7c167ea2a2b96895cadcdcb8bbe0c1b0
                                    • Opcode Fuzzy Hash: b7f4cb5c92fbc603719e4f50ef43cfa5e77469ce5b26e0c7e4328982f6aa2906
                                    • Instruction Fuzzy Hash: 9C213AB5F00A059B9764DF7A888096BFBFAEFC8610714C929D519D7300EB30AD158BA1
                                    Function 06BEC2D0 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 946bcf001bd8d411451061923303de77f8f453e4ed645e75f81667a72204c72e
                                    • Instruction ID: 0c698b38f665c9910f62d07efe1363dfd07e7f2f3e22a18db6e19a4fcdb68c48
                                    • Opcode Fuzzy Hash: 946bcf001bd8d411451061923303de77f8f453e4ed645e75f81667a72204c72e
                                    • Instruction Fuzzy Hash: D1218E75E006198FCB50EB78C4546AEBBF0EF88310F0041AAD819E7350EB309941CB91
                                    Function 0243D4C4 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095467476.000000000243D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0243D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_243d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 49c754e2b3ce561846622084d53629e9569be542a9b027d4964487b3b8009d74
                                    • Instruction ID: 9a777e79d8182184dd72adb732af8075ab8cbcfa9e99d1391ad2ae3174dfd0a8
                                    • Opcode Fuzzy Hash: 49c754e2b3ce561846622084d53629e9569be542a9b027d4964487b3b8009d74
                                    • Instruction Fuzzy Hash: DC21D372904244EFDB06DF14D9C0B27BF65FB88328F24C56AE9090B256C336D456CAA1
                                    Function 0243D3D8 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095467476.000000000243D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0243D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_243d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 600ef91b331614c89bb9f5385570e77fc6cb652709d415378ebf8a0a99eb8313
                                    • Instruction ID: b43b279c6bc923257014048c53b6d9abed512e6078e17ace8997f2219938e048
                                    • Opcode Fuzzy Hash: 600ef91b331614c89bb9f5385570e77fc6cb652709d415378ebf8a0a99eb8313
                                    • Instruction Fuzzy Hash: 7221F571904204DFDB0ADF14D9C0B17BB65FB98324F24C56EE90A4B356C336E496CBA1
                                    Function 04D1D43A Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1ef95d4168c9f2f7cb9114896aae9d1a0caf173c7eb93b024901558cf9892cea
                                    • Instruction ID: 5da5e38341d149a0b6d888fa243ff49ba3570fd3eb08e6e9d025ce0352f49c81
                                    • Opcode Fuzzy Hash: 1ef95d4168c9f2f7cb9114896aae9d1a0caf173c7eb93b024901558cf9892cea
                                    • Instruction Fuzzy Hash: 91212435E04245EBDB15AF64E8147EEBBB6EF89311F14803AD84277254DB34B984CFA0
                                    Function 06BED50C Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d9191a724bb3e6c79bcfe0b95a04badff6bc3a475d7ef2d6987beecd4186fbc7
                                    • Instruction ID: c618d3c47da6906cf7aa49684c2df06a6985b46f69d1bb7bdbac05d16e24ad93
                                    • Opcode Fuzzy Hash: d9191a724bb3e6c79bcfe0b95a04badff6bc3a475d7ef2d6987beecd4186fbc7
                                    • Instruction Fuzzy Hash: FA2171B0D00209DEEB55CF99C4487EEBAF1EF88314F2495AAE418AB290C7B49944CB94
                                    Function 0244D1D4 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095522857.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_244d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e61b75d01801e467ff7e081c3b595053599fac66bbb8c0bfa9154ea36bb60099
                                    • Instruction ID: 2fae7f7f28b61d9cf13e17ccc1708144cefadcd58f28bd3d80d7403d6dd48729
                                    • Opcode Fuzzy Hash: e61b75d01801e467ff7e081c3b595053599fac66bbb8c0bfa9154ea36bb60099
                                    • Instruction Fuzzy Hash: D421D471A04204EFEB05DF14D9C4B26BBA5FB88314F24C66EED094F392CB76D446CA61
                                    Function 0244D01C Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095522857.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_244d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 59d455a9cfa385e3f35295e1c1cbee3d330ef196885c3dd8d062d21f8b0180bd
                                    • Instruction ID: f4b47b2f4bb5d61df9a5622b2f97ee5bb4766169eb5d119fe5296e73658f62eb
                                    • Opcode Fuzzy Hash: 59d455a9cfa385e3f35295e1c1cbee3d330ef196885c3dd8d062d21f8b0180bd
                                    • Instruction Fuzzy Hash: BE210471A04204DFEB14DF14D9C4B16BBA5FB84318F20C56ED90A4B396CB7AE447CE61
                                    Function 04D129EC Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ba115fb20672d26439f0a5ab568743118b52d2f5bd78c4d6cb32e84ef83ea05
                                    • Instruction ID: 4653c56040470c52d547ad97e43f02b766df8b2a630c84135847f9bf9485d3e3
                                    • Opcode Fuzzy Hash: 3ba115fb20672d26439f0a5ab568743118b52d2f5bd78c4d6cb32e84ef83ea05
                                    • Instruction Fuzzy Hash: 20216D75700254ABCB24DF19E580A6B77A7FBC8B21F10452EE90687760CB71F841CB60
                                    Function 06D3626A Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f9cdf22e5d53fd574aa9bf5ca94b35f491b4b49874002bdee0c00530fdec9f72
                                    • Instruction ID: 8e64b859ab1fb8edf1435ce30d70515f8b55300e816c68379cd60b87c85c88e9
                                    • Opcode Fuzzy Hash: f9cdf22e5d53fd574aa9bf5ca94b35f491b4b49874002bdee0c00530fdec9f72
                                    • Instruction Fuzzy Hash: 2421F934E04175EFEBA08FA8D9407BABBB1EB85350F058523EAA5DB291D734D5018B91
                                    Function 06BE5878 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed3ce4f8a4865844c4653c70360dc0df785ee3f5cdf5c46a6962e9aef85eb13e
                                    • Instruction ID: e1e6b297edcc64f1a4c79f751ed1e53f0bda3087502c238a624045b23f258950
                                    • Opcode Fuzzy Hash: ed3ce4f8a4865844c4653c70360dc0df785ee3f5cdf5c46a6962e9aef85eb13e
                                    • Instruction Fuzzy Hash: 87210431A00215EFDB15EF65D8406AAF7B2FF84316F10C069D8195B350EB31E990CB90
                                    Function 06BEF970 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3f4f36421b6fe19dfccc6a6c6932ff1dcd871a23faf0e665fa2a9add9e757f9e
                                    • Instruction ID: bf9ccdd33787a4093478bfc89eccabf8b48fc1d7543acd20478066086680fce7
                                    • Opcode Fuzzy Hash: 3f4f36421b6fe19dfccc6a6c6932ff1dcd871a23faf0e665fa2a9add9e757f9e
                                    • Instruction Fuzzy Hash: FF21C3757007019BE374AF78941093A73ABEFC5308B1848ADC9428F794DF35E842C721
                                    Function 06BEBED1 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2142cda99a998727e9dea9301b0bf53c5e51090d9553c4aa283a45e78ab14ad5
                                    • Instruction ID: f7bab368d6f9f45de49b36662b7675e3ce951a75282ef6cc44c1f0c45c32a5b6
                                    • Opcode Fuzzy Hash: 2142cda99a998727e9dea9301b0bf53c5e51090d9553c4aa283a45e78ab14ad5
                                    • Instruction Fuzzy Hash: E6110371F106268BDBA1EFB9D8401BEB7B6EFC8710F04857AD515A7341DB3899018BC0
                                    Function 04D155A1 Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4c897b2ff071dddaf4946184db51a7385fcd937518f4cba00ced37fd91d8ba8c
                                    • Instruction ID: 9e44dfa555de0b3d42fe13cc5b20c7f2b7152e6a1e94c0b47cb787869ad1900e
                                    • Opcode Fuzzy Hash: 4c897b2ff071dddaf4946184db51a7385fcd937518f4cba00ced37fd91d8ba8c
                                    • Instruction Fuzzy Hash: 90210E71E0020A9FCB05DFA9C8848EEFBF5FF98310B11865AE418E7211E774A956CB90
                                    Function 06D37540 Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71ccb26c6fb85773d7b1f23a7326e69a167864d6a2a237320f30aecd9f207a57
                                    • Instruction ID: 24c38baa15791dbb3d9532b5f311066f5f05793fd9fa998ba5993ed5e6cbe4b9
                                    • Opcode Fuzzy Hash: 71ccb26c6fb85773d7b1f23a7326e69a167864d6a2a237320f30aecd9f207a57
                                    • Instruction Fuzzy Hash: C731F4B0D01628DFDB60CF99C988BDEBBF5EB48714F248459E408BB250C7759845CFA9
                                    Function 06D34A38 Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 090cc60832904c020a9735fc793a4d418cb0122e96ec8b035253bc0c49ea9b2d
                                    • Instruction ID: 5e2efd709bb4bb51a677f4693b8c2c4b93a56cb11844f73d631a402f678a57ba
                                    • Opcode Fuzzy Hash: 090cc60832904c020a9735fc793a4d418cb0122e96ec8b035253bc0c49ea9b2d
                                    • Instruction Fuzzy Hash: D011E6706083549FF3529B18EC40F2ABBF8EB80715F00547BF19A8A285CA78DE01C799
                                    Function 04D10A98 Relevance: .1, Instructions: 65COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2248226b62429238f264bbd273159164805fdb227e31547f2867df380357cc87
                                    • Instruction ID: ed3ca295be2b98a25005fdfc85003cc59cbdbc7cd4e031c39ad8c8e300bcd4fb
                                    • Opcode Fuzzy Hash: 2248226b62429238f264bbd273159164805fdb227e31547f2867df380357cc87
                                    • Instruction Fuzzy Hash: 3F116A71B002058FDB11EF69D5549AFB7E6EF85704B0488A9E506EB7A0EF70EC048FA1
                                    Function 06D314E8 Relevance: .1, Instructions: 65COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 91def5c4adfd8c063229fd3587bcbb1201eb99d85b76f62fc1861edda6864d7b
                                    • Instruction ID: ee6232f34683c4150cc7d042d5c3840f5fbd4f9802ddf071e4c41e43bba14746
                                    • Opcode Fuzzy Hash: 91def5c4adfd8c063229fd3587bcbb1201eb99d85b76f62fc1861edda6864d7b
                                    • Instruction Fuzzy Hash: CD112231A045378ADB548B69CC102BAB6F5FB80361F448A26E0B7C62D0D738C441C754
                                    Function 06BE831C Relevance: .1, Instructions: 65COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 06b4751d4f16015e9f4464e1df09754838fcd0b1c9c562656c4bdece274b141b
                                    • Instruction ID: f8ef320a906727a49f412219243d8ab25ae66e991f92059fea4545decbd63961
                                    • Opcode Fuzzy Hash: 06b4751d4f16015e9f4464e1df09754838fcd0b1c9c562656c4bdece274b141b
                                    • Instruction Fuzzy Hash: CF1191B2F05106EFCB917AA4D9445EEBFB0EB80345B614CE6D199B2194E7308A398BD4
                                    Function 06BE1480 Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf11e43c43b295ec2dcd3bf0d09bcc2d932f8d5083ddee99c8e9f089c9541550
                                    • Instruction ID: 8b7cd14a616d9fe2587e7b4de445654f85c6fe23eaeb0e441004c2951c2accaf
                                    • Opcode Fuzzy Hash: bf11e43c43b295ec2dcd3bf0d09bcc2d932f8d5083ddee99c8e9f089c9541550
                                    • Instruction Fuzzy Hash: D71129717017108BC73A6B39941441A77B6EF862353244BBED06A8B7E0CB36D843CB44
                                    Function 04D14C8B Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 770267d1cbde3f519c2b6377a7b592bca21ad6a7510de208af346f2d31f41513
                                    • Instruction ID: 358da9fcb8eb9ab2794c18ec532e9c9970d30f6950a9c4fd056a8215ea053fb5
                                    • Opcode Fuzzy Hash: 770267d1cbde3f519c2b6377a7b592bca21ad6a7510de208af346f2d31f41513
                                    • Instruction Fuzzy Hash: B8116A75B00650AFCB24CF19E480EAA77B7BF88721F11452EE94687761CB31F841CB50
                                    Function 04D10D9E Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fee39cd3ef08feeae1a130262bc135bcb8c9c713169aaf8aea6fdbcedaa2cf24
                                    • Instruction ID: 16c0a11efcc89baa845bb78695566d9a93361eacefd3468b1c33a77d258821dc
                                    • Opcode Fuzzy Hash: fee39cd3ef08feeae1a130262bc135bcb8c9c713169aaf8aea6fdbcedaa2cf24
                                    • Instruction Fuzzy Hash: 79214D35A001199BCB00DF6AE8805BFBBB6FF85701B148426EC18EB215E734DD55CBA1
                                    Function 04D12A40 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93ee4dc2be2f9b65f3168552605dbeb763fa2b31d58ff755c4e605a2c0fd79d4
                                    • Instruction ID: b99565131b242ab847bf90d43f9331cd87b88296f3ee56cd555d3d82758f6a66
                                    • Opcode Fuzzy Hash: 93ee4dc2be2f9b65f3168552605dbeb763fa2b31d58ff755c4e605a2c0fd79d4
                                    • Instruction Fuzzy Hash: 6521ED71E1021A9FCB04DFADC8848AFFBF9FF98300B10851AE515E7214E774A956CB90
                                    Function 06D34A28 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 90a7179bc4988c819b80c7ab83895f6242d966580127bc2c82cacaaaaa4f5ad3
                                    • Instruction ID: b63adc21a21b9851ea381eebd1cd153efeee24b332f23bf066c8db26040796b6
                                    • Opcode Fuzzy Hash: 90a7179bc4988c819b80c7ab83895f6242d966580127bc2c82cacaaaaa4f5ad3
                                    • Instruction Fuzzy Hash: D91126706082109FF7528B18ED50F6A7BF8EB80315F0094BBF59A8A285C678DE00C795
                                    Function 06BE6298 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0300163d32425c90647fc1ab6afa918de81be99a5c59aeb190123e3943e5d07
                                    • Instruction ID: 248bd96eacd73c2cc000bb1b349f1ffd4e26bb9839dc8f9ce423e54d89a95ff3
                                    • Opcode Fuzzy Hash: b0300163d32425c90647fc1ab6afa918de81be99a5c59aeb190123e3943e5d07
                                    • Instruction Fuzzy Hash: 7921E0B1D013499FDB10CF9AD884ADEFBF4FB58310F24846EE519A7200D375A944CBA4
                                    Function 06BE6290 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eef075eb088bd58fca75a3fdc577db5720fdba9170283a81136aff7d4e0acadc
                                    • Instruction ID: 739b02303db7dd63442c1c0397b0a2d5835bc9a7d649c7a47d2b2660fa5c9747
                                    • Opcode Fuzzy Hash: eef075eb088bd58fca75a3fdc577db5720fdba9170283a81136aff7d4e0acadc
                                    • Instruction Fuzzy Hash: EE21DFB6D013099FDB10CF99D984ADEFBF4FB58310F24846AE919A7200D375A944CBA5
                                    Function 06BE7B00 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a8adf662f656f581ea05625066d4ffec5f54434bd3ac8fefe2d4b02dea82c953
                                    • Instruction ID: 9c24da1773e316354f307966c5e962676166767311bb2face992e595c96c4fcd
                                    • Opcode Fuzzy Hash: a8adf662f656f581ea05625066d4ffec5f54434bd3ac8fefe2d4b02dea82c953
                                    • Instruction Fuzzy Hash: 8F11DD72B006109FC751EB78DC4492E7BEAEF89614B1040BEE40ADB360EF31AC01CBA0
                                    Function 0244D006 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095522857.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_244d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8f28c0c10bd77859f234c97193fc19fdb99e515925a6caacc3ed40f41e741de3
                                    • Instruction ID: 5fb77191804d7193386bae0be11210db8ac25f562fd6aa680e127651468fc67d
                                    • Opcode Fuzzy Hash: 8f28c0c10bd77859f234c97193fc19fdb99e515925a6caacc3ed40f41e741de3
                                    • Instruction Fuzzy Hash: 5F215075509380CFDB16CF24D594716BF71EB46218F28C5DBD8498F6A7C33A940ACB62
                                    Function 04D10A91 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ef5aab79cf2480117ad932d94cda9f94fb9a8e9f03b2100be355ae80dd9b3534
                                    • Instruction ID: 2b705337e00c0abf3b94e2292dbd3d8fe64babdea5f00b0a6c851d662bbb6cd0
                                    • Opcode Fuzzy Hash: ef5aab79cf2480117ad932d94cda9f94fb9a8e9f03b2100be355ae80dd9b3534
                                    • Instruction Fuzzy Hash: 9511AC717002018FDB11EF69D4848AFBBF6EF85614B0088A9E506EB760EB70ED058F91
                                    Function 06D37881 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 80491f821bdb9df9e02d9d2aecc65f8d9561974d8c09b43d868a72827e71cfb1
                                    • Instruction ID: 4be9595f556eac1a0025891ecd3c7f43f2efffedf11c975361b8e9217d55b3c4
                                    • Opcode Fuzzy Hash: 80491f821bdb9df9e02d9d2aecc65f8d9561974d8c09b43d868a72827e71cfb1
                                    • Instruction Fuzzy Hash: 7111A0B5A006295B8B55EF799C405BFBBB7EFC4260724492EE469D7340EF309D018BB1
                                    Function 04D1C780 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72cbccf20d71ac54e4574866964f8ebc363e4dc2625eebc42bd5180c3764472d
                                    • Instruction ID: 60d49d396ee632935d6dc5fef96c92081fa49cc831ae5466d0c6a7583e679b96
                                    • Opcode Fuzzy Hash: 72cbccf20d71ac54e4574866964f8ebc363e4dc2625eebc42bd5180c3764472d
                                    • Instruction Fuzzy Hash: C31123B17642409FE7159E34D88174B7BE7FBC9710F40882AC686DB2C0EBF0B8098B94
                                    Function 06BE7B10 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c5532784d7fbb89da37f8908bfd2f12d8603ab06fb154e19f7ab571e27e9df6
                                    • Instruction ID: d1cff62efd8d4e56ccccac6daf25083c8417e7dbf687da55028d2f85248c5425
                                    • Opcode Fuzzy Hash: 8c5532784d7fbb89da37f8908bfd2f12d8603ab06fb154e19f7ab571e27e9df6
                                    • Instruction Fuzzy Hash: 48118C717106109FC754EB78D884E6EBBEAEF89615B1045AEE50ACB360DF31EC01CBA0
                                    Function 04D128A3 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e13871ea390121f7ab085022cbefa15df172ccd741e45af9ba909a9e06bbc422
                                    • Instruction ID: 1f40d74879154e8e4520403a65d924aab7bca44aca524c0af6e9ca635deff691
                                    • Opcode Fuzzy Hash: e13871ea390121f7ab085022cbefa15df172ccd741e45af9ba909a9e06bbc422
                                    • Instruction Fuzzy Hash: 7B11E9307402046FE725EA26E890B66B3A7FBC9724F14C47DE9459B2A4DB71E8478B90
                                    Function 04D128A8 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3dcc96148b67f125d4af34fe6b830c172c6de94d82313dc294c81c44641e469d
                                    • Instruction ID: d3115d6b577856f2e6b0a82fe780c97e6827e7c3121d2a6d3ddccfe6313430cf
                                    • Opcode Fuzzy Hash: 3dcc96148b67f125d4af34fe6b830c172c6de94d82313dc294c81c44641e469d
                                    • Instruction Fuzzy Hash: 2C110C307403046FD725EA2AE850B67B397FBC9724F14C47DD8459B3A4DB71E8468B90
                                    Function 06BE795C Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 97893e8a5e8f22dff6a0d7e767c8b3f367dc6945711df7404f08aeb25dc90a04
                                    • Instruction ID: 303634fc6885c2017da4ec1ac7a35ea02d971a72b025c1db10003b4fe87464b4
                                    • Opcode Fuzzy Hash: 97893e8a5e8f22dff6a0d7e767c8b3f367dc6945711df7404f08aeb25dc90a04
                                    • Instruction Fuzzy Hash: 5821BAB5E001199FCB44DFADC8849AEBBF1FF88310B15816AE958E7311E7319911CBA1
                                    Function 06BE7940 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e687be95c8243c88b02392d06323c54055966b87e7a28c5d34ccc267e7844894
                                    • Instruction ID: 4afdeb79ad70af0c3fdd82059bf56bb926f839bb635ac9514f2dfedf53b05a38
                                    • Opcode Fuzzy Hash: e687be95c8243c88b02392d06323c54055966b87e7a28c5d34ccc267e7844894
                                    • Instruction Fuzzy Hash: 502100B5E005198FCB44CFACC8449AEBBF1FF8C310B14816AD918E7351E7359912CB90
                                    Function 06D377B0 Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6eedce9a04a4cda0f56c11e90a205a81581ea055b67c909cd1aec03f280edb4c
                                    • Instruction ID: 7ff3cb9d67193067ca4365a36f51bf9c51c1e4c7ca56048b316c1035a1ee05ee
                                    • Opcode Fuzzy Hash: 6eedce9a04a4cda0f56c11e90a205a81581ea055b67c909cd1aec03f280edb4c
                                    • Instruction Fuzzy Hash: 18112E71F0065A8BCB94EBB998105EFB7F6BF84710F604069C508E7344EB318E01CBA5
                                    Function 06BE6048 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8416c3d672b4b0d3cf1704b35d955510af1407a76f59c22a0de1ee67b9fea946
                                    • Instruction ID: 596c3940d2a5fdead01eb2643e34a6b07bd5b41e6f3fabbc416a1534d450bedf
                                    • Opcode Fuzzy Hash: 8416c3d672b4b0d3cf1704b35d955510af1407a76f59c22a0de1ee67b9fea946
                                    • Instruction Fuzzy Hash: E711E372E00215EBDF54DFA4E8446EDB7B2EF88310F100465E902AB360EB729D06CF80
                                    Function 0243D3D3 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095467476.000000000243D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0243D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_243d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                    • Instruction ID: afa701848d76d91ac29590b64ed54dc3fac5b2fe8f52ac5cbbc78aca0fbaeeec
                                    • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                    • Instruction Fuzzy Hash: 8C11D376904240DFCB16CF10D9C4B16BF71FB98324F24C6AAD8490B756C33AE456CBA1
                                    Function 0243D4BF Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095467476.000000000243D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0243D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_243d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                    • Instruction ID: b4f2fc302441381e314c681f61e263d14e396cf586e05ef42f7b03f5aa336805
                                    • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                    • Instruction Fuzzy Hash: 4811D376904280CFCB16CF10D9C4B16BF71FB88328F24C6AAD8490B756C33AD456CBA1
                                    Function 04D19820 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f647471bf27a2777dcd7167318d28b4a9dd8d6365078941581fd48f0fad00a43
                                    • Instruction ID: e02b28adbce498b8eee8a5d8d63307caf2db367821c6ea20cc9243fe319ca93e
                                    • Opcode Fuzzy Hash: f647471bf27a2777dcd7167318d28b4a9dd8d6365078941581fd48f0fad00a43
                                    • Instruction Fuzzy Hash: 43110CB69052486FCF019F60A8606DEBF75EF86301F1001D7E940AB152D6746905C791
                                    Function 06D37754 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 70fdc905ca0846dc130cd80f36614bf515c6b291352f3ed03ccabc3efe4dda4a
                                    • Instruction ID: 0711f511ec21d1e0bb36fc4a413828c1d4460ff8f7c8a6cd83fd312a425abb79
                                    • Opcode Fuzzy Hash: 70fdc905ca0846dc130cd80f36614bf515c6b291352f3ed03ccabc3efe4dda4a
                                    • Instruction Fuzzy Hash: DC2103B5C003599FDB10CF9AD884ADEBBF4FB48310F108419E919A7210C375A954CFA5
                                    Function 04D1C790 Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d67b104195b3e9c3089534186a65aff4378071ef22d5a53f2ca0564c903546d9
                                    • Instruction ID: 941422c53a795172597bc6033086a6383eb84aa07517c11df7edd62696176cbd
                                    • Opcode Fuzzy Hash: d67b104195b3e9c3089534186a65aff4378071ef22d5a53f2ca0564c903546d9
                                    • Instruction Fuzzy Hash: C311CE717206105FE7149E68D88175B77DBFBC8700F408829D586EB7C0EAB0A8088B94
                                    Function 06D38E58 Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f3ac6658361b74da72a56a4594d6b6dcd3b6955e6d24722048574fa1e24b01c
                                    • Instruction ID: 9b49c3fd7430b493074d858f9543e1704d88cd0f3f4f5e6823d03cb671a5bc72
                                    • Opcode Fuzzy Hash: 7f3ac6658361b74da72a56a4594d6b6dcd3b6955e6d24722048574fa1e24b01c
                                    • Instruction Fuzzy Hash: 7F01DE72A0A3D46FEB4797688C508DA7FB6CE0321071940EBE084CB263D6215916E729
                                    Function 06D34950 Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7b0b7d8df7e0bb317861a2bfb2eb23991e63a44e58ae40d81c8d62fbe64bedf1
                                    • Instruction ID: 3a0600ccca33dea41c001d20b2516ffc91c62c9c7cd1f82bf66dea23aa9d6ae1
                                    • Opcode Fuzzy Hash: 7b0b7d8df7e0bb317861a2bfb2eb23991e63a44e58ae40d81c8d62fbe64bedf1
                                    • Instruction Fuzzy Hash: C0114C70105918EFD794CF24AA412687FF4FB49354F21A4DEE4C98A242CB3BCC638791
                                    Function 06BE00C8 Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f94634105bed0578927a59f588415426e64fced1f1448eef5b77812f6cfe4035
                                    • Instruction ID: 53da4c870f76c8cf8583139294ce89d04686b8c298eeb0b128c1ddd3977790f8
                                    • Opcode Fuzzy Hash: f94634105bed0578927a59f588415426e64fced1f1448eef5b77812f6cfe4035
                                    • Instruction Fuzzy Hash: CA01A130A001089FC704EF78D85169D7FB2AF84214F2082AAD0298F3E6DF319D12CB91
                                    Function 0244D1CF Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095522857.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_244d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                    • Instruction ID: 20851848984589ce12a8ccd383d9206583fe79f79b771176c9922d176e315c07
                                    • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                    • Instruction Fuzzy Hash: A5118B75904284DFDB15CF10D5C4B16BBA1FB84218F24C6AADC494F796C33AD44ACB61
                                    Function 04D1683C Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 324a68fef5847961dcc6945ac304f5e8110765a0e0c8d82ffa8ab8886592ffd2
                                    • Instruction ID: 3d6a4de5046d9fe6c79590d9f7aed5f95fdf740b0da1a6e15ca0ec4c44859da1
                                    • Opcode Fuzzy Hash: 324a68fef5847961dcc6945ac304f5e8110765a0e0c8d82ffa8ab8886592ffd2
                                    • Instruction Fuzzy Hash: 9E017B71F083446FE714DB7968245DEBFE9DF82160B0484EBE808D7342E961AC0283A1
                                    Function 04D17C51 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0917da49a90672257013a636b1f414782576e0aefb2fab9c14dce6da49e0d93
                                    • Instruction ID: cfc82aec415a378f925933d18b4c33bcd8c088d98f4aa3211ce9f06196f5eaad
                                    • Opcode Fuzzy Hash: f0917da49a90672257013a636b1f414782576e0aefb2fab9c14dce6da49e0d93
                                    • Instruction Fuzzy Hash: C11123B1D006899FDB10DFAAD444BCEFBF4EB88320F14801AD819A3320D378A505CFA5
                                    Function 06BE7970 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b45cab1c228ebf41ad0b455a5787ae50ea66241c65aa7bc6e674aeafd712f342
                                    • Instruction ID: 545a6ef53a07386036e72c442c4856a65c1debcced0d85b029f213aa9225179b
                                    • Opcode Fuzzy Hash: b45cab1c228ebf41ad0b455a5787ae50ea66241c65aa7bc6e674aeafd712f342
                                    • Instruction Fuzzy Hash: 5E1189B5E0011A9F8B44DFADC9849AEBBF5FF88310B10816AE919E7315E7309911CBA0
                                    Function 04D16698 Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cf2e5762b307a7a76d4f0c330d060f8086208651058dad4eadba99a7c338b85f
                                    • Instruction ID: 3c14abbf78b89afa306c2a672c2f510f999a9f1eb94dfbe398b43b3a52bca144
                                    • Opcode Fuzzy Hash: cf2e5762b307a7a76d4f0c330d060f8086208651058dad4eadba99a7c338b85f
                                    • Instruction Fuzzy Hash: DA11F3B1D046499FDB20DF9AD444B9EFBF5EB88320F14841AE859A7320D374A544CFA5
                                    Function 04D1684C Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 96650875542fe5eada795962d5b20c93e7025993d94dd57b0b50bce64b65c5ae
                                    • Instruction ID: 517dd9151ea3e04dff4999af93f0ba271b035dd40cd47f9204fd92be60cbff37
                                    • Opcode Fuzzy Hash: 96650875542fe5eada795962d5b20c93e7025993d94dd57b0b50bce64b65c5ae
                                    • Instruction Fuzzy Hash: B71134B1D006499FDB10DF9AD444B9EFBF5EB88320F10841AE819B7320D374A504CFA5
                                    Function 06BE2E19 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71fe1d25afd969866c57c025cbc9992185b7e14a2e02c34097897a8d67afe834
                                    • Instruction ID: d92eb9a458fe6d84a74ad85c204df87778f2e8da5e2575dcca874222924bdea8
                                    • Opcode Fuzzy Hash: 71fe1d25afd969866c57c025cbc9992185b7e14a2e02c34097897a8d67afe834
                                    • Instruction Fuzzy Hash: AA016D74B112149FCB149F29C858AAE7BFAAF89700F1044A9E402EB3A1DF718D058B90
                                    Function 04D1B7D1 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea6eefde7a433bb6574bb60ac411e86b390ef55d1de7c496d223c146662b65fa
                                    • Instruction ID: d8f1fc9eb118bc724cc2b3bec0613aa73f95085861a391e1044c6b0acd1f3e83
                                    • Opcode Fuzzy Hash: ea6eefde7a433bb6574bb60ac411e86b390ef55d1de7c496d223c146662b65fa
                                    • Instruction Fuzzy Hash: 6211A7312047418FD725DF2AD41421BBBF2EB84321F10875DD59A8B7A5DB75A8078B90
                                    Function 04D12700 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f7dd5edc0b22e5809fef113791127229d2bb766054442fb8503268838c711fbd
                                    • Instruction ID: 36c5edf684121364a5cc072ed0733826571cc061db3e260d6c1dea06f0e69dfb
                                    • Opcode Fuzzy Hash: f7dd5edc0b22e5809fef113791127229d2bb766054442fb8503268838c711fbd
                                    • Instruction Fuzzy Hash: 0501B572906621BBC7259F19F401666FB64BF44B10F0442AADC5877A60C772F891CBE1
                                    Function 06D3E380 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cb0ef72e7f5d8f77a51fc5abed1bb275bc8b43bb1e1fbff33f0afad487a4f2e1
                                    • Instruction ID: f4683c70fdc25e9e1066b7fd0067cf9384c5e73d49e94071a2554706ef67414f
                                    • Opcode Fuzzy Hash: cb0ef72e7f5d8f77a51fc5abed1bb275bc8b43bb1e1fbff33f0afad487a4f2e1
                                    • Instruction Fuzzy Hash: 7411B3B1D006289BEB68CF9BC9457DEFBF6AFC8300F14C06AD4097A2A4DB7509458F90
                                    Function 04D18188 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7525ff56ec6212d2d3a227de14202d8378ff0b716769b07315aaa2cba1776839
                                    • Instruction ID: 9a4fc36f14e125d4e23befc350d70a8f02ca328df122f47605507c12b4ce0c73
                                    • Opcode Fuzzy Hash: 7525ff56ec6212d2d3a227de14202d8378ff0b716769b07315aaa2cba1776839
                                    • Instruction Fuzzy Hash: 53014E76B002146FDF01B7A868406BE7FB6DF88514B000059D904A7361DD315902C7F5
                                    Function 04D16922 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 907f8dbdbb1c18f34726303b4b3f7817ac56ba57531e9083bb55d87b47f5ba2f
                                    • Instruction ID: 04b28d73643a0d71d9fd5c6152f8710b51d6b194476873c27fd5a709b8fac517
                                    • Opcode Fuzzy Hash: 907f8dbdbb1c18f34726303b4b3f7817ac56ba57531e9083bb55d87b47f5ba2f
                                    • Instruction Fuzzy Hash: 2C11A131A00209DFEB14EFA5D0143AD7AB2EF48715F045479D801A72A4DB78E984CFA5
                                    Function 04D19229 Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5fd45ebbb6b8a7a880b3e3904884615c4d014f9d9b0e0649987e1eb0a146f46b
                                    • Instruction ID: 55d683d6385c876a07a8ba1d273f3488e1f533e69d996b830b6876067747d029
                                    • Opcode Fuzzy Hash: 5fd45ebbb6b8a7a880b3e3904884615c4d014f9d9b0e0649987e1eb0a146f46b
                                    • Instruction Fuzzy Hash: B61145B5800249CFEB10DF9AD485BCEFBF4EB48320F20841AD958A7310C338A945CFA5
                                    Function 04D18C44 Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 56380266608dffe6d08b22178c9d69f96eac95624789cee5204cdfc8d6957332
                                    • Instruction ID: b3bad1b1a2651490e56916164e5f10db0502b893bd750cb3652d4e4878bf8660
                                    • Opcode Fuzzy Hash: 56380266608dffe6d08b22178c9d69f96eac95624789cee5204cdfc8d6957332
                                    • Instruction Fuzzy Hash: 1B1122B59002489FDB20DF9AD484BDEBBF4EB88320F20845AD918A7310D378A944CFA5
                                    Function 04D18BF0 Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0fc11ec7dec3e79e86b42ffec1ab11ecddeaba283443c85bfde3d63c73a4382
                                    • Instruction ID: bc7a3f555fcaa5f27729bd6a61f548b1a86a8077e38df63b058eaf85ea502e76
                                    • Opcode Fuzzy Hash: d0fc11ec7dec3e79e86b42ffec1ab11ecddeaba283443c85bfde3d63c73a4382
                                    • Instruction Fuzzy Hash: 571122B19002489FDB20DF9AD444B9EBBF4EB88320F20845AE918A7310D378A944CFA5
                                    Function 06BE9678 Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 26cfe3d1689311e063175d7ef62153027ee1995a20270a87774e8f1293bd5792
                                    • Instruction ID: 56918d59802d03b620aec0a3f41711c42036885d339af17c7ff044fbfebddcbe
                                    • Opcode Fuzzy Hash: 26cfe3d1689311e063175d7ef62153027ee1995a20270a87774e8f1293bd5792
                                    • Instruction Fuzzy Hash: F901D6F2F082016FCBA27B64D9545E97BB0D785310B2548E7E4AAE32A4E735451ACBC0
                                    Function 06BE15A0 Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f960aa68e38abf175e8a88f56a37c16c8778b622be126d25386b2f681c1d7e09
                                    • Instruction ID: 1445993a674b6e959f13770d39448f645ec9334e726fd700fb803b93ed7f303c
                                    • Opcode Fuzzy Hash: f960aa68e38abf175e8a88f56a37c16c8778b622be126d25386b2f681c1d7e09
                                    • Instruction Fuzzy Hash: 1501D4B2B042169FD7128B6DD880B96BBE6EF89314F1841AAE509DB311D770EC50CBD0
                                    Function 06D34960 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 20faad1c91faee1f379d2631b19563e4a7376d40224d0fd34743bf48bef074fb
                                    • Instruction ID: c0f5cb85dbdbeffbd8fb738f54db35e3b2c48fe01315b5011b0e9743df613201
                                    • Opcode Fuzzy Hash: 20faad1c91faee1f379d2631b19563e4a7376d40224d0fd34743bf48bef074fb
                                    • Instruction Fuzzy Hash: AB012770205918EFD790DF18E6412287FF4EB48314F20A0DDE4CA8A241DB36CC628795
                                    Function 0243D745 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095467476.000000000243D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0243D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_243d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 729aa16150ea23e531cc2531a1952ae47fd3189965c14755aad47cc8cebad56a
                                    • Instruction ID: 3e9d2e5039df20216350f8b5296ab2e97770a2c27e26e6dd85ce92299fc84359
                                    • Opcode Fuzzy Hash: 729aa16150ea23e531cc2531a1952ae47fd3189965c14755aad47cc8cebad56a
                                    • Instruction Fuzzy Hash: 5501F731804744DAE7125A25CD84B67BB98EF49264F18851BED080A386D3399486C6B1
                                    Function 06BE2E28 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ce812b7233c23e3b55915a366c9ccdd5dd722839c6a90a775b3b1a147150095
                                    • Instruction ID: 9eddcedb459615d7e85dba7e4a5dc5ce575c78e736f6753e8e725710af5a388a
                                    • Opcode Fuzzy Hash: 3ce812b7233c23e3b55915a366c9ccdd5dd722839c6a90a775b3b1a147150095
                                    • Instruction Fuzzy Hash: 8D015E74B102149FDB189B29C958AAE7BFAEF8D700F1044A9E402E73A1DFB19D05CB90
                                    Function 06BEAAC8 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d00d0bd55400e3ab8c9e802b8ef5ec1cf512554eb4108b645eee8e10e72b51e7
                                    • Instruction ID: 1ea0ba9cb7336b4c23c44c2a96c49453f73df7fcfaef5ce2fb114cfbb9c9bbc1
                                    • Opcode Fuzzy Hash: d00d0bd55400e3ab8c9e802b8ef5ec1cf512554eb4108b645eee8e10e72b51e7
                                    • Instruction Fuzzy Hash: 6701D232E1020AAFCB10EFB4D8449D9FB76FF94314F118A2AE00567160E771A59ACB90
                                    Function 04D1A628 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 081a3b0a1ff78e21bc9d6cef76ab134a37725a0acad795542271e2c8e008e039
                                    • Instruction ID: 4eb217dccfab33405d15ab9d56c110bf975b064eb1813006cb59bce996c977dd
                                    • Opcode Fuzzy Hash: 081a3b0a1ff78e21bc9d6cef76ab134a37725a0acad795542271e2c8e008e039
                                    • Instruction Fuzzy Hash: 8301767420E2808FDB00EF39E8C41A97FE0FF52214B1884BAE882CB213E236D407D742
                                    Function 04D19F38 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cbe8369e0cd7c34d27e1799182b31d7aa6d34b3656e8530d8019f28c8f9829a0
                                    • Instruction ID: a5ca64371f8905b0bfa61b52d974db7d60c08ff0a5857a49a389134aecdfe2b3
                                    • Opcode Fuzzy Hash: cbe8369e0cd7c34d27e1799182b31d7aa6d34b3656e8530d8019f28c8f9829a0
                                    • Instruction Fuzzy Hash: D7017571D18158AFDB15DE65E8909DE7BF1AF89304F144096E801E7361C631E901DB50
                                    Function 04D1A4A8 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df8afccea40bb5798255b14dac701df02264de8a4f69a714a630c4441ca90919
                                    • Instruction ID: 3445cf3b2bd75b2dbc1797119ccd4d248ae75658ea22b48f9ab51f5d8d276685
                                    • Opcode Fuzzy Hash: df8afccea40bb5798255b14dac701df02264de8a4f69a714a630c4441ca90919
                                    • Instruction Fuzzy Hash: A7F0BB3174131427FB246539BC45BBE328BDBC6B14F08803AEA0DDB6D0CDB5A84153D5
                                    Function 04D1B7E0 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9d194671a20df02423a81d1bcfe514ec4ecf7e3d7e3cbf427a5ac4300b2fa79a
                                    • Instruction ID: 80222cd82a5531394da4a901c45c955be164d579683ca0747a9a8f0689154f05
                                    • Opcode Fuzzy Hash: 9d194671a20df02423a81d1bcfe514ec4ecf7e3d7e3cbf427a5ac4300b2fa79a
                                    • Instruction Fuzzy Hash: 74016131200B518FD724DF2AD41471BBBF6EB88325F108B2DD59A8B7A4DB75A8468B90
                                    Function 06D31610 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aac36d3be6d10d929a9abc654fee923e4e943f6db5b6d1a853abb956b78937b2
                                    • Instruction ID: 01547f110eae9b8b0f833a1f4a6663137c29426978b2ed26fc77e41cf47f27e3
                                    • Opcode Fuzzy Hash: aac36d3be6d10d929a9abc654fee923e4e943f6db5b6d1a853abb956b78937b2
                                    • Instruction Fuzzy Hash: 2801D630E14165EFD750AFF4AC046AE7BB6EB48340F148469EA06D7344DE3489018FD1
                                    Function 06BE31E7 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: adefe54363761d37fba5f7f9353f8f01e03a87ea4f8757eded5dbed1c90bee65
                                    • Instruction ID: 5b297c05123e61812f30269eaef692ba38e99f8180c4bd4690d8760e5d9e7666
                                    • Opcode Fuzzy Hash: adefe54363761d37fba5f7f9353f8f01e03a87ea4f8757eded5dbed1c90bee65
                                    • Instruction Fuzzy Hash: 72F022B27005109FEB61AB75E805A373BF6EF89711B0450B8E44ACB261CB21CC12CBE2
                                    Function 06BE6058 Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2abdbad35efac8e2b4824a4227e19da16f966690b7f8f395e30bf9b72602229e
                                    • Instruction ID: 52498fa8cff9addc6cbff751cc4ff9868289f10bca81d10f3b416d4d079f834b
                                    • Opcode Fuzzy Hash: 2abdbad35efac8e2b4824a4227e19da16f966690b7f8f395e30bf9b72602229e
                                    • Instruction Fuzzy Hash: FD014C71E00219EBDB59DFA4D454AADBBB2EF88304F104569E802B7360EF76A944CF90
                                    Function 04D1080C Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aea45487ebe0479daf15d30b938f839dd7fbf32f4574ca27b3bca4bfff6ce2b7
                                    • Instruction ID: a446d3e5730973d6570692b9dd0f22daf19f2fb3c002b1ad18d14c7ccf863df3
                                    • Opcode Fuzzy Hash: aea45487ebe0479daf15d30b938f839dd7fbf32f4574ca27b3bca4bfff6ce2b7
                                    • Instruction Fuzzy Hash: 6E014435650110DFC710EB18E088AE877A5FB4A354F1585F6E54DAB335C632F8838B80
                                    Function 06D3F208 Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4463678c865e8328bb51c2a99164eb7ad9a9a890408b8d37f84d4cc43c72bce2
                                    • Instruction ID: 60c89965fed9a58a72436f42e7e13ae89a5464a338d5722d95decee6a8b22d01
                                    • Opcode Fuzzy Hash: 4463678c865e8328bb51c2a99164eb7ad9a9a890408b8d37f84d4cc43c72bce2
                                    • Instruction Fuzzy Hash: 5C011638E08558EFD754DFA8D689AA8BBF9AB49300F148098A4099B251CB30DE41DB80
                                    Function 06BED518 Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d78fd8cb9f2746157464e4399bfb2b9dafdae387ad20ec2c91794454b48cd846
                                    • Instruction ID: ddea01163ba462527584ed303699a907a13eb327295c783b0c1afc8be8b4292a
                                    • Opcode Fuzzy Hash: d78fd8cb9f2746157464e4399bfb2b9dafdae387ad20ec2c91794454b48cd846
                                    • Instruction Fuzzy Hash: AE01ADB1D00208DFEB55CF5AC44479EBEF5FF88364F24C169E928AB290C7B58984CB94
                                    Function 06BE5FB0 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fc9407c8ee4ebb21d4c3b081394fdc24cf42fecf76803be4889a3467c2026bf0
                                    • Instruction ID: 566efae4919909c7019488d6b39d1afb7382fa4ed8ddba5a45a6d8692f399dc4
                                    • Opcode Fuzzy Hash: fc9407c8ee4ebb21d4c3b081394fdc24cf42fecf76803be4889a3467c2026bf0
                                    • Instruction Fuzzy Hash: 070119A390E3C45FDB034F6498506D93F71DF57258F2A40DBE888DF1A3D22A492AC762
                                    Function 06BE43E2 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30564626614fa00bc8a53927c2ea70fe2a0b288ac414334888ecc4dc7278409b
                                    • Instruction ID: 5d19f5aa35eb91029c576b7de20a7439f8ba3c6535c6ea4d252ea968cdbe1527
                                    • Opcode Fuzzy Hash: 30564626614fa00bc8a53927c2ea70fe2a0b288ac414334888ecc4dc7278409b
                                    • Instruction Fuzzy Hash: 83010071A15286AFDB06EF74D81469C7FB2EF8A311F2541CEC4019B3A6DA305906CB82
                                    Function 06D3F190 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b70c87a6d9cb9db99372f45dba34c0b9b935941211768a646f5baa69c2034ea
                                    • Instruction ID: a4f786f7d16e5198d58662cb50250b95fd609d3241a85b30698a336c0b4cf108
                                    • Opcode Fuzzy Hash: 8b70c87a6d9cb9db99372f45dba34c0b9b935941211768a646f5baa69c2034ea
                                    • Instruction Fuzzy Hash: 6EF0AFB0D0825DDFEB84CF95E8009B8BBBCAF4A300F00D1A4A4499B216C730CA41EB80
                                    Function 06BE0600 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 972c8e7e7257ee1d9e15237565ea79af2366c79cf9d7b5d6b1388a91d09b5cab
                                    • Instruction ID: 83377217167452c4ac4fef8ec915b5922030014dfccebbe65032a664856e68db
                                    • Opcode Fuzzy Hash: 972c8e7e7257ee1d9e15237565ea79af2366c79cf9d7b5d6b1388a91d09b5cab
                                    • Instruction Fuzzy Hash: EAF0C271704705DFEB68EB15D450BAAB7E4EF85311F0046ADD50A876A0DBB5E8C2CBC0
                                    Function 06BE05F2 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 31a8f2620b463038a44568c08b5a9801ebdb50420d446979acd3d7d0f11e2401
                                    • Instruction ID: 67178eb311cea6f77edd472ecbf3ae37af37f04960aeb7c35bb0a796cfa41c6d
                                    • Opcode Fuzzy Hash: 31a8f2620b463038a44568c08b5a9801ebdb50420d446979acd3d7d0f11e2401
                                    • Instruction Fuzzy Hash: 53F0C871B05302CFEB28DF15D4507A6BBE5EF85611F0445ADD50D876A0DBB5D8D2CB80
                                    Function 06BEAAD8 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: deb5285e2b4ccc4fb6e8f70e5cb28644f847d8ac3d9b1c7704b62f86a3974a08
                                    • Instruction ID: 8b73adb0add465927b992eb091172dff2d3cbfd96c53a90403f261c9f1bef22c
                                    • Opcode Fuzzy Hash: deb5285e2b4ccc4fb6e8f70e5cb28644f847d8ac3d9b1c7704b62f86a3974a08
                                    • Instruction Fuzzy Hash: CC016232E1061AAFCF10AE75DC448D9FB76FF99304F11862AE50567210E771A599CB90
                                    Function 04D1D108 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea81cc02c025e00ded262c427fdd1c446c9612a86ff14a9369497c9d019de865
                                    • Instruction ID: 7fc21bdff2964642c7ff1d629d56d44ad3c328ecf1355847c9256df6a88aaa9b
                                    • Opcode Fuzzy Hash: ea81cc02c025e00ded262c427fdd1c446c9612a86ff14a9369497c9d019de865
                                    • Instruction Fuzzy Hash: A80192302107928AE725EB38C4447CBBBD2AF41308F00991DD5EA1F3D6DAF674498B95
                                    Function 06D348C8 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51b323b1f9206d945c2e261eddcbe09440c9ab8a96c7309b9bb9e007d87abeb0
                                    • Instruction ID: 783a6da6620ecdccb9ca591f80ad7342f9fb1eb32c5dc80fec149ea2992d3d09
                                    • Opcode Fuzzy Hash: 51b323b1f9206d945c2e261eddcbe09440c9ab8a96c7309b9bb9e007d87abeb0
                                    • Instruction Fuzzy Hash: 3601C270511F18DBC334DF1AE189556BFF4FF88710B41A99EE0CA8BA65DB71B8248B84
                                    Function 06BE7FA8 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 044897230b7165f31ed34d69764f54b9a32059d76f616fd771eedb82244a0fad
                                    • Instruction ID: 8f518d6460a7f514e167e142a1b1c8d078c5ee9d8f10c8cdadcc5377c621f234
                                    • Opcode Fuzzy Hash: 044897230b7165f31ed34d69764f54b9a32059d76f616fd771eedb82244a0fad
                                    • Instruction Fuzzy Hash: 6701F476D20A0487DB01BF78DC0059CB775EFA6321F01432AE888A7354EB30D5A587A0
                                    Function 06BE31F8 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 952f0debdbc34c8bee12f64f4c29f42c160bfffd41d941d7c8fb5508c4db1742
                                    • Instruction ID: 65f31aa8b594ab06a5a7a30201d9f90e96b1d73a264af15e6923f4a1271722cc
                                    • Opcode Fuzzy Hash: 952f0debdbc34c8bee12f64f4c29f42c160bfffd41d941d7c8fb5508c4db1742
                                    • Instruction Fuzzy Hash: E8F024B17006109FDB61AB7AE804A3B37E9FF8831470040B8E44ACB260CF21D802CBE5
                                    Function 06BEBDF2 Relevance: .0, Instructions: 37COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb3c7a668eac7d6a0889641aa049f2da7cb4d8d366532496950c5e59dc5527fe
                                    • Instruction ID: e3d7b7e5f3798da1459fbae5e57fcd6455b1862407c50efecf5506945921c8dc
                                    • Opcode Fuzzy Hash: fb3c7a668eac7d6a0889641aa049f2da7cb4d8d366532496950c5e59dc5527fe
                                    • Instruction Fuzzy Hash: D8F06D357104109FD755A76CD48897D37EAEFC9A10B1940FAE60ACB370CE60DC02CB60
                                    Function 06BEED68 Relevance: .0, Instructions: 37COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac87ac46994f2803ac7dcebd5e46608940ff118e402ed828e38c9bb125d9107a
                                    • Instruction ID: f3b0d80b2bc8cde6c062c33dad30168a1208a3fe8688c53226a3ff3a05b11d44
                                    • Opcode Fuzzy Hash: ac87ac46994f2803ac7dcebd5e46608940ff118e402ed828e38c9bb125d9107a
                                    • Instruction Fuzzy Hash: 47F02872A105489FC720EB7DD890CDEFFB5EFD6300B00016AD14497311D731A915CBA1
                                    Function 0243D744 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095467476.000000000243D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0243D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_243d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: effdda7ceefc3dfe1781e099e2a71bfdf920e3a90720e83f6cff358083174eec
                                    • Instruction ID: 48ec81bb1f065f03966d261423101789dcedfbe000a0eaed1cad7e10a69f1ad6
                                    • Opcode Fuzzy Hash: effdda7ceefc3dfe1781e099e2a71bfdf920e3a90720e83f6cff358083174eec
                                    • Instruction Fuzzy Hash: 83F06D75805784AEE7118E1AD888B67FF98EB85674F18C45AED084A386C3799844CAB1
                                    Function 06BEFBA8 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 944b2ea2fae4c2c4cb55da3a83e235b220b49aa00e62e5774bf05319d2d4653b
                                    • Instruction ID: 9707c813da057f8c1cad7de545e1623868af149b17b63723a5155cd37c72b306
                                    • Opcode Fuzzy Hash: 944b2ea2fae4c2c4cb55da3a83e235b220b49aa00e62e5774bf05319d2d4653b
                                    • Instruction Fuzzy Hash: C1F0B432F000605FD7059629E85456D7BABABC9B20715409AE405D7390CF31CC02CB85
                                    Function 06BE7FB8 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3842c226e4c56ceb466f6724314de75a73d4a566afa96a0030d7774e089a2a42
                                    • Instruction ID: 0e619831fc15d73ecdc5350553ed81468f8e19379e8dc2572ea9b5cb0403aacb
                                    • Opcode Fuzzy Hash: 3842c226e4c56ceb466f6724314de75a73d4a566afa96a0030d7774e089a2a42
                                    • Instruction Fuzzy Hash: B1F06231920A0997DB01BF6CDC1089DBB74EFA6321B01532AE98467254EF31E5A4C7A0
                                    Function 06BE8F81 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3b2245e58346149d3a00b7993a27e8afd06d70cae5b1c6943a67cfffd18b95d
                                    • Instruction ID: 09fa9f42ade3c11cbb647974c5f3492f1b08d785a099c787a2baf97360157aa0
                                    • Opcode Fuzzy Hash: f3b2245e58346149d3a00b7993a27e8afd06d70cae5b1c6943a67cfffd18b95d
                                    • Instruction Fuzzy Hash: 36F0E5A7B096541BE305412A69403D5ABA78BCE231F3F80B7C04DC7292A93A8C478342
                                    Function 06D37744 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cc64f4a312192dcadce7de692a2a74295e8145420d69b8e17289c221413b3c12
                                    • Instruction ID: 3198e53395c2b1e676d709e6327944060387d6cd2719d47a9dbc366a9da6f7c7
                                    • Opcode Fuzzy Hash: cc64f4a312192dcadce7de692a2a74295e8145420d69b8e17289c221413b3c12
                                    • Instruction Fuzzy Hash: BCF08272A04118AFDF84DF58DC409AEBBAAEF44214B10C06AB409E7214D671E9508798
                                    Function 06BE8384 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 622a37252db5eadaf6545859387d281dde82415ebe91c2c59d8240adcb9843b8
                                    • Instruction ID: bf45c51c6a4146223e2f1c88cdb7daaed9517ba51ded38e4e007fb303614e4b5
                                    • Opcode Fuzzy Hash: 622a37252db5eadaf6545859387d281dde82415ebe91c2c59d8240adcb9843b8
                                    • Instruction Fuzzy Hash: A9F0BE7060A351CFC355AB2994404767BB0EE8220035088EBD06A8B352C625D84ACB45
                                    Function 06BE5FF1 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72bfba793b51adcffdb2bfee1cdd3150a0363dd9359613500c4d0309fef66ada
                                    • Instruction ID: 56a83b4d32a13bd60fc80d5446abe7fe34bd8fc596cc7762b871c436ea6df09f
                                    • Opcode Fuzzy Hash: 72bfba793b51adcffdb2bfee1cdd3150a0363dd9359613500c4d0309fef66ada
                                    • Instruction Fuzzy Hash: 4BF0A0B3B106247BDF262F48A8505AE3B17DFD9720B154016E9098B362DE36896293E6
                                    Function 06BE4408 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 871238c6e930a402e01125d99e865608cfeba6af519d81f48ac5586ffa7e7c9f
                                    • Instruction ID: 1ac6381a91d0d9210290b18cbfbb0d878e6fb0993329d14546af4b343fd2003c
                                    • Opcode Fuzzy Hash: 871238c6e930a402e01125d99e865608cfeba6af519d81f48ac5586ffa7e7c9f
                                    • Instruction Fuzzy Hash: B4F06930A2120AEFCB04EFB8E44449CBFB1FF88301F2040ADD805AB358EE305A488F90
                                    Function 06BEBEC0 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: af068fd5b07fcacfbf39f80c5f7c23067b557310663afed6517aacea58240638
                                    • Instruction ID: 2a332161ebbe3d0f8928b6259d97fed0376685cfbb4492184c9daf0408f95088
                                    • Opcode Fuzzy Hash: af068fd5b07fcacfbf39f80c5f7c23067b557310663afed6517aacea58240638
                                    • Instruction Fuzzy Hash: 3EE02B73559BD01FEBA312246C921EA2F158F8221170D08DAE182E6152C69D0C4683A5
                                    Function 06BE45E8 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 899125c98b0ed499647ad7b2ebf06fab54c9b86ae72228a9370e4a816abaf9b1
                                    • Instruction ID: 06d808746cd910d1e59fc965475b886f9df22405011b010a8d4fe982545535f3
                                    • Opcode Fuzzy Hash: 899125c98b0ed499647ad7b2ebf06fab54c9b86ae72228a9370e4a816abaf9b1
                                    • Instruction Fuzzy Hash: 2FF0E236310102DFCB05EF38E950AA97BAAFF853047004669EA048F268CB31A821CFD0
                                    Function 06BEFBB8 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 25b0f38f286d9a0d5b60f8c66eb50445bb20131e2e7b80499de3c6d87adc8a68
                                    • Instruction ID: 3b5d5ba5b698f73726aef518f2a016ff45ce0ed821ac9fd13d829fc652aa9919
                                    • Opcode Fuzzy Hash: 25b0f38f286d9a0d5b60f8c66eb50445bb20131e2e7b80499de3c6d87adc8a68
                                    • Instruction Fuzzy Hash: 12E03035B005345B4B09AA69D81492E77EEEBC9A20310405AE409D7390CF70DC028B99
                                    Function 04D1C048 Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f34ac39f18a50b83ff68e370e8f2a5ea2746959569acabe1019d8f29ff7237d5
                                    • Instruction ID: ee01e615bebe15b3bdc7abf662f68acb35d1ec74824cc90e4b343aadc2e2e772
                                    • Opcode Fuzzy Hash: f34ac39f18a50b83ff68e370e8f2a5ea2746959569acabe1019d8f29ff7237d5
                                    • Instruction Fuzzy Hash: 73E068353942001FC30A1A0564213953FD9CFCB605F04806BEA468B3A2D460A80702E2
                                    Function 06BE3F5A Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 46c67f863dade623575c7e32dfe4121990aae3a50708fce979b2ca1066fe89a1
                                    • Instruction ID: 6e5beecaca150e7883d2013c41b295a87632b3d303ebbcfa192ec3dbff756d76
                                    • Opcode Fuzzy Hash: 46c67f863dade623575c7e32dfe4121990aae3a50708fce979b2ca1066fe89a1
                                    • Instruction Fuzzy Hash: 38F03471A14105CFEB809F68E8497EC73F0FB04316F4140A5E01AEB1B1EBB88989CBA1
                                    Function 06BE12FE Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d30f6a11c06d49395489bb9f658a2230af8f121baef5726b7e8742bb5a81b329
                                    • Instruction ID: 531eca7182c2f6dcacc2654036c5fd4fa3ae7c78acfff1e9abfd67b11f015b74
                                    • Opcode Fuzzy Hash: d30f6a11c06d49395489bb9f658a2230af8f121baef5726b7e8742bb5a81b329
                                    • Instruction Fuzzy Hash: AB01C475A00219CFDB14DF68D484E99B7B1FF48314F2185A9D545AB361CB34EC45CFA0
                                    Function 04D1B648 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1abe552027e92e52e0389ae0c69f828cf73e08e0e4b27e1d0801304ced08531
                                    • Instruction ID: d13db70b37ad8e9d489f94a74bbc5e21ea66148753faaf2ef58e65514db5e5f4
                                    • Opcode Fuzzy Hash: c1abe552027e92e52e0389ae0c69f828cf73e08e0e4b27e1d0801304ced08531
                                    • Instruction Fuzzy Hash: F8E0D839B052849BCB01162A742C38EBFAEDBD96617054057D906CB3A2DD68AC4286E1
                                    Function 04D1B1F8 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7fe357fc6e6f91c50a70d861a2c35c7b1b1f2abdd1ee07872d4aa5abadc4ab44
                                    • Instruction ID: 3ee981c8e53ab01120e69bb3657a4b12c12c0439d7ea8ae84e98041c0c740b2f
                                    • Opcode Fuzzy Hash: 7fe357fc6e6f91c50a70d861a2c35c7b1b1f2abdd1ee07872d4aa5abadc4ab44
                                    • Instruction Fuzzy Hash: 16E06571B016240B5708EB6AE40045AB6EBBFD8610318C17FC50D8B6A4ED30A8054A84
                                    Function 04D1697D Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 919356071c2dd38e8e4180da1146fc4f8d80f62a0ca925190cfac93ddd7441b4
                                    • Instruction ID: d6d1113bf5508423c90ef279e796e8ba5a588a406cad1f614467a3f32fab42cd
                                    • Opcode Fuzzy Hash: 919356071c2dd38e8e4180da1146fc4f8d80f62a0ca925190cfac93ddd7441b4
                                    • Instruction Fuzzy Hash: A9F05430A4420ADBDB14AFB5D0157AD7AB2EF44715F00843DD501AB250DF78D854CFA5
                                    Function 06BE45F8 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 265af21e256284d6b5ff020bf52724f11b8e0770f3d72813e11dcb218d8aa3eb
                                    • Instruction ID: 0a8b6895a605302f812f67f081c1809e31b81ca6159259d4213c0f39b163b9fd
                                    • Opcode Fuzzy Hash: 265af21e256284d6b5ff020bf52724f11b8e0770f3d72813e11dcb218d8aa3eb
                                    • Instruction Fuzzy Hash: 74F0A035311215DFDB05AF39E850CAA3BAAFF853543104569FA048F224DF759C01CB90
                                    Function 04D16430 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9d18064da601ed5f0f489ee77130138f70bfc0aa50e2c8bf96685923c4cd2535
                                    • Instruction ID: ce1e92013e85768bba35e670bb93ccd2d66e3fa3608474bdc3e065ceaf31d345
                                    • Opcode Fuzzy Hash: 9d18064da601ed5f0f489ee77130138f70bfc0aa50e2c8bf96685923c4cd2535
                                    • Instruction Fuzzy Hash: 5FF037B541D2C19FDF035B70B8752907F70BB43119B1545D7C880CB2EBE258548AC751
                                    Function 06BEBE80 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee2164688f58815b8a0775b59022e00cb83e249c1dd8b81120b3975f416433c9
                                    • Instruction ID: ac40759751f499036f8584a6fac15f81557c8a711bc7326adb0f483af41bd2b8
                                    • Opcode Fuzzy Hash: ee2164688f58815b8a0775b59022e00cb83e249c1dd8b81120b3975f416433c9
                                    • Instruction Fuzzy Hash: FBE0203375495007FA631178BC913FD5705C7C027270408E7E146D7650CA5D08474395
                                    Function 06BE6000 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a303cb4cc3fef8ae5495e1735d3ccb29c50f39f99573267b3604e3f561449136
                                    • Instruction ID: 551ca1bf6940432ea66f3a2528d75132e3084b6da5e70bf0d1247c96ac9c08ce
                                    • Opcode Fuzzy Hash: a303cb4cc3fef8ae5495e1735d3ccb29c50f39f99573267b3604e3f561449136
                                    • Instruction Fuzzy Hash: A1E0D8727106287B4F272F84B45087E3B5BDFC9B607104016FE0586321CF36995293F6
                                    Function 04D10E80 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f9991f13d65e8b2200f1cf9ac096b9724ad2150830de1bdd90ca4d75ddd912e1
                                    • Instruction ID: 4d094e2e964bdcbf71168ec6b38b0769b6f880be27a95f7998b60ca64e6d75af
                                    • Opcode Fuzzy Hash: f9991f13d65e8b2200f1cf9ac096b9724ad2150830de1bdd90ca4d75ddd912e1
                                    • Instruction Fuzzy Hash: FCE06D3264052497C200EF88F8824BAB3F8F7456653188856F90CDAA20E277DC67D784
                                    Function 06BE4E19 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b7b29700f2529a203ff99e2fae30ca4366c68fd1bd0193ea9630fa45865f7de
                                    • Instruction ID: e9d86c08ea402ea53efa73a0d20f26d62860af0c89a3bfa60a498ff447b94a12
                                    • Opcode Fuzzy Hash: 8b7b29700f2529a203ff99e2fae30ca4366c68fd1bd0193ea9630fa45865f7de
                                    • Instruction Fuzzy Hash: BEF09B727246508FC304DB28E484BE53BE6AF9A611F2980F6E049C7361D661DC01CBA0
                                    Function 06BE0668 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 20fa5868077b1e5def74dda353089ae841cb27c96bb07bb95d31ac34ae157bab
                                    • Instruction ID: 465641615b33d9c7c1f21274097ce7caa8db9e56f66aa64b069a786dcb4c7860
                                    • Opcode Fuzzy Hash: 20fa5868077b1e5def74dda353089ae841cb27c96bb07bb95d31ac34ae157bab
                                    • Instruction Fuzzy Hash: 92E0D8727441101FC304675D5C948A9BBE7DBCE52035640BAE10DCF362ED608C024795
                                    Function 06BEC9A8 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4d541d9299c0e3073ab8964a52dae496522fb603579e3d14d11856a254f6353b
                                    • Instruction ID: 5f71a71568e55d5b350e287a1ff6ff6a76d8112a9244faab30be687fe2788807
                                    • Opcode Fuzzy Hash: 4d541d9299c0e3073ab8964a52dae496522fb603579e3d14d11856a254f6353b
                                    • Instruction Fuzzy Hash: 38E0E5793101058BF7016A69D910B767BD9D748348F00506199159B38CDB5DDC0087D0
                                    Function 06BEC99A Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e0387881d655204015108857f68c0602f76bf3ce828ea46a962af848976020f4
                                    • Instruction ID: f9ac1b71544224030a03db2d37d32b207dd2486391434595aafa8850e34761cb
                                    • Opcode Fuzzy Hash: e0387881d655204015108857f68c0602f76bf3ce828ea46a962af848976020f4
                                    • Instruction Fuzzy Hash: 42F055BA310202CFF702BA75DA00B777B92DB48358F0011A58905AB38CEB6DDC0087D0
                                    Function 04D10A31 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e1e719221fbce0aaf8e4da20951a13c170767ee4ed8d953aff50ae15ad1aa1a9
                                    • Instruction ID: 5cc01465b70086736d090cf59d05e3b238833fd001f78fa4d21835192741c563
                                    • Opcode Fuzzy Hash: e1e719221fbce0aaf8e4da20951a13c170767ee4ed8d953aff50ae15ad1aa1a9
                                    • Instruction Fuzzy Hash: 7AF06D75E05209EFCB01EFA0E4815ACBF75EB05300B10809AD804DB30AE7769F069B91
                                    Function 06D3DF98 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cccbcde1ad3879eef7f3a73e9761c2958a79dc9d93e8357af2b836955608cea0
                                    • Instruction ID: 7a9288fc26dfdb9aded15ab996ade81b5879bd473d33de2929517fbd2924b726
                                    • Opcode Fuzzy Hash: cccbcde1ad3879eef7f3a73e9761c2958a79dc9d93e8357af2b836955608cea0
                                    • Instruction Fuzzy Hash: 88F015B4D04358EFCB54DFA4D045AACBBBAFB09300F1081A9E84897300D7719A50DF90
                                    Function 04D1A1F0 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cfd6a6ad3a7b46435a1b449b21d676b86c838518373d74e4cb4279e9a3827ac
                                    • Instruction ID: ccae9a926c0ef32af4376033965b2474bec910aa196827b43f7b25fda99e8f4c
                                    • Opcode Fuzzy Hash: 3cfd6a6ad3a7b46435a1b449b21d676b86c838518373d74e4cb4279e9a3827ac
                                    • Instruction Fuzzy Hash: FAE0DF332052420BD212A2ADE88008EF792EBC5224B148A6BD255CB256DAA4EC8687D8
                                    Function 04D16200 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eadc45bc0cb3bd6d04b33943cb369739e8ce1094b64a9bd9d19d52ea43f3f75e
                                    • Instruction ID: b21b406e90f4ccdaa60eb23a2770272d17b4fcf9516ec4e8841ea8c711a43858
                                    • Opcode Fuzzy Hash: eadc45bc0cb3bd6d04b33943cb369739e8ce1094b64a9bd9d19d52ea43f3f75e
                                    • Instruction Fuzzy Hash: 00E0E29AA0E3C00FD723023018A22802F20AB53286B6E02CBD080CA5A3E18A494FC392
                                    Function 04D18F48 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ff8c2d3e109d47d93e7724ca92902472dca75895c8515278e5cf91504a5769d1
                                    • Instruction ID: 4ef4f397e1847a1ff2750298bafd840cb910a3f74d6facdc51acca2dfcf84cf6
                                    • Opcode Fuzzy Hash: ff8c2d3e109d47d93e7724ca92902472dca75895c8515278e5cf91504a5769d1
                                    • Instruction Fuzzy Hash: 19E09279F08244AFEB05DF69A8405E97FF69B89124B1880EBE88CD7266EA306D418750
                                    Function 06D31FD0 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f991d6ffbcbc6ac3d7caa1c412d39180f2fe6d126d491645a7ed85c9abb04464
                                    • Instruction ID: 578730d662dfd8df681cb506616cc850dd64d77fec1a551d5ca26e40b2a6925c
                                    • Opcode Fuzzy Hash: f991d6ffbcbc6ac3d7caa1c412d39180f2fe6d126d491645a7ed85c9abb04464
                                    • Instruction Fuzzy Hash: 04E08634B10228EFF7145A569825B36355E97C8B11F104055F60DAF3C8DDD2DD51C7E5
                                    Function 06D31FC0 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cc58ca61e49afe2ac3487d99b78fd9ccd9858d0adcccb2e5e98d7c6335a619f1
                                    • Instruction ID: 30cdb084722acdb77dde0d80c065098dbe9b6a0230646f6c2c2f33e0ae854318
                                    • Opcode Fuzzy Hash: cc58ca61e49afe2ac3487d99b78fd9ccd9858d0adcccb2e5e98d7c6335a619f1
                                    • Instruction Fuzzy Hash: C1E0267BF04220DFF7200E518E12735360A9BC8B21F060456E50CAF3C8C9A1C855C392
                                    Function 06D33CB9 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 50941abcbb9a69b4c568c67269df1c888ae470dbafcca95e2bce51b285b9e392
                                    • Instruction ID: a1a2f5bef0197ce91d52efb93a0918df669e59be2a945ace01049f357fbdc1aa
                                    • Opcode Fuzzy Hash: 50941abcbb9a69b4c568c67269df1c888ae470dbafcca95e2bce51b285b9e392
                                    • Instruction Fuzzy Hash: 4BE0264164E2F88FE71647340A211A17F996A0220471E0096E084CA242C909C544CB73
                                    Function 06BE9438 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 928d0ac224b4d6862e267ddf4d6af0db90c7b34787baa3f825c247dec8b54630
                                    • Instruction ID: f2a6f5484ef2c3ceda5be5189ed6536f35b75c77398eea7ecf9e520fc827558d
                                    • Opcode Fuzzy Hash: 928d0ac224b4d6862e267ddf4d6af0db90c7b34787baa3f825c247dec8b54630
                                    • Instruction Fuzzy Hash: EEE026B794D3910FEBB242242891289BB51EB51220F2948CBD0E0C70E9C1594A4E8391
                                    Function 04D187DE Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b9e9068fb72f90ae87557f3cbd7b3f0cd5da98923d96d478b744625d5d1c7919
                                    • Instruction ID: 25fd84473a14325b0a346e99d8f1aebf303e74e2ef7dd1dca7ecfc62b8b0a9a6
                                    • Opcode Fuzzy Hash: b9e9068fb72f90ae87557f3cbd7b3f0cd5da98923d96d478b744625d5d1c7919
                                    • Instruction Fuzzy Hash: 59E01A76E5011DEADB14AB92F5047EEBB70FB45726F200812E652B15A0C7351594DA90
                                    Function 06BE0678 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 99176cba9ca2050166e27347f4b94bbafec3f3bb905eaea5f268a5fb1cdc7f22
                                    • Instruction ID: f428c1b38057d241949a04d2549a18db0915b3800e8ed5327f080f62e7b27086
                                    • Opcode Fuzzy Hash: 99176cba9ca2050166e27347f4b94bbafec3f3bb905eaea5f268a5fb1cdc7f22
                                    • Instruction Fuzzy Hash: 03D012367140205B8318665EA8848AEB7DEDBCD96175540BAE10DD7311DD619C0647A4
                                    Function 04D10624 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3d6157ef2ac809469dcf973c3e2bde39cc55b666663ce0a86930ccb58f55ec19
                                    • Instruction ID: 4ad61d852b86bcbe872327e5581e7d60864eef2c9ea3170d947cacb8b734283b
                                    • Opcode Fuzzy Hash: 3d6157ef2ac809469dcf973c3e2bde39cc55b666663ce0a86930ccb58f55ec19
                                    • Instruction Fuzzy Hash: FEE0C277245218BF9B126B89AC44CE6BF9AEF49330708C956F60A47532C612E850EBA5
                                    Function 04D1B1E9 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a1046da1f50938597a825437d59739b172e990077af00c985c8636bd2b76a01
                                    • Instruction ID: 7cca00a69f9a14bfa5ee3fed5255dcfa2481bba50002f7d7091b9d8a01e259fa
                                    • Opcode Fuzzy Hash: 1a1046da1f50938597a825437d59739b172e990077af00c985c8636bd2b76a01
                                    • Instruction Fuzzy Hash: 63E026716042A01FC3289675E8508AEBBB3BFD5310718826FC449CB282E9755846CB84
                                    Function 06BE4E28 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ea14088701f69a7e4249a04ecbc79a28e43b56588b268ca11007aaf3b02e3c4
                                    • Instruction ID: 0eb363376360ae9174ce96a4a25d2e942e369559d1152244102c345e53950ffb
                                    • Opcode Fuzzy Hash: 0ea14088701f69a7e4249a04ecbc79a28e43b56588b268ca11007aaf3b02e3c4
                                    • Instruction Fuzzy Hash: 60E04830314650CFC714D76DE484EA57BE5BF8A511F1444EAF085C7365CB61EC00CBA0
                                    Function 06BE9C3A Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 051ab0e4e12c3ad4316726c0628d327c3423e9c9ff954008b924a5fe0814c211
                                    • Instruction ID: 9bb1d54db22f7a88ca1cbf9555632d01f8c96b726758c95fb291cf676a42061c
                                    • Opcode Fuzzy Hash: 051ab0e4e12c3ad4316726c0628d327c3423e9c9ff954008b924a5fe0814c211
                                    • Instruction Fuzzy Hash: BCE08679B161548FD791F63CF8507AAB7A2C781215F14A168F104E775CDB34D8068BD1
                                    Function 04D10D60 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6df2adf7594f70e7474742e92122aa99e9beec92a1a01c51c1ac45fe40365201
                                    • Instruction ID: b8ff44d3e96437a6d25d7bc17621b69a8869b827e3d93b4771833c393cc98a0f
                                    • Opcode Fuzzy Hash: 6df2adf7594f70e7474742e92122aa99e9beec92a1a01c51c1ac45fe40365201
                                    • Instruction Fuzzy Hash: 37E0C2371011147F8B032B85E881CC9BF96EB09230708C396F21D4B6B2C652C460EB90
                                    Function 04D12823 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b74dfd6ba7557ce989c1d15aa0c0155684afb2c99081564d404ee0fb03a47ef
                                    • Instruction ID: 44a34de3e93a38266d43b7cf1dd381955561bc36441088e9d36b95082d830cdc
                                    • Opcode Fuzzy Hash: 6b74dfd6ba7557ce989c1d15aa0c0155684afb2c99081564d404ee0fb03a47ef
                                    • Instruction Fuzzy Hash: 00E0E6366100109FC715DB1CE4857D937A5FB4A354F1941F7E959AB325D276A8438780
                                    Function 06BE7F68 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dcb8b8b5fa171c9e7d1c72e3e1429e32eb669718be0bfa32b7f63daf081564f7
                                    • Instruction ID: 65ea3b1120bbda208abad4cef7a57ef9dc83b66ce1f459e23ec7be36cd59ea4b
                                    • Opcode Fuzzy Hash: dcb8b8b5fa171c9e7d1c72e3e1429e32eb669718be0bfa32b7f63daf081564f7
                                    • Instruction Fuzzy Hash: 7FE0D8720182996FDF11CF64D8449DA7FA6EB05325F0543C5F8949B193C73246A3D751
                                    Function 06BE45A0 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6343bbe5c4927446f42f9a7573fb817c68b47a7213d09fcdf10c8435294d094b
                                    • Instruction ID: 058f89e4628c1771b94369bbb94bc11defb0bd4f5172b235ab2627e3375f21c8
                                    • Opcode Fuzzy Hash: 6343bbe5c4927446f42f9a7573fb817c68b47a7213d09fcdf10c8435294d094b
                                    • Instruction Fuzzy Hash: E3E0A932D00149EFCB11CBA0C9448CDBF32FB45304F1082CAD8256B280DA312B12CB80
                                    Function 06BE82EC Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 86217f0ea899bf46c1b540a1d6fc0c80302dc92558854198c4b38fefca687f3c
                                    • Instruction ID: f8f69ed023614b68b88f80d47d05db00f615bd6b06f066c06aafa942e1b74c50
                                    • Opcode Fuzzy Hash: 86217f0ea899bf46c1b540a1d6fc0c80302dc92558854198c4b38fefca687f3c
                                    • Instruction Fuzzy Hash: 05D0957764402046D6B0F514BCC17D93351FFC4300F28CD87E092E7144C519C5868191
                                    Function 06BE7031 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64b4c03bc2c26be444c8a371ed00222d1cea693acd333f3cc8d2bbb1614bbe75
                                    • Instruction ID: d9846c015f981368b63baaac6c2f796609c185860b05d9b44bed817fd38f8d3f
                                    • Opcode Fuzzy Hash: 64b4c03bc2c26be444c8a371ed00222d1cea693acd333f3cc8d2bbb1614bbe75
                                    • Instruction Fuzzy Hash: EFD05BE3B4482513DBA532746C3117C26464B95920F0911F5C56DC7391DF4E4E1382DB
                                    Function 04D1B658 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28a71026a447d4f8ef051c9c2143fcab97c1dad682462a5c99d2557a1d333e11
                                    • Instruction ID: d1170a4a50073476f2af46937057cf0044640c3cb5c464a1b846fb4d87d44539
                                    • Opcode Fuzzy Hash: 28a71026a447d4f8ef051c9c2143fcab97c1dad682462a5c99d2557a1d333e11
                                    • Instruction Fuzzy Hash: F3D05E397001558BD604226EA42C79EFA9FDBC8761B04402AE90AD7390CEB9EC428AE5
                                    Function 04D14B18 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30ff5a6a36fd01a6dbb866793f05f28fbffa37eeb48ccf77384e4704b0a008ca
                                    • Instruction ID: bbf0c0581bf60302a5ee61b1295e6b49ff9a11b242f352a5ec23ecf1723aec8f
                                    • Opcode Fuzzy Hash: 30ff5a6a36fd01a6dbb866793f05f28fbffa37eeb48ccf77384e4704b0a008ca
                                    • Instruction Fuzzy Hash: AAD05E323501249FC3149BB8F948E9277ECEB48A69B0180A6E60CCB261DA62EC108790
                                    Function 06D376D9 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df5863f56ab0e70f13ccb30b4117b0536e992cb7e46787640fa42d111843b8cd
                                    • Instruction ID: 0570b23175f3a52058381e0f4a1cec761565c7d3e4ab985f3e047461bc745a3b
                                    • Opcode Fuzzy Hash: df5863f56ab0e70f13ccb30b4117b0536e992cb7e46787640fa42d111843b8cd
                                    • Instruction Fuzzy Hash: 8CD0175744C7A19AE7923B7888A13CA3F208FA2304F055097D2C484092D424C49BE6AF
                                    Function 06BE3F1E Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: da35a6bc89bfae7eb0834f274919e2e8ecbbb0b8856a902fa4d744a1cf250d03
                                    • Instruction ID: d7df91c1a9e9275a9f60a414b91784eeeeed22692adaf972d092475aeff621a7
                                    • Opcode Fuzzy Hash: da35a6bc89bfae7eb0834f274919e2e8ecbbb0b8856a902fa4d744a1cf250d03
                                    • Instruction Fuzzy Hash: 38E01A31A10015CFCF849F68E8487EC73F5FB44216F4140A5E119EB1B0DF789985CB50
                                    Function 06BE3351 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfb77be452714ad461346f47bbe0d646c398d670a23fa45f6672da200c7315df
                                    • Instruction ID: d74da1dcb019dc004fc53b8345e54552effdc7429e947c7f78b34aec0c2c75d9
                                    • Opcode Fuzzy Hash: cfb77be452714ad461346f47bbe0d646c398d670a23fa45f6672da200c7315df
                                    • Instruction Fuzzy Hash: 9AE0C27270514187F711BA7195597AA3787EB94316F49449AA0048B1C9EB28C812CB61
                                    Function 06BE70E9 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0292f1afc8845efc19e1593c52c09936fa1bc491dbcdf0d12bb33adce76282e
                                    • Instruction ID: 30e61a6fecfa399ee008cc7b91581a835b26eceb8d6a1114fe7c7fa628fa36a5
                                    • Opcode Fuzzy Hash: f0292f1afc8845efc19e1593c52c09936fa1bc491dbcdf0d12bb33adce76282e
                                    • Instruction Fuzzy Hash: 45E01AB1810218DECB90EF78DA045897BB4EB09252F01C9BAE8499A112EA31C698DF41
                                    Function 04D10A40 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28a6ad9ac71d96b7668f70901d98510c01bb4e1237955014c20287bf6711d36e
                                    • Instruction ID: 1a296b0de4b991ff5b849dcdcf40864098c696f8677e4d7b7943e61a4a8f4c68
                                    • Opcode Fuzzy Hash: 28a6ad9ac71d96b7668f70901d98510c01bb4e1237955014c20287bf6711d36e
                                    • Instruction Fuzzy Hash: 86E08634A01209EFCB00FFA5E44056CBBB9FB443007208199D804D7308EB336E009F95
                                    Function 06BE9C88 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b1310b0845aaf037c4372520e810e22cc8a183808def802413e0f452c2333b8b
                                    • Instruction ID: d2c00a45ee272b6ca5b103990d28df0b8c0d4bbd2fdf43e5d44de77313cc79d0
                                    • Opcode Fuzzy Hash: b1310b0845aaf037c4372520e810e22cc8a183808def802413e0f452c2333b8b
                                    • Instruction Fuzzy Hash: C5E026B5B09380CFC398EF30D4404263BA3AF81305B2588FEC0594B3A1C736D881CB04
                                    Function 06BEBDB8 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 68ef256c9c3dc674d5734a7c62b4aac66c58ae23d41d83995ec1e65bac7aa78e
                                    • Instruction ID: 5c921b25d9662692de2b8e41ee1a07623918456bf1b6ddf9aa58a76f4a27ad50
                                    • Opcode Fuzzy Hash: 68ef256c9c3dc674d5734a7c62b4aac66c58ae23d41d83995ec1e65bac7aa78e
                                    • Instruction Fuzzy Hash: 59D012226495944B8716137938214ED3F7A4AC712131900F7E085C3162CD850847C759
                                    Function 06BE45B0 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 02962495ed789a4fd749f6c6961313a52afdf8953e9e06d1128bc79cea47705c
                                    • Instruction ID: 76565030dc9b899adc1951784814da7a74b1376a5e94051051c2317a8c679701
                                    • Opcode Fuzzy Hash: 02962495ed789a4fd749f6c6961313a52afdf8953e9e06d1128bc79cea47705c
                                    • Instruction Fuzzy Hash: FFE07E75D0020CEFCB50DFA4D9858DDBBB9EB48200F1082AAA919A6204EA306B159B81
                                    Function 04D1C058 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea6221245ec0e186c5d2b66e3ada84526d4e2d4ae1f25c5283115668a643abd1
                                    • Instruction ID: 186194fd7e6be85e82b89b4055f4ec66c0aa2057bcf39c29ee6f13edc59aaf28
                                    • Opcode Fuzzy Hash: ea6221245ec0e186c5d2b66e3ada84526d4e2d4ae1f25c5283115668a643abd1
                                    • Instruction Fuzzy Hash: 02D05E313042241BD70D6A49A12079A76DA9FCD754F04C06BEA098B390D9B1AC0046E9
                                    Function 06BE8FA8 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ada65d129925f1f3fd1642d30241191aa136941ebc76c4192878ff10effc1a8f
                                    • Instruction ID: 6f0e0219cd1f830989dfeb15821598fb2a1937a17d12e0c85e56c8e26daac6a2
                                    • Opcode Fuzzy Hash: ada65d129925f1f3fd1642d30241191aa136941ebc76c4192878ff10effc1a8f
                                    • Instruction Fuzzy Hash: E7D0A73670821427D718526FB4046B777DFDBC9225F0984BAE40D872418E7E5C03C790
                                    Function 06BE7F78 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44ff8096a331cee9f8fc0f4af41e6927205a39a0ee5b4fb4aa65690e9e17bce2
                                    • Instruction ID: 04dfeb9e9bfa07dcc6270db01235bcb916ba34ffcb69abc63eaa6dfd1a995272
                                    • Opcode Fuzzy Hash: 44ff8096a331cee9f8fc0f4af41e6927205a39a0ee5b4fb4aa65690e9e17bce2
                                    • Instruction Fuzzy Hash: 97E0E23180020DAFCF00DFA8D8459ADBFB9EB44311F5185A5FC48E6251E7329BA4ABA1
                                    Function 06BE6258 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ae576fe7efa21fa6e3ec91fe5f3f8c4c0e679aed0a62d2fbaa69e2e8d89c2335
                                    • Instruction ID: 863c4a250f9ecf20786507c8e61f01d7caeed54d3062f1eb9fad4f4d39b1134f
                                    • Opcode Fuzzy Hash: ae576fe7efa21fa6e3ec91fe5f3f8c4c0e679aed0a62d2fbaa69e2e8d89c2335
                                    • Instruction Fuzzy Hash: 09D05BB35041147BD7015754DC00985BF9A9B9D715B198065D5888B161E527D51387C3
                                    Function 04D1D1C8 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3f3c58fbe123986e5581a55def5fbcf4685969d97d52d681793dd0082bcd6346
                                    • Instruction ID: 6fb9bd722a55475b462e199fda0962324038143b6dca38570e44b45deafe3d7d
                                    • Opcode Fuzzy Hash: 3f3c58fbe123986e5581a55def5fbcf4685969d97d52d681793dd0082bcd6346
                                    • Instruction Fuzzy Hash: DCD0A7A9D0DB505ED72B1A6234001017FD8DF92215715849F9C989B672C23C684043D0
                                    Function 06BEFCA0 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b18d51382578f9c317a9505c8e3bf540a6869ea362f6c180ab40dd0c811bcf95
                                    • Instruction ID: f811b592555b0b1733411f0e7e05ee7dd601d94d011e893c952d1b603d52241a
                                    • Opcode Fuzzy Hash: b18d51382578f9c317a9505c8e3bf540a6869ea362f6c180ab40dd0c811bcf95
                                    • Instruction Fuzzy Hash: 1AD0A7B1B0C7504BC7563B3468162693B5A8F82515F0400FFDC258B6E2DFCC096583C6
                                    Function 06BE70F8 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8a9f0a90aeb5f5b4b67b39586f649613857b27e4bbf671d8d6cf05fdd7c389d2
                                    • Instruction ID: c812ef32caf8286f1f93e7f818a965284d834180cf9e9bd8d0898bd66d5aaa55
                                    • Opcode Fuzzy Hash: 8a9f0a90aeb5f5b4b67b39586f649613857b27e4bbf671d8d6cf05fdd7c389d2
                                    • Instruction Fuzzy Hash: 50E0EC7182071CDECB80EF74D9094997BF8EB05251F00D97AE809DA100EB30D298DF81
                                    Function 06BE7040 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5deb649bf8bae2b4a505903a217b20d96130277319f56eca303d01afac722fda
                                    • Instruction ID: c25556023c4c995c257e350439c6b2a6fe5be9d85820a4697b08cef2c09721f1
                                    • Opcode Fuzzy Hash: 5deb649bf8bae2b4a505903a217b20d96130277319f56eca303d01afac722fda
                                    • Instruction Fuzzy Hash: C1C012F27848391348E931786C3617D314E8B81864B0820F9D52AC7791CF4E1E1282EE
                                    Function 04D14C5B Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9653d97681daf4608d9bf0f98559846f9270579bff8ba1acf01f18eaed1a9b8c
                                    • Instruction ID: 2fe89e8720ccf3d4cda3b07097d9e38ba14df3198d58ca01e564eb4a65fe1268
                                    • Opcode Fuzzy Hash: 9653d97681daf4608d9bf0f98559846f9270579bff8ba1acf01f18eaed1a9b8c
                                    • Instruction Fuzzy Hash: 34D0C9736801507FDA0126A468429F9BB2AEB85768B640089E6449A112C6979D53CBA0
                                    Function 06BEBE90 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 787ba313406c5aa749889366baf414f8dc6f24ad032940e7979c1c751d96de1d
                                    • Instruction ID: c231d6f30db068b7e8dd49f7613647a936cafb3afc27fffee8fa2d938769763e
                                    • Opcode Fuzzy Hash: 787ba313406c5aa749889366baf414f8dc6f24ad032940e7979c1c751d96de1d
                                    • Instruction Fuzzy Hash: 13D02233250E2043A9B62658DC8226D738DCBC022270808AAE202D7B50CEAC988083DD
                                    Function 06BE5FC0 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2dc9991ae3ab550d29d55f24d101664a86b1037ac71d58c958eb3ed1c4396e53
                                    • Instruction ID: d6f8bfe6968253cfb34cccc1d9e1910f429e9b3736431699ce24af1b46fc22ba
                                    • Opcode Fuzzy Hash: 2dc9991ae3ab550d29d55f24d101664a86b1037ac71d58c958eb3ed1c4396e53
                                    • Instruction Fuzzy Hash: B9D0177290011CBBCF029E84E840AEA3B68EF05260F048026FD186A220C772A960ABA1
                                    Function 06BE2ADC Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d18d22b9285113bb4b970b92b7c9b2a71d97feee1206309ef9124da962394294
                                    • Instruction ID: 8f9aecb9c977bb38d09371f305cb908203ea5eea06f644b9b02b474ff0a25f1c
                                    • Opcode Fuzzy Hash: d18d22b9285113bb4b970b92b7c9b2a71d97feee1206309ef9124da962394294
                                    • Instruction Fuzzy Hash: CDD05E30524605CFC300BB2CD8458B5B7A4FF85705B040595E105A7225EB21F944C649
                                    Function 06BE3360 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c5c23b0157a5c7e16fb46834d17b7005fbbfb6811f0c4d8986315092fd77082
                                    • Instruction ID: 4a52a24972ffe1aafd5ef030fafaeec42ea2a7d7c7f20d57711c169a6cf58a8b
                                    • Opcode Fuzzy Hash: 1c5c23b0157a5c7e16fb46834d17b7005fbbfb6811f0c4d8986315092fd77082
                                    • Instruction Fuzzy Hash: F9D0A73030120487F7103FB6545573A33CEFB94606B4580955505C7188EF2CD8409A75
                                    Function 06BE70B1 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fab123b9e642761f3e84da1cefbf2850329d359f32c0158c008895e9dcf0b0cb
                                    • Instruction ID: 9633248132ed464095236ec6755bbc97a7500388cfa51fdb50a8c34d65c029e7
                                    • Opcode Fuzzy Hash: fab123b9e642761f3e84da1cefbf2850329d359f32c0158c008895e9dcf0b0cb
                                    • Instruction Fuzzy Hash: D3E01272914A448FD301DB38D8459A4BB71AF99715B1A0295D1499B222F622D8158B01
                                    Function 04D12518 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5fc1357296fb5eef44b4526aed5b47fe10db334c7a9c20c54f3d5341717bab0b
                                    • Instruction ID: f27940c5e09cb18a19b5a6bad47d10471f124dc2d06abd4a14e34341945afbb7
                                    • Opcode Fuzzy Hash: 5fc1357296fb5eef44b4526aed5b47fe10db334c7a9c20c54f3d5341717bab0b
                                    • Instruction Fuzzy Hash: 07D05E3700814CBFCB036BD0EC55D90BF65EF59200B0980E2ED4C8E032D6A28665EF51
                                    Function 04D15BC6 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c70aa636235b324b4a748a2860519d1ba02e2060f9f7d67bd8d3a359e4dd0dfa
                                    • Instruction ID: 29d3abf5e43f7e5f455c512dcb5ca55ea8f17ae3670bd24ad69ed6cfa577d812
                                    • Opcode Fuzzy Hash: c70aa636235b324b4a748a2860519d1ba02e2060f9f7d67bd8d3a359e4dd0dfa
                                    • Instruction Fuzzy Hash: A1E0B674640209DFD704DF60D595A6977F2BF88304F254458D402AB371CA75AD45CF50
                                    Function 06BEBDC8 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d740156e373e28440b2e3abcff581534ef4b1ea8644edc7e6aa3de3007c021f6
                                    • Instruction ID: 2daaecf0b1731829c4073449f494fb948e356f2c9fc54fe4c710a537b0cdb082
                                    • Opcode Fuzzy Hash: d740156e373e28440b2e3abcff581534ef4b1ea8644edc7e6aa3de3007c021f6
                                    • Instruction Fuzzy Hash: AAC08C33710824130609219E78048AE779ECAC9932708007BF10DC33008ED09C0242ED
                                    Function 06BE30A9 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a028b72bb13f66f3b13ef9ee42791b3ff720e7eda942d1ddddc6ff2c966cd903
                                    • Instruction ID: 98d54ce995ed0a08b226297a633de9161ac006fce4d164a4cbc384291ded4fef
                                    • Opcode Fuzzy Hash: a028b72bb13f66f3b13ef9ee42791b3ff720e7eda942d1ddddc6ff2c966cd903
                                    • Instruction Fuzzy Hash: 85D09EBB405004AFD7425B90DC04D857F669F59311F1A8091A50C4F172D672C962E751
                                    Function 06BE29E0 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a120153344e67a9c36759967dc745165f0692a6b76447f437df882d135e1b18
                                    • Instruction ID: f701ccda77ac37cea8b7042d0281cff9a3d8bf3ccade5dbfc6043b6fd20f5723
                                    • Opcode Fuzzy Hash: 0a120153344e67a9c36759967dc745165f0692a6b76447f437df882d135e1b18
                                    • Instruction Fuzzy Hash: E2D052B79052608FD3010F08B8483D93BDAEFCA322F2F00BAD4848F206C27688038782
                                    Function 04D1C761 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ba28927cb2e49e67a342fefd860a816cc50e3abe5d9244e8d5294208edb2451
                                    • Instruction ID: cb76ceb0708cc8775257c2bd5af0b1816314771ea8ca706e4b5aa745582cd55f
                                    • Opcode Fuzzy Hash: 7ba28927cb2e49e67a342fefd860a816cc50e3abe5d9244e8d5294208edb2451
                                    • Instruction Fuzzy Hash: D3D012BA919344FEE7224E6656043013A61BB13A5AF3541E7C8CDCE173C7652805D3A6
                                    Function 04D14C60 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7605b987148b5608968036e44f49c83c4229196361b89aae012ec3617cfa44fe
                                    • Instruction ID: 8d0330d417fa071ccdd240aa5339b08feb3bdba508a36ad886cc34a380bdcfd0
                                    • Opcode Fuzzy Hash: 7605b987148b5608968036e44f49c83c4229196361b89aae012ec3617cfa44fe
                                    • Instruction Fuzzy Hash: C6C080333401147FD50135C46C01D567B1DEB45768B5400C9F7041F112D553EC1387D0
                                    Function 04D169F0 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a3f576ace2414e435018b1b3d1fa097b10e61b9368fb1322bebb7eb668cc414b
                                    • Instruction ID: f16cd5f3c1b207f8e6eb20f391c2888dd24a1e09ca511749e329e4003e4df0a6
                                    • Opcode Fuzzy Hash: a3f576ace2414e435018b1b3d1fa097b10e61b9368fb1322bebb7eb668cc414b
                                    • Instruction Fuzzy Hash: 0BE042B5A40109DFD710DFA8E5A9AADBBB0FB08315F20845AD916BB261DB74A844CF50
                                    Function 06BEFCB0 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3d21838f262e1fff9b74383eec4cfa60259f234fd50bcc55ba88b6612d58172
                                    • Instruction ID: fe08ddf265fb0c43e672897f69f85651cfbf44a70af8b3c74befb67fd95b3453
                                    • Opcode Fuzzy Hash: c3d21838f262e1fff9b74383eec4cfa60259f234fd50bcc55ba88b6612d58172
                                    • Instruction Fuzzy Hash: DEC08C71308B2803CB993269680627E728D8F80529F0000DEEC2A477808FC8196082C9
                                    Function 06BE6268 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 46fbb499974ffa4cf64af94eb6eae5928938cf30d44e97fc453ff72062784b58
                                    • Instruction ID: 7827f8152d232ea5f3ef510c4402033de18ec56772dbf7b92a8fe61ecf395c67
                                    • Opcode Fuzzy Hash: 46fbb499974ffa4cf64af94eb6eae5928938cf30d44e97fc453ff72062784b58
                                    • Instruction Fuzzy Hash: 07C012331001187B4A41AB95D800C86BBADAF49654304C0A6E5088B121D623E55297D1
                                    Function 06BEEC5A Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71a1f2553cb506491170b01515acd63454b30e91226ead4334dd81291650fa1b
                                    • Instruction ID: 5ee843d925887f10bddc6ec9e2e45d46d2446c9f54133d835ccfad215a564e4b
                                    • Opcode Fuzzy Hash: 71a1f2553cb506491170b01515acd63454b30e91226ead4334dd81291650fa1b
                                    • Instruction Fuzzy Hash: 00D0C7765041049FD740CF24D445ED97BB2FF54324F1580A5E84947722C332D917CF40
                                    Function 04D12528 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1640016d7b1522d43ab248327bc411610a219390d61b4efb1778a4b4c9539388
                                    • Instruction ID: 794b28c37f93a561c2342ee3adae7813db216c5253a22ad7c8637199cfa7f3ba
                                    • Opcode Fuzzy Hash: 1640016d7b1522d43ab248327bc411610a219390d61b4efb1778a4b4c9539388
                                    • Instruction Fuzzy Hash: 9FC00237004108FFCB426BC0DD44D45BBA9EF98210B49C091F64D4E532D672D560EF55
                                    Function 06BEEC30 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 37d36beec30f60fda31707dd80598048eabe7afc4b22eb2b5dd75aca72c64432
                                    • Instruction ID: 392e37fab66cf2523b4000842e0caef3b6ade644e8dcf3c0933d1c664710d728
                                    • Opcode Fuzzy Hash: 37d36beec30f60fda31707dd80598048eabe7afc4b22eb2b5dd75aca72c64432
                                    • Instruction Fuzzy Hash: 34D012F4A8C7408FC751AB748414699BF52BFBA208F56525FC19005201C66200B68751
                                    Function 06D3CB20 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 595909f9b5f6f946eba75105aee207fa13e5bfa0b170904169c74410f68fbd56
                                    • Instruction ID: d1ba47aa0a6a4ebe7a99a949b45af4e07608c697f3fc5fcb43c46d7890027d01
                                    • Opcode Fuzzy Hash: 595909f9b5f6f946eba75105aee207fa13e5bfa0b170904169c74410f68fbd56
                                    • Instruction Fuzzy Hash: 9DC08C30011B048BC22427D4E50F3383BACAB00702F401158F44C480118F690840DA91
                                    Function 06BE30B8 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e3e769b5d305b4d8b1b40013186f4e5d464f1b1a72985d2ec039de4edd632f22
                                    • Instruction ID: 632797e7e3ea27e5d90fa5c0e82b91ab6cfe04ed66f6b2000e8eaed842b68ac7
                                    • Opcode Fuzzy Hash: e3e769b5d305b4d8b1b40013186f4e5d464f1b1a72985d2ec039de4edd632f22
                                    • Instruction Fuzzy Hash: 92C0023B000108AE8B426B94DD08C85BBAAAB49250705C0A1A6094E132D772D9B4EB55
                                    Function 06BEEC68 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                    • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                    • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                    • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                    Function 04D15BEE Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098801206.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4d10000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e853c85948f2091032022c0913b35f927a45b9e0ee88a3028c0318c809c12230
                                    • Instruction ID: ffbf932fe9a6f9ae65def8cfb4350b5ebe5fc57b536f19b8d5be2b2f99eae43e
                                    • Opcode Fuzzy Hash: e853c85948f2091032022c0913b35f927a45b9e0ee88a3028c0318c809c12230
                                    • Instruction Fuzzy Hash: B3B09234A01225CFC708DB30C86086973B2BF8D3957658868C002DB2A4CA369C81CE10
                                    Function 06D376FC Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7c04a3c463d3a540e9f60fa03e1956900440cebf845a2d08015ea5358248e0fd
                                    • Instruction ID: 6cbe975ff00de4cae8b47f2ad6c7cf4fcaa2c6320c8c1ce1c9461033f2a7918d
                                    • Opcode Fuzzy Hash: 7c04a3c463d3a540e9f60fa03e1956900440cebf845a2d08015ea5358248e0fd
                                    • Instruction Fuzzy Hash: 9AB012A7694721E9F58036644C4092BA520FBB1700F00EC15334660040C431D4A5F13F
                                    Function 06BE2840 Relevance: .0, Instructions: 7COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f19a19c3f50722f794fee9528fd73f3379baaf42295acdf80bf34fdfb2db67f7
                                    • Instruction ID: 05a9d546a6eac95ec01ebeabe1567dfb480b5d9787d5e49daa1d4733428483c9
                                    • Opcode Fuzzy Hash: f19a19c3f50722f794fee9528fd73f3379baaf42295acdf80bf34fdfb2db67f7
                                    • Instruction Fuzzy Hash: C8B012D7C046401BEF2108000CC43C32F8263AA711FEF0085C4404F282E014A5179603
                                    Function 06D34540 Relevance: .0, Instructions: 3COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 549b1e73eaee8c00bc60415c5d274c26a6687078f9f95d9ca988706786c78525
                                    • Instruction ID: e6e8a9648b2417b038d50fb227a54f877f06c8ea3f91f16ac8c4048d9c1d7da7
                                    • Opcode Fuzzy Hash: 549b1e73eaee8c00bc60415c5d274c26a6687078f9f95d9ca988706786c78525
                                    • Instruction Fuzzy Hash: 08A011B0808208AAE3200E0080082283FB0A308B08F008028A00220200CBBC82808F80

                                    Non-executed Functions

                                    Function 04C30040 Relevance: .3, Instructions: 315COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dff534534493eb14f8f953126a12c2bdfc6df04177379f7ab01c86c431304654
                                    • Instruction ID: fb506de3d33b85f20ea6a5b119d22f789cc46a2603b4da32f4d039c415dcd083
                                    • Opcode Fuzzy Hash: dff534534493eb14f8f953126a12c2bdfc6df04177379f7ab01c86c431304654
                                    • Instruction Fuzzy Hash: 241286B4C927458AE310CF65EC4C1893BA1B741314BD26A19DA613B2E1FBF4166EEF4C
                                    Function 09C819D8 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f3f24d2f26e09081bd11bf36e07c6c718e1e463309a961dd380d735e32d9c49
                                    • Instruction ID: c6e9f7ee9896c8416b46898197b68c3d5debfd006072f76436393ab5f21bcf18
                                    • Opcode Fuzzy Hash: 5f3f24d2f26e09081bd11bf36e07c6c718e1e463309a961dd380d735e32d9c49
                                    • Instruction Fuzzy Hash: CFE1FB74E042198FDB14DFA9D584AAEFBF2FF89305F248169D414AB356D730A942CFA0
                                    Function 09C815A0 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c08a29fda94acdd3e32524e7f317ed11bb052c411777079b9d43be9bace9250b
                                    • Instruction ID: eef53a950233479fe57db9ea34c62b04901e83e5afcd0c2725e32599d7f040e2
                                    • Opcode Fuzzy Hash: c08a29fda94acdd3e32524e7f317ed11bb052c411777079b9d43be9bace9250b
                                    • Instruction Fuzzy Hash: 42E11B74E042198FDB14DFA9D5809AEFBF2FF89305F248169D454AB35AD730A942CFA0
                                    Function 09C81168 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9415680372fd67cc02e42fd5eea3fdfc79dca1d78f98cd32dae6555800c15512
                                    • Instruction ID: ea6c43b92dd31318d6a44f63a03115d3fefb7d1badc76d859d19b5ed03b46a32
                                    • Opcode Fuzzy Hash: 9415680372fd67cc02e42fd5eea3fdfc79dca1d78f98cd32dae6555800c15512
                                    • Instruction Fuzzy Hash: D9E10A74E042198FDB14DFA9D580AAEFBF2FF89305F248169D415AB356D730A942CFA0
                                    Function 09C83080 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 20ccdc68d352eea842e4acef870aaf5c38216fd064dbc635ff3707a154ceaed7
                                    • Instruction ID: 3dcd038174b0bddbcbdbc72a21923af1f1837532ba353ed3ddee0a575bc78bb1
                                    • Opcode Fuzzy Hash: 20ccdc68d352eea842e4acef870aaf5c38216fd064dbc635ff3707a154ceaed7
                                    • Instruction Fuzzy Hash: 67E11D74E002598FDB14DF99D5809AEFBF2FF89305F249169D814AB35AD730A942CFA0
                                    Function 09C834B8 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee38b46c8d54fd1401b743a545361ce9230a768f9c32a95f86c27f470760e612
                                    • Instruction ID: 3fcadfc6415b7f71b1a4b4eb5c8453461e46e35d375744bd9587a9b8bfc86123
                                    • Opcode Fuzzy Hash: ee38b46c8d54fd1401b743a545361ce9230a768f9c32a95f86c27f470760e612
                                    • Instruction Fuzzy Hash: 71E11AB4E002598FDB14DFA9D5809AEFBF2FF88305F249169D414AB356D731A942CFA0
                                    Function 06BE1760 Relevance: .3, Instructions: 308COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099539441.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6be0000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 742c44f7bafd883629f03a33602ece323c4e8a0af6375be110ab83addc598bc3
                                    • Instruction ID: 3d0685674758f088c1c2c7f248d20fc51dbc14899b5965bef9559b68cf58ba65
                                    • Opcode Fuzzy Hash: 742c44f7bafd883629f03a33602ece323c4e8a0af6375be110ab83addc598bc3
                                    • Instruction Fuzzy Hash: DCC14F74B006018FEB64DF39C484BAAB3E6FF85704F2495A9D456CB3A1DB75E842CB90
                                    Function 09C87020 Relevance: .3, Instructions: 298COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f28a439f219c744e82d7b82712c01f1dbb5288fbf20184170674f13638501027
                                    • Instruction ID: 764d08239ccc4fa9a10fb0d68894ff54a4ead13b820b148745985b1de596a63b
                                    • Opcode Fuzzy Hash: f28a439f219c744e82d7b82712c01f1dbb5288fbf20184170674f13638501027
                                    • Instruction Fuzzy Hash: 87D1B474A00605CFDB08DF69D598AAAB7F1BF8D705F2580A8E505AB362DB31ED41CF60
                                    Function 06D38408 Relevance: .3, Instructions: 270COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 01568b6ed30db580d155f9f41e5e411f77388adfdda4efb7ec2d5aedc927bce8
                                    • Instruction ID: 815be964b4d0e73663b8a02c1f36864f518670f7e374a883140a677e85c92219
                                    • Opcode Fuzzy Hash: 01568b6ed30db580d155f9f41e5e411f77388adfdda4efb7ec2d5aedc927bce8
                                    • Instruction Fuzzy Hash: CDD10835D20A5ACACB11EBA4D9916ADF771FF95300F10DB9AD14A3B214EB706AC5CF80
                                    Function 06D38418 Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2099744463.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6d30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a683e04a0a2caaeb0c52877b92c05589fad03d5881e8ab94021306e7ef9eab05
                                    • Instruction ID: 401fdeb4d635bdf446456564a25482340c37a36f505258597e0df4b48433dd13
                                    • Opcode Fuzzy Hash: a683e04a0a2caaeb0c52877b92c05589fad03d5881e8ab94021306e7ef9eab05
                                    • Instruction Fuzzy Hash: 7FD11935C20A5ACACB11EBA4D9916ADF775FF95300F10DB9AD14A3B214EB706AC5CF80
                                    Function 0252D5BC Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2095899123.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2520000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8239f5b3daa83838bfa88fd37b3365d1fa0d51f38fb5b9047f1a4eecce8a2767
                                    • Instruction ID: 33c26fbc78ec37c3c617194704f23c02e86585fa6e6c142ec6baf800e41862a5
                                    • Opcode Fuzzy Hash: 8239f5b3daa83838bfa88fd37b3365d1fa0d51f38fb5b9047f1a4eecce8a2767
                                    • Instruction Fuzzy Hash: 02A18132E002268FCF05DFB4D84059EBBB2FF86304B15456AE805BB2A5DB71E959CF80
                                    Function 04C30007 Relevance: .2, Instructions: 240COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2098707572.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_4c30000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3a5228cf5ce1b95fc6c9b0316e73586aff9439cfbaecdd1942f80abc4d922fea
                                    • Instruction ID: 385b4f19a04ca7958876c2ec870f7813476db18c2bf250a65411179495737731
                                    • Opcode Fuzzy Hash: 3a5228cf5ce1b95fc6c9b0316e73586aff9439cfbaecdd1942f80abc4d922fea
                                    • Instruction Fuzzy Hash: ABC127B0C827458BD311CF25EC481897BB1BB85314B926B09D6617B2D1FBF8166EEF48
                                    Function 09C81591 Relevance: .1, Instructions: 137COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cb7fb26f7949ed102540a20688c424b032388ad551d37e2894f901d9c45b9c0b
                                    • Instruction ID: a510de0e130ef70880b7a77f4ddc51d3e120333340645dc5501a77b836b8e946
                                    • Opcode Fuzzy Hash: cb7fb26f7949ed102540a20688c424b032388ad551d37e2894f901d9c45b9c0b
                                    • Instruction Fuzzy Hash: B0512A74E042598FDB14DFA9D9409AEFBF2FF89304F248169D448AB356D7309942CFA1
                                    Function 09C819C8 Relevance: .1, Instructions: 132COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93bc518e286b4e38da84152e186251c2ff08e07b40ff88c0d6f13a032d851be8
                                    • Instruction ID: 21d38b47c52616fdd28c29a7a1a853846e88ffc1bfff422d3d640cd89a6412a4
                                    • Opcode Fuzzy Hash: 93bc518e286b4e38da84152e186251c2ff08e07b40ff88c0d6f13a032d851be8
                                    • Instruction Fuzzy Hash: 9351FD74E042198FDB14DFA9D9445AEFBF2FF89304F24C169D418AB256D7309A42CFA1
                                    Function 09C834B0 Relevance: .1, Instructions: 129COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2100998648.0000000009C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 09C80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_9c80000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 128d2883c227c9f61158911305e67be96e57dabb80f8123e0fa5ec396ed91feb
                                    • Instruction ID: b151188b25d72d055fbf107fe10dff2c82c61cf05996f014e7d483ff5dcc8581
                                    • Opcode Fuzzy Hash: 128d2883c227c9f61158911305e67be96e57dabb80f8123e0fa5ec396ed91feb
                                    • Instruction Fuzzy Hash: 485109B0E002598FDB14DFA9D9805AEFBF2BF89304F24D169D418A7356D7319A42CFA0

                                    Execution Graph

                                    Execution Coverage:10.9%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:17
                                    Total number of Limit Nodes:4
                                    execution_graph 25141 166099b 25143 166084e 25141->25143 25142 166091b 25143->25141 25143->25142 25145 1661342 25143->25145 25147 1661356 25145->25147 25146 1661448 25146->25143 25147->25146 25149 1667059 25147->25149 25150 1667063 25149->25150 25151 1667119 25150->25151 25154 635ceb0 25150->25154 25158 635cec0 25150->25158 25151->25147 25155 635ced5 25154->25155 25156 635d0ea 25155->25156 25157 635d4d6 GlobalMemoryStatusEx 25155->25157 25156->25151 25157->25155 25159 635ced5 25158->25159 25160 635d0ea 25159->25160 25161 635d4d6 GlobalMemoryStatusEx 25159->25161 25160->25151 25161->25159

                                    Executed Functions

                                    Function 01669BC0 Relevance: 2.8, Instructions: 2822COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6e5abe5126be44603108b39a788e636945aa211438561a17b13198ed7c1b45f2
                                    • Instruction ID: d861445d2f530beb809176b78d0f3ae68c3b2de41c7969a744071ffb5e820d3b
                                    • Opcode Fuzzy Hash: 6e5abe5126be44603108b39a788e636945aa211438561a17b13198ed7c1b45f2
                                    • Instruction Fuzzy Hash: 7453F731D10B5A8ADB51EF68C8805A9F7B1FF99300F11D79AE45977221FB70AAC4CB81
                                    Function 0166CE50 Relevance: 2.3, Instructions: 2329COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e327aa6097df7b2609415bf1e1bc7ad0493beae80935227c18b55e8b568b3914
                                    • Instruction ID: 8b6ab30499d8327457fd35a71c3349672f222c16ec1646da8c8c9aac693887dc
                                    • Opcode Fuzzy Hash: e327aa6097df7b2609415bf1e1bc7ad0493beae80935227c18b55e8b568b3914
                                    • Instruction Fuzzy Hash: D1332E31D1061A8EDB11EF68C8906ADF7B5FF99300F15C79AE458A7211EB70AAC5CF81
                                    Function 01664A60 Relevance: .3, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d74c54227d3defa246ca7a42e159fd0d933cbedf71ed660e35fb8ea152c2db64
                                    • Instruction ID: f4391ffa9ea4b53c53c63975c09de16c7b0d8729d15cf8a8e4cd32c91e6e0446
                                    • Opcode Fuzzy Hash: d74c54227d3defa246ca7a42e159fd0d933cbedf71ed660e35fb8ea152c2db64
                                    • Instruction Fuzzy Hash: A8B16C71E00209CFEB14CFA9DC917AEBBF6AF88354F148529D815A7394EB749845CB81
                                    Function 01663E48 Relevance: .2, Instructions: 238COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 097858092d7c9b28b57c21f5f20e185feef5ebd58ec1551d27adf650f717db55
                                    • Instruction ID: a2a648e8b8cf67e559d4a6a823aef0b4cac42f12d54500d757828d4f8f545a28
                                    • Opcode Fuzzy Hash: 097858092d7c9b28b57c21f5f20e185feef5ebd58ec1551d27adf650f717db55
                                    • Instruction Fuzzy Hash: 37915A70E00249DFDB10CFA9CC857ADBBF6BF88714F148129E419A7394EB749845CB91
                                    Function 0635E0C8 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1296 635e0c8-635e0e3 1297 635e0e5-635e10c call 635d4c8 1296->1297 1298 635e10d-635e120 1296->1298 1302 635e123-635e125 call 635d4d4 1298->1302 1304 635e12a-635e12c 1302->1304 1305 635e132-635e170 1304->1305 1306 635e12e-635e131 1304->1306 1305->1302 1311 635e172-635e17c 1305->1311 1311->1304 1312 635e17e-635e191 1311->1312 1314 635e197-635e224 GlobalMemoryStatusEx 1312->1314 1315 635e193-635e196 1312->1315 1318 635e226-635e22c 1314->1318 1319 635e22d-635e255 1314->1319 1318->1319
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3326852651.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_6350000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b6717eba2ddb7f48b83173b538c1ca91a2741a56ef58ae19f1f8a1c5b33c69f
                                    • Instruction ID: ed3291fd7586007342317270f29a6e4e531882986c12997483e71f7c937a14e4
                                    • Opcode Fuzzy Hash: 3b6717eba2ddb7f48b83173b538c1ca91a2741a56ef58ae19f1f8a1c5b33c69f
                                    • Instruction Fuzzy Hash: 51413572E0439A9FDB04DFB9D8046EEBFF1AF89210F15856AD804E7251DB349A45CBE0
                                    Function 0635E1B0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1411 635e1b0-635e1ee 1412 635e1f6-635e224 GlobalMemoryStatusEx 1411->1412 1413 635e226-635e22c 1412->1413 1414 635e22d-635e255 1412->1414 1413->1414
                                    APIs
                                    • GlobalMemoryStatusEx.KERNELBASE ref: 0635E217
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3326852651.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_6350000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID: GlobalMemoryStatus
                                    • String ID:
                                    • API String ID: 1890195054-0
                                    • Opcode ID: ced24d829b48d2637dd2a33db16f048d6be31d0afc86801867ffc62247c27c64
                                    • Instruction ID: c85f4fdfbde2994da9dadcbdccb952c1df730ad6d7a8698aeb799bd2b2f5fe61
                                    • Opcode Fuzzy Hash: ced24d829b48d2637dd2a33db16f048d6be31d0afc86801867ffc62247c27c64
                                    • Instruction Fuzzy Hash: 151112B1C0065A9BDB10DF9AD444BDEFBF4AF48224F15816AD818A7240D378AA54CFA5
                                    Function 01667988 Relevance: .6, Instructions: 555COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1984 1667988-166799f 1985 16679a1-16679a4 1984->1985 1986 16679a6-16679cc 1985->1986 1987 16679d1-16679d4 1985->1987 1986->1987 1988 16679d6-16679fc 1987->1988 1989 1667a01-1667a04 1987->1989 1988->1989 1990 1667a06-1667a2c 1989->1990 1991 1667a31-1667a34 1989->1991 1990->1991 1993 1667a36-1667a5c 1991->1993 1994 1667a61-1667a64 1991->1994 1993->1994 1996 1667a66-1667a8c 1994->1996 1997 1667a91-1667a94 1994->1997 1996->1997 2001 1667a96-1667abc 1997->2001 2002 1667ac1-1667ac4 1997->2002 2001->2002 2004 1667ac6-1667aec 2002->2004 2005 1667af1-1667af4 2002->2005 2004->2005 2011 1667af6 2005->2011 2012 1667b01-1667b04 2005->2012 2023 1667afc 2011->2023 2014 1667b06-1667b2c 2012->2014 2015 1667b31-1667b34 2012->2015 2014->2015 2021 1667b36-1667b5c 2015->2021 2022 1667b61-1667b64 2015->2022 2021->2022 2024 1667b66-1667b8c 2022->2024 2025 1667b91-1667b94 2022->2025 2023->2012 2024->2025 2030 1667b96-1667bbc 2025->2030 2031 1667bc1-1667bc4 2025->2031 2030->2031 2033 1667bc6-1667bec 2031->2033 2034 1667bf1-1667bf4 2031->2034 2033->2034 2038 1667bf6-1667c1c 2034->2038 2039 1667c21-1667c24 2034->2039 2038->2039 2042 1667c26-1667c4c 2039->2042 2043 1667c51-1667c54 2039->2043 2042->2043 2047 1667c56-1667c7c 2043->2047 2048 1667c81-1667c84 2043->2048 2047->2048 2052 1667c86-1667cac 2048->2052 2053 1667cb1-1667cb4 2048->2053 2052->2053 2057 1667cb6-1667cdc 2053->2057 2058 1667ce1-1667ce4 2053->2058 2057->2058 2062 1667ce6-1667d0c 2058->2062 2063 1667d11-1667d14 2058->2063 2062->2063 2067 1667d16-1667d2a 2063->2067 2068 1667d2f-1667d32 2063->2068 2067->2068 2075 1667d34-1667d5a 2068->2075 2076 1667d5f-1667d62 2068->2076 2075->2076 2077 1667d64-1667d8a 2076->2077 2078 1667d8f-1667d92 2076->2078 2077->2078 2085 1667d94-1667daa 2078->2085 2086 1667daf-1667db2 2078->2086 2085->2086 2087 1667db4-1667dda 2086->2087 2088 1667ddf-1667de2 2086->2088 2087->2088 2095 1667de4-1667e0a 2088->2095 2096 1667e0f-1667e12 2088->2096 2095->2096 2097 1667e14-1667e3a 2096->2097 2098 1667e3f-1667e42 2096->2098 2097->2098 2103 1667e44-1667e6a 2098->2103 2104 1667e6f-1667e72 2098->2104 2103->2104 2106 1667e74-1667e9a 2104->2106 2107 1667e9f-1667ea2 2104->2107 2106->2107 2112 1667ea4-1667eca 2107->2112 2113 1667ecf-1667ed2 2107->2113 2112->2113 2115 1667ed4-1667ed6 2113->2115 2116 1667ee3-1667ee6 2113->2116 2198 1667ed8 call 1669283 2115->2198 2199 1667ed8 call 16691e0 2115->2199 2200 1667ed8 call 16691d1 2115->2200 2122 1667f13-1667f16 2116->2122 2123 1667ee8-1667f0e 2116->2123 2125 1667f43-1667f46 2122->2125 2126 1667f18-1667f3e 2122->2126 2123->2122 2132 1667f73-1667f76 2125->2132 2133 1667f48-1667f6e 2125->2133 2126->2125 2127 1667ede 2127->2116 2135 1667fa3-1667fa6 2132->2135 2136 1667f78-1667f9e 2132->2136 2133->2132 2140 1667fd3-1667fd6 2135->2140 2141 1667fa8-1667fce 2135->2141 2136->2135 2144 1668003-1668006 2140->2144 2145 1667fd8-1667ffe 2140->2145 2141->2140 2148 1668033-1668036 2144->2148 2149 1668008-166802e 2144->2149 2145->2144 2153 1668063-1668066 2148->2153 2154 1668038-166805e 2148->2154 2149->2148 2158 1668093-1668096 2153->2158 2159 1668068-166808e 2153->2159 2154->2153 2163 16680c3-16680c6 2158->2163 2164 1668098-16680be 2158->2164 2159->2158 2168 16680f3-16680f6 2163->2168 2169 16680c8-16680ee 2163->2169 2164->2163 2173 1668123-1668126 2168->2173 2174 16680f8-166811e 2168->2174 2169->2168 2178 1668153-1668155 2173->2178 2179 1668128-166814e 2173->2179 2174->2173 2183 1668157 2178->2183 2184 166815c-166815f 2178->2184 2179->2178 2183->2184 2184->1985 2188 1668165-166816b 2184->2188 2198->2127 2199->2127 2200->2127
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4de8991dc9c6af5edfbf1ab5983ac70cbc06625a2f50c136d54b5cbff4928bd2
                                    • Instruction ID: cc69bbd4e5b5fd856fd37f6681fe152efe625ee2d7abedb22867dce8e014f444
                                    • Opcode Fuzzy Hash: 4de8991dc9c6af5edfbf1ab5983ac70cbc06625a2f50c136d54b5cbff4928bd2
                                    • Instruction Fuzzy Hash: A7126F3076010AABDB19AB3CE89566C7AA7FB85325F504A39E405CB355CF75EC4BCB80
                                    Function 016693E4 Relevance: .4, Instructions: 388COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fcad7883615189f2691bbbba3312c3068ada4bdcb393237ec179c6e51344ee2d
                                    • Instruction ID: a7fef3a4d9e641b10e10fddc9f939bc8819ce23e10dd51d161a13d96f53fe629
                                    • Opcode Fuzzy Hash: fcad7883615189f2691bbbba3312c3068ada4bdcb393237ec179c6e51344ee2d
                                    • Instruction Fuzzy Hash: 21E19334A00209CFDB15DF68D994AADBBF6EF89314F248469E906E7351DB39DC41CB50
                                    Function 01669760 Relevance: .4, Instructions: 363COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3015 1669760-166977a 3016 166977c-166977f 3015->3016 3017 1669785-1669788 3016->3017 3018 16698f8-1669902 3016->3018 3019 166978a-16697a4 3017->3019 3020 16697a9-16697ac 3017->3020 3019->3020 3021 16697ae-16697b1 3020->3021 3022 16697b8-16697bb 3020->3022 3024 16697b3 3021->3024 3025 1669828-166982b 3021->3025 3026 16697cc-16697cf 3022->3026 3027 16697bd 3022->3027 3024->3022 3028 1669903-1669983 3025->3028 3029 1669831-1669838 3025->3029 3026->3021 3030 16697d1-16697d4 3026->3030 3033 16697c5-16697c7 3027->3033 3072 1669a9a-1669aa1 3028->3072 3073 1669989-166998b 3028->3073 3032 166983d-1669840 3029->3032 3034 16697d6-16697f5 3030->3034 3035 1669800-1669803 3030->3035 3039 1669842-166985b 3032->3039 3040 1669860-1669863 3032->3040 3033->3026 3044 166988a-166988b 3034->3044 3045 16697fb 3034->3045 3036 1669805-166981e 3035->3036 3037 1669823-1669826 3035->3037 3036->3037 3037->3025 3037->3032 3039->3040 3042 1669885-1669888 3040->3042 3043 1669865-1669880 3040->3043 3042->3044 3047 1669890-1669893 3042->3047 3043->3042 3044->3047 3045->3035 3051 1669895-16698a3 3047->3051 3052 16698aa-16698ad 3047->3052 3064 16698c9-16698e5 3051->3064 3065 16698a5 3051->3065 3053 16698af-16698b5 3052->3053 3054 16698ba-16698bd 3052->3054 3053->3054 3058 16698c4-16698c7 3054->3058 3059 16698bf-16698c1 3054->3059 3063 16698e6-16698e8 3058->3063 3058->3064 3059->3058 3066 16698ef-16698f2 3063->3066 3067 16698ea 3063->3067 3065->3052 3066->3016 3066->3018 3067->3066 3114 166998e call 16693e4 3073->3114 3115 166998e call 1669510 3073->3115 3116 166998e call 1669760 3073->3116 3117 166998e call 1669910 3073->3117 3118 166998e call 166970e 3073->3118 3074 1669994-16699a0 3076 16699a2-16699a9 3074->3076 3077 16699ab-16699b2 3074->3077 3076->3077 3078 16699b3-16699da 3076->3078 3082 16699e4-16699eb 3078->3082 3083 16699dc-16699e3 3078->3083 3084 1669aa2-1669ad3 3082->3084 3085 16699f1-16699f5 3082->3085 3089 1669ad5-1669ad7 3084->3089 3086 16699f7-16699fe 3085->3086 3087 16699ff-1669a7e 3085->3087 3098 1669a80-1669a87 3087->3098 3099 1669a8e-1669a94 call 1669bc0 3087->3099 3091 1669ade-1669ae1 3089->3091 3092 1669ad9 3089->3092 3091->3089 3093 1669ae3-1669b1f call 1660368 3091->3093 3092->3091 3102 1669b27-1669b2a 3093->3102 3103 1669b21-1669b23 3093->3103 3098->3099 3099->3072 3105 1669b71 3102->3105 3106 1669b2c-1669b56 3102->3106 3104 1669b25 3103->3104 3103->3105 3104->3106 3108 1669b76-1669b7a 3105->3108 3113 1669b5c-1669b6f 3106->3113 3109 1669b85 3108->3109 3110 1669b7c 3108->3110 3110->3109 3113->3108 3114->3074 3115->3074 3116->3074 3117->3074 3118->3074
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4548b27765884c0d265338d2e3682545f96aec08d882900a7af80202ca762348
                                    • Instruction ID: a9aaaaa4ff7faf8d29f95711883aa45ec43c1d24257cf1acbf5b0fe5377d0457
                                    • Opcode Fuzzy Hash: 4548b27765884c0d265338d2e3682545f96aec08d882900a7af80202ca762348
                                    • Instruction Fuzzy Hash: A2D19E30E002098FDB14DF69D9807AEBBB6FF88314F24856AE909EB395D775D841CB91
                                    Function 01664184 Relevance: .3, Instructions: 297COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3221 1664184-1664188 3222 166410f 3221->3222 3223 166418a-16641f6 3221->3223 3225 1664111-1664115 3222->3225 3226 166411f-1664123 3222->3226 3236 1664240-1664242 3223->3236 3237 16641f8-1664203 3223->3237 3225->3226 3227 1664117-166411a call 1660ab8 3225->3227 3228 1664125-1664129 3226->3228 3229 1664133-1664137 3226->3229 3227->3226 3228->3229 3234 166412b 3228->3234 3230 1664147 3229->3230 3231 1664139-166413d 3229->3231 3230->3221 3231->3230 3235 166413f 3231->3235 3234->3229 3235->3230 3238 1664244-166425d 3236->3238 3237->3236 3239 1664205-1664211 3237->3239 3245 166425f-166426b 3238->3245 3246 16642a9-16642ab 3238->3246 3240 1664234-166423e 3239->3240 3241 1664213-166421d 3239->3241 3240->3238 3243 1664221-1664230 3241->3243 3244 166421f 3241->3244 3243->3243 3247 1664232 3243->3247 3244->3243 3245->3246 3249 166426d-1664279 3245->3249 3248 16642ad-1664305 3246->3248 3247->3240 3258 1664307-1664312 3248->3258 3259 166434f-1664351 3248->3259 3250 166429c-16642a7 3249->3250 3251 166427b-1664285 3249->3251 3250->3248 3252 1664287 3251->3252 3253 1664289-1664298 3251->3253 3252->3253 3253->3253 3255 166429a 3253->3255 3255->3250 3258->3259 3260 1664314-1664320 3258->3260 3261 1664353-166436b 3259->3261 3262 1664322-166432c 3260->3262 3263 1664343-166434d 3260->3263 3268 16643b5-16643b7 3261->3268 3269 166436d-1664378 3261->3269 3264 1664330-166433f 3262->3264 3265 166432e 3262->3265 3263->3261 3264->3264 3267 1664341 3264->3267 3265->3264 3267->3263 3270 16643b9-166441e 3268->3270 3269->3268 3271 166437a-1664386 3269->3271 3280 1664427-1664487 3270->3280 3281 1664420-1664426 3270->3281 3272 1664388-1664392 3271->3272 3273 16643a9-16643b3 3271->3273 3275 1664396-16643a5 3272->3275 3276 1664394 3272->3276 3273->3270 3275->3275 3277 16643a7 3275->3277 3276->3275 3277->3273 3288 1664497-166449b 3280->3288 3289 1664489-166448d 3280->3289 3281->3280 3291 166449d-16644a1 3288->3291 3292 16644ab-16644af 3288->3292 3289->3288 3290 166448f 3289->3290 3290->3288 3291->3292 3293 16644a3 3291->3293 3294 16644b1-16644b5 3292->3294 3295 16644bf-16644c3 3292->3295 3293->3292 3294->3295 3296 16644b7-16644ba call 1660ab8 3294->3296 3297 16644c5-16644c9 3295->3297 3298 16644d3-16644d7 3295->3298 3296->3295 3297->3298 3300 16644cb-16644ce call 1660ab8 3297->3300 3301 16644e7-16644eb 3298->3301 3302 16644d9-16644dd 3298->3302 3300->3298 3305 16644ed-16644f1 3301->3305 3306 16644fb-16644ff 3301->3306 3302->3301 3304 16644df-16644e2 call 1660ab8 3302->3304 3304->3301 3305->3306 3308 16644f3 3305->3308 3309 1664501-1664505 3306->3309 3310 166450f 3306->3310 3308->3306 3309->3310 3311 1664507 3309->3311 3312 1664510 3310->3312 3311->3310 3312->3312
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: abb5e60e4f895157bcf5d57afa800749c34d1b43d89a886a2c05988335d61569
                                    • Instruction ID: 74da440601a453c6fc20fe26051dc05c89ea607d8fb0acf84930ef442b97783e
                                    • Opcode Fuzzy Hash: abb5e60e4f895157bcf5d57afa800749c34d1b43d89a886a2c05988335d61569
                                    • Instruction Fuzzy Hash: 40C12970E00249CFDB10CFA9DC857AEBBFAEF88714F248129D815A7354EB749885CB91
                                    Function 0166195C Relevance: .3, Instructions: 275COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3313 166195c-166195e 3314 1661965-1661968 3313->3314 3315 166196a-1661994 3314->3315 3316 16618f9-166190a 3314->3316 3330 1661996-16619ab 3315->3330 3331 16619f4 3315->3331 3317 166190c-1661925 3316->3317 3318 16618b8-16618c2 3316->3318 3321 1661927 3317->3321 3322 1661930 3317->3322 3325 16618c4-16618ca 3318->3325 3326 16618da-166190a call 1661068 3318->3326 3321->3322 3322->3313 3327 16618ce-16618d0 3325->3327 3328 16618cc 3325->3328 3326->3317 3326->3318 3327->3326 3328->3326 3342 16619b0-16619c4 3330->3342 3333 16619f6-1661a18 3331->3333 3334 1661a54 3331->3334 3333->3342 3364 1661a1a-1661a1b 3333->3364 3335 1661ab4 3334->3335 3336 1661a55-1661a7b 3334->3336 3339 1661ab6-1661ac4 3335->3339 3340 1661b14 3335->3340 3365 1661a84 3336->3365 3345 1661ac6-1661adb 3339->3345 3346 1661b24 3339->3346 3343 1661b74 3340->3343 3344 1661b15-1661b1e 3340->3344 3355 16619c6-16619f3 3342->3355 3356 1661a24 3342->3356 3349 1661b76-1661b81 3343->3349 3350 1661bd4-1661bd6 3343->3350 3344->3346 3374 1661ae4 3345->3374 3352 1661b84 3346->3352 3353 1661b25-1661b3e 3346->3353 3357 1661b82 3349->3357 3360 1661bd7-1661bd9 3350->3360 3361 1661bc1-1661bc7 3350->3361 3358 1661b86-1661b88 3352->3358 3359 1661be4-1661be6 3352->3359 3380 1661b44 3353->3380 3355->3331 3356->3365 3366 1661a25-1661a2e 3356->3366 3357->3352 3367 1661b8e 3358->3367 3371 1661be7-1661be9 3359->3371 3372 1661bd1 3359->3372 3360->3357 3368 1661bdb 3360->3368 3361->3372 3364->3356 3365->3374 3377 1661a85-1661a98 3365->3377 3378 1661a35-1661a4b 3366->3378 3379 1661b91-1661ba1 3367->3379 3368->3359 3371->3367 3376 1661beb-1661bf7 3371->3376 3372->3350 3374->3380 3381 1661ae5-1661af8 3374->3381 3377->3378 3387 1661a99-1661a9b 3377->3387 3378->3334 3384 1661ba4-1661ba6 3379->3384 3380->3384 3385 1661b45-1661b71 3380->3385 3381->3387 3393 1661afa-1661b0e 3381->3393 3384->3379 3391 1661ba7-1661bb7 3384->3391 3385->3343 3392 1661a9e-1661ab1 3387->3392 3391->3361 3399 1661ab3 3392->3399 3393->3340 3399->3335
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3eed31b0a16b6d0c1df15321ccf239ffcab067b2340602595c02f55747a08ea5
                                    • Instruction ID: 215db712512da0cda1b0298101f6615510d09f8d6329a2d52f0d77edd9c014ff
                                    • Opcode Fuzzy Hash: 3eed31b0a16b6d0c1df15321ccf239ffcab067b2340602595c02f55747a08ea5
                                    • Instruction Fuzzy Hash: A1913F0245E7E25EE7136B7C9CB53DA3F648F83225F4A00D7C5C4CE1A3E514888ED6AA
                                    Function 01664A55 Relevance: .3, Instructions: 262COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 88d64dbaf5ba83af2ef9e0c93fb1431cbb9bb3bdc0067cb251bfaa65a3de8772
                                    • Instruction ID: 4b1a192b5fd61b4cd2fe12791532c3c9de08e5317b189279c824bcf6495e4862
                                    • Opcode Fuzzy Hash: 88d64dbaf5ba83af2ef9e0c93fb1431cbb9bb3bdc0067cb251bfaa65a3de8772
                                    • Instruction Fuzzy Hash: 73B16C71E00209CFDB10CFA9DC857DEBBF6AF88754F148129E819A7354EB749885CB91
                                    Function 01663E3C Relevance: .2, Instructions: 236COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e445d3248de1510e91521b75aa6cbaf909f7263d583c3d3ade1ef5ec03d40628
                                    • Instruction ID: 69475c2e8f60405c95a50351d020bb142e22d23db211274bd017e6670d07a64f
                                    • Opcode Fuzzy Hash: e445d3248de1510e91521b75aa6cbaf909f7263d583c3d3ade1ef5ec03d40628
                                    • Instruction Fuzzy Hash: E4914870E00249DFDB10CFA9DC857ADBBF6BF88714F148129E819A7394EB749845CB91
                                    Function 016647D8 Relevance: .2, Instructions: 180COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d06ade7281ed7d64a02ebfe5454e7151e8155848dd81d59bead014a62f385856
                                    • Instruction ID: 7d22f46de45f0d5aa997fde2feeb68fd39eeb8433761e8ff0d8d11411b7e4d1a
                                    • Opcode Fuzzy Hash: d06ade7281ed7d64a02ebfe5454e7151e8155848dd81d59bead014a62f385856
                                    • Instruction Fuzzy Hash: C4712870E00249DFEB14CFA9C8857AEBBF6BF88714F148129E415AB394EB749841CB95
                                    Function 016647CD Relevance: .2, Instructions: 178COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b6546cf4e08d0f7f13790971398676124e5e92c8eb4964453b1a11ae1037b97
                                    • Instruction ID: 607f398dbbcb96f99d8b47982b85895bdf67bdb1cd641bdd968259041271ab51
                                    • Opcode Fuzzy Hash: 2b6546cf4e08d0f7f13790971398676124e5e92c8eb4964453b1a11ae1037b97
                                    • Instruction Fuzzy Hash: 16714970E00249DFEB14CFA9C88579EBBF6BF88714F148129E815A7354EB749841CF95
                                    Function 01666E9F Relevance: .2, Instructions: 150COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1607db0f109045bdc94854fd5803ffaebccf83bb173a01bcc04ad749450fa87
                                    • Instruction ID: 6c55f8558ad1651785a9da50d9e1e64a23da0fe76166c1a93dc2748cd83eee61
                                    • Opcode Fuzzy Hash: c1607db0f109045bdc94854fd5803ffaebccf83bb173a01bcc04ad749450fa87
                                    • Instruction Fuzzy Hash: B751F330E102499FDB15DFA9C8507AEBBB6EF85310F50842AE406EB341EB71D846CB50
                                    Function 01666CA5 Relevance: .1, Instructions: 134COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9503c504e66728fd5ce17ce318955aff20977726276f416d8eb1310739e9985d
                                    • Instruction ID: 0d1e7a7f66f29b51ecff783a23387ae33eacc0b6f06bb817dc395dc957689dcd
                                    • Opcode Fuzzy Hash: 9503c504e66728fd5ce17ce318955aff20977726276f416d8eb1310739e9985d
                                    • Instruction Fuzzy Hash: FF511471D002188FDB18CFA9D884B9DBBB5FF48314F14852AE819AB351D774A845CF95
                                    Function 01666CB0 Relevance: .1, Instructions: 132COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bb1ceb1a36e432f76d43d81da5096111001aac5fe66f3ea9c25e97a92791c822
                                    • Instruction ID: 628ca9612c34d41db0251939c13d53bbe994b64ff5817ea0dd463c85e1825928
                                    • Opcode Fuzzy Hash: bb1ceb1a36e432f76d43d81da5096111001aac5fe66f3ea9c25e97a92791c822
                                    • Instruction Fuzzy Hash: 20510471D002588FDB14CFA9D884B9DBBB5FF48314F14812AE815AB351DB74A844CF95
                                    Function 0166112A Relevance: .1, Instructions: 113COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 282975c5c1275441990536723b0c4fdbc9c4fd8b81bf4cffcdbc7eea08dace54
                                    • Instruction ID: 038ca53573ddd12af3ade92782794f862972ce0f359047976e37259ae9b9912f
                                    • Opcode Fuzzy Hash: 282975c5c1275441990536723b0c4fdbc9c4fd8b81bf4cffcdbc7eea08dace54
                                    • Instruction Fuzzy Hash: B451F9312B128FEFDB16FF18FAA09587F61F795305700997AD1008B22EDAB46945CF90
                                    Function 0166F47D Relevance: .1, Instructions: 113COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c9b5444dfde55075fba2b842f9133c2044a043ed6ba6a70a28650907b4d7345b
                                    • Instruction ID: 3420749e27a518550d9ea78c70ab16b300ebbc1e7a0ceb28f8ac1fbdc7f1bf90
                                    • Opcode Fuzzy Hash: c9b5444dfde55075fba2b842f9133c2044a043ed6ba6a70a28650907b4d7345b
                                    • Instruction Fuzzy Hash: 4931D23070020A8FDB15AF38E96466E7BEBEB89610B2444B9D402DB385DF35CC46CB94
                                    Function 01661138 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b03392e39604db7678fc9f57d658cffe008fe79b6acc231f45e0fd55ba1d962
                                    • Instruction ID: fd67be31130328e78cefda460c1274668a95717a8f41d988734265621757b19b
                                    • Opcode Fuzzy Hash: 8b03392e39604db7678fc9f57d658cffe008fe79b6acc231f45e0fd55ba1d962
                                    • Instruction Fuzzy Hash: 0641E8312A128BEFDB15FF28FAA09597F61F795305300997AD1008B22EDAB46945CF40
                                    Function 01666B47 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5dee8d33dc26c4b4fec273cada93a02fa0304897d8ac4bf99f46af5978f55358
                                    • Instruction ID: b354200b3b9e24f9842f7c9ac50af9d92f370eab28a2a1466757a5b1a0069221
                                    • Opcode Fuzzy Hash: 5dee8d33dc26c4b4fec273cada93a02fa0304897d8ac4bf99f46af5978f55358
                                    • Instruction Fuzzy Hash: FA317F726082C59FD3069B38D85569E7FB6EF83110B0401AFD055CB393EB64C84AC792
                                    Function 0166F340 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b055f2a131848d51505930712fcf0c6711b12a2be19186f83e13d4792e1dd1d
                                    • Instruction ID: 5a5058944d736041aed888d6132e0f638730e1a808f4a0e00b2da56874295ea8
                                    • Opcode Fuzzy Hash: 2b055f2a131848d51505930712fcf0c6711b12a2be19186f83e13d4792e1dd1d
                                    • Instruction Fuzzy Hash: 1C317034E1020A9BDB19CF69D9A469EB7B6FF89300F108559E816E7341DF70AC42CB50
                                    Function 01666F40 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5a92023d20d5c29047e4f2239166eaaff04d23e94f81ade866c81237ea2e1474
                                    • Instruction ID: 76b6d123b8f353588c34ab8f437c4c312dfb42e816fb4dbedda0d3a8cc40e151
                                    • Opcode Fuzzy Hash: 5a92023d20d5c29047e4f2239166eaaff04d23e94f81ade866c81237ea2e1474
                                    • Instruction Fuzzy Hash: 0C319074E10209DBEB25CFA9D8407AEBBB6FF85314F50842AE406EB341EB71E845CB40
                                    Function 016626A4 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 73fbf4397bc889ef8568c3ea7253ade98346a12c9074ac2a5db15762d14142e5
                                    • Instruction ID: ef6f15e216d0dc196010e9a51f1a6d541cf11f27bdb32fa34a74d3dd4cc0326a
                                    • Opcode Fuzzy Hash: 73fbf4397bc889ef8568c3ea7253ade98346a12c9074ac2a5db15762d14142e5
                                    • Instruction Fuzzy Hash: A041E0B0D003499FEB10DFA9C894ADEBFF5BF48314F208029E809AB250DB759945CF90
                                    Function 0166505F Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 45670681a77886f09a21902e0d6a3b2503f80d219b004a2600dcfd99a280db2c
                                    • Instruction ID: 5d910a1a6f41a720f3f7316d6260bce46c1a69f5773e8126b924f098acdd1f02
                                    • Opcode Fuzzy Hash: 45670681a77886f09a21902e0d6a3b2503f80d219b004a2600dcfd99a280db2c
                                    • Instruction Fuzzy Hash: 68317C30600219DFEF15EB78CA516ADBBBAAF89244F10046DD802AB354DB36DC41CB95
                                    Function 0166F350 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 605b05fbfd662397428c7fac0b3aa54d894f44e91496f91961a8a1d08d5e0a97
                                    • Instruction ID: 9501b5892c399bf62c47dbefc6c0e6c0bdfeb78f74e4c9c571d64d711a522ca0
                                    • Opcode Fuzzy Hash: 605b05fbfd662397428c7fac0b3aa54d894f44e91496f91961a8a1d08d5e0a97
                                    • Instruction Fuzzy Hash: A1315C34A1020A9BDB19DF69D9A469EBBB6FF89300F108519E806EB341DB70AC42CB50
                                    Function 016626B0 Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 87c2ee262d8225f218bea38bf00fd122619035cb41f59259bee69ad9415ac377
                                    • Instruction ID: 881b30d9bbbad2e141b3d1b724732114ec02b0f46f95a36e48dab60bb0827679
                                    • Opcode Fuzzy Hash: 87c2ee262d8225f218bea38bf00fd122619035cb41f59259bee69ad9415ac377
                                    • Instruction Fuzzy Hash: 7241DFB0D003499FDB14DFA9C894ADEBFB5BF48310F248429E809AB250DB79A945CB94
                                    Function 01665070 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8441e73ae084f508217d0d872c6eb0a8f42bff90328f7b3ee6fc59787e88cfc1
                                    • Instruction ID: 2b3d89464e72ece03d59dee7f2b742031ace9bf212860e2292c80a96c066520c
                                    • Opcode Fuzzy Hash: 8441e73ae084f508217d0d872c6eb0a8f42bff90328f7b3ee6fc59787e88cfc1
                                    • Instruction Fuzzy Hash: 00316E30700219CFEF15EB78CA516AD77FAAB89245F10046DD902AB394DF36DC41CB95
                                    Function 01667059 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71c85bd64f4d1b4baa706872a385b43ec5d1f28fc108d14de47d461af035b475
                                    • Instruction ID: 4f81453e841b81653503e23f52b4298c0c543390e671f968f9be81418e119de1
                                    • Opcode Fuzzy Hash: 71c85bd64f4d1b4baa706872a385b43ec5d1f28fc108d14de47d461af035b475
                                    • Instruction Fuzzy Hash: 28217E38711259DFDB08EB74D56466E37BBFFC8314B208468E5069B3A9CE359C42CB90
                                    Function 016692D1 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4c2f17074fda0d83c8ac10fd132c2cb253a06ea140e29f0d44de1114269142d8
                                    • Instruction ID: edf1ce83868e3c0f1089f575f3a3e1910869dfbde82e7cc0426693adcfed42b7
                                    • Opcode Fuzzy Hash: 4c2f17074fda0d83c8ac10fd132c2cb253a06ea140e29f0d44de1114269142d8
                                    • Instruction Fuzzy Hash: 7A31BF35E1060A9FDB15CFA8C99069EB7B6FF89304F50C61AE806FB381DB719842CB40
                                    Function 016692E0 Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b3e0ebf979afb04e15e8c00dd53d1749ac9ba06c7622cae8b80ecb476d14c2d0
                                    • Instruction ID: 20a5424db2917088d077fa011a60d9bb98d3f28446a8b7d20d79ee30787b11fb
                                    • Opcode Fuzzy Hash: b3e0ebf979afb04e15e8c00dd53d1749ac9ba06c7622cae8b80ecb476d14c2d0
                                    • Instruction Fuzzy Hash: 46215E31A1060A9FDB15CF69D99069EBBB6FF89304F10D61AE805FB381DB719846CB90
                                    Function 016691D1 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0906df6733ca5e03c01dc5cc91bb0ce2bd3ebe82649dc8c90af8081ca915ad0d
                                    • Instruction ID: ccc19b448744322ce0705c11df7e65882ad37916cd8ca261fb3524761fe8d0e9
                                    • Opcode Fuzzy Hash: 0906df6733ca5e03c01dc5cc91bb0ce2bd3ebe82649dc8c90af8081ca915ad0d
                                    • Instruction Fuzzy Hash: D4219075E102099FCB19CFA8C85069EB7BAAF89704F10C51AEC16FB340DB70A946CB50
                                    Function 01661667 Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e3a22bd5cccc1df9a556c11fa959a0edfcd7a478020fc1ce0d64779141409773
                                    • Instruction ID: 1acec3899b55f231ca7a9bddc30c7204d3926f4435892a01a1c27bb9252d265c
                                    • Opcode Fuzzy Hash: e3a22bd5cccc1df9a556c11fa959a0edfcd7a478020fc1ce0d64779141409773
                                    • Instruction Fuzzy Hash: 4B2195382601079FEB12FB2CED9476D7B6AE786344F148926E006C7357EB38DC468B81
                                    Function 0122D01C Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3320981028.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_122d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e4fc983342430c6b6436b195c6a454edf3fd0ead0e79d103cee1caf6a965143f
                                    • Instruction ID: e23ebfcf994b2620725eb0a5367fb1a2d9c5889e6229db4d0fa5b05d4abf364d
                                    • Opcode Fuzzy Hash: e4fc983342430c6b6436b195c6a454edf3fd0ead0e79d103cee1caf6a965143f
                                    • Instruction Fuzzy Hash: FD213471614248EFDB15DF64D9C0B1ABB61FB84314F20C56DEA0A4B2A2C37FD547CA61
                                    Function 01661840 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 91a7c851b8b22e144cf210d955f7efd907325921461ad784d107f0fa858b6a3a
                                    • Instruction ID: 41c65e8e802fc255389dc12dfd54df6a031b31cd8e09ebf89473d5d4828368a1
                                    • Opcode Fuzzy Hash: 91a7c851b8b22e144cf210d955f7efd907325921461ad784d107f0fa858b6a3a
                                    • Instruction Fuzzy Hash: 94214B30A102498FEB14EB79C9546AD77F6AB8A204F10056DD506EB3A1DB369D41CB91
                                    Function 01661342 Relevance: .1, Instructions: 71COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d1bd68a7a6ba78639f21bb09903152c25d557e88b87c92354fa4879e7dfb828
                                    • Instruction ID: 1945a10e7c43004de9dd7bc265043da155d8c4b59fcd995bfb7ac6096cadaf43
                                    • Opcode Fuzzy Hash: 0d1bd68a7a6ba78639f21bb09903152c25d557e88b87c92354fa4879e7dfb828
                                    • Instruction Fuzzy Hash: 502106346502459BEB36676CEC593BC3F59E783325F10082AE507D7342DF29C885CB46
                                    Function 01664F51 Relevance: .1, Instructions: 71COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf5231f5cbaa4b8234126d37f594381cd22946e5321435ce745cd2eb56bf066b
                                    • Instruction ID: 28e57502db4a80bfb15bb38e676d02023a801d580e0d05efa956c41ff1bb854d
                                    • Opcode Fuzzy Hash: bf5231f5cbaa4b8234126d37f594381cd22946e5321435ce745cd2eb56bf066b
                                    • Instruction Fuzzy Hash: 9D216B34700209CFDB14DB78DA59AAD7BF6EF48244F1044A9E806EB364EB36DD01CB61
                                    Function 016691E0 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30b28a0704f281f70a31087c135d5f97bdb790e1ad768c30b1b7fa5c958d7091
                                    • Instruction ID: b520566974d905feb21c038994ec1e9b0b4b71cb9c2333466ed89de9ea5fbc61
                                    • Opcode Fuzzy Hash: 30b28a0704f281f70a31087c135d5f97bdb790e1ad768c30b1b7fa5c958d7091
                                    • Instruction Fuzzy Hash: 2D217F34E102099FCB19CFA9C8549AEF7BAAF89304F10C61AEC16B7340DB709946CB50
                                    Function 01661850 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52e30dc81f02391b45eb9c5b87a8c7299ec92c1021682d764597fb00222e49ba
                                    • Instruction ID: 68b1af2e08e8a90f639b6f7e53bca1957822bf4c644f597e93f33764bf0f3399
                                    • Opcode Fuzzy Hash: 52e30dc81f02391b45eb9c5b87a8c7299ec92c1021682d764597fb00222e49ba
                                    • Instruction Fuzzy Hash: ED212C30B00209CFEB14EB69C9147AD77FAAB8A204F10056DD506EB354DB359D41CB91
                                    Function 01661678 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 33b796885d29dd554ad3a71eb67c2133dda306fb7f203e0a50ce062f57f76e4b
                                    • Instruction ID: 1b821d3359a72de979a143834f065031b80b3a0082edd7478754bb525ec6a8a5
                                    • Opcode Fuzzy Hash: 33b796885d29dd554ad3a71eb67c2133dda306fb7f203e0a50ce062f57f76e4b
                                    • Instruction Fuzzy Hash: 9E2184382601078FDB12FB6CED547697B5AE785354F108926D006C7356DB38DC458B91
                                    Function 01664F60 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 047ae9084841c6a21c4fec26f4c74ff7625302fd758491699bb21c5ed23ebc4e
                                    • Instruction ID: a4ee3770dda0db257a70d904b4156af83d597c12120d3b77b680c9f11e5dda6d
                                    • Opcode Fuzzy Hash: 047ae9084841c6a21c4fec26f4c74ff7625302fd758491699bb21c5ed23ebc4e
                                    • Instruction Fuzzy Hash: 25212C34710109CFDB14EB78DA59AAD77F6EB89240F100469E406EB364DB35DD01CBA1
                                    Function 0122D006 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3320981028.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_122d000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b6c75172741c46acf9c75cb4a6bd09379c500829add3708565c4b2d8aa1a01fe
                                    • Instruction ID: 9ab29a5ee353f8d790767932645bf4606b4ff384ad049c47018dee2433f3bea5
                                    • Opcode Fuzzy Hash: b6c75172741c46acf9c75cb4a6bd09379c500829add3708565c4b2d8aa1a01fe
                                    • Instruction Fuzzy Hash: B72180755083849FCB02CF64D994715BF71EB46314F28C5DAD9498F2A7C33A981ACB62
                                    Function 01660848 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 521d06d1e1a4e3ea789456e4e97d3fbec36aba048b01f4f08e567ce5ccd8ad6a
                                    • Instruction ID: f917d05afff559aa4224f24bb12e11715fe300f53a21e4b08f0ef689c8f5b7b8
                                    • Opcode Fuzzy Hash: 521d06d1e1a4e3ea789456e4e97d3fbec36aba048b01f4f08e567ce5ccd8ad6a
                                    • Instruction Fuzzy Hash: 94118230B102098BEF25EB7DDD147293659EB46214F224A3EF106CB346DB21DC858BC1
                                    Function 01660838 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0676e688f405fc0fcc2622f629a0e40632bcbce607c94553f0550daee0ad14f2
                                    • Instruction ID: 821b4dc4ee2a00b51e145cd7a1afb605d9af6b280f36843061cb1283646ec3b1
                                    • Opcode Fuzzy Hash: 0676e688f405fc0fcc2622f629a0e40632bcbce607c94553f0550daee0ad14f2
                                    • Instruction Fuzzy Hash: F411C630A102099BEF26E779DD10779365DE782214F228A3EF502CB343EB25CC858BC1
                                    Function 016607F9 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: de64820a9059684864051240aa17da3a81c0bb74ac542682b242519332850323
                                    • Instruction ID: 3a67e89034ee505f28baab11dae5004310a0521e8b4cd91336fe5280326eb3a3
                                    • Opcode Fuzzy Hash: de64820a9059684864051240aa17da3a81c0bb74ac542682b242519332850323
                                    • Instruction Fuzzy Hash: 6211AB71A1021A8BEF12FB6DDD1036D3659EB81214F12497FE141CF383E624CC8A8BC1
                                    Function 0166178A Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4bf5eed1eb253f6fada3832eaa9195470c6eece951df07f6d7ef61a49085b2d4
                                    • Instruction ID: db1ba38097e368050b9c1c1f34023e43e12b5a47143c1fa8aa8e22157387eb5f
                                    • Opcode Fuzzy Hash: 4bf5eed1eb253f6fada3832eaa9195470c6eece951df07f6d7ef61a49085b2d4
                                    • Instruction Fuzzy Hash: F011E576F512159BCF11AB789D452AE7EFAFB88660B100535E905D3340EF34C8028BD0
                                    Function 01661452 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 91f600c5381f434a41daf436d3604533afd755d059fcf46e0b216a749951f76d
                                    • Instruction ID: 880b26fbcb09476fe4dd3004366e7fbf418fa40e61b9fe6afbcbcc0df6527e85
                                    • Opcode Fuzzy Hash: 91f600c5381f434a41daf436d3604533afd755d059fcf46e0b216a749951f76d
                                    • Instruction Fuzzy Hash: 60117C31E022559FCF21EFBC8C802AD7BF9EB89261B14007AD805E7301E736E941CB95
                                    Function 01661460 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 23319099dd7885f3364527f26e0819a9b78a5ba73c60a47ad9befc2406f52bed
                                    • Instruction ID: 718a9e3b1fc84905e54d2bbad91b53034e8db378b9c44f56c568bb6cc0b7b462
                                    • Opcode Fuzzy Hash: 23319099dd7885f3364527f26e0819a9b78a5ba73c60a47ad9befc2406f52bed
                                    • Instruction Fuzzy Hash: 0D014031E022559FCF25EFBD88505AD7BFDEB89250B14047AD805E7301EB36D941CB95
                                    Function 01669910 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eaf8b777a2cd551a525f844b51b0c251e6fabec175646185a523eb0a15019901
                                    • Instruction ID: 48e468e5c6301d4c54d0754600a8c13fddf11d2cad7d5c4a419257122bcee72e
                                    • Opcode Fuzzy Hash: eaf8b777a2cd551a525f844b51b0c251e6fabec175646185a523eb0a15019901
                                    • Instruction Fuzzy Hash: 4811C431A1010A8FDB14DE69DD8479ABBB6FF90310F648224C9095B389D774E946C7A0
                                    Function 016640C7 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2f4285478b5acf0604bb6d8312e1eb1b1585cb15742e0f77de23e16722a2f6e
                                    • Instruction ID: 8d0635239db1c840097d8b81db00640207895ec50ce68d23df7bb5a3e974c199
                                    • Opcode Fuzzy Hash: e2f4285478b5acf0604bb6d8312e1eb1b1585cb15742e0f77de23e16722a2f6e
                                    • Instruction Fuzzy Hash: 83111730E0124EDEDF25EB98DD987ECBB7AAF6521AF14103AD011B2691DF7408C5CB15
                                    Function 0166099B Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9622011d4e0a8fb3cb257217d7b1668c583b2b23de7003cecf441ef660e10268
                                    • Instruction ID: 411f66d75a801eae79b5254bc1aca5f80c3bd08657364336d7b1ac12d3decb7b
                                    • Opcode Fuzzy Hash: 9622011d4e0a8fb3cb257217d7b1668c583b2b23de7003cecf441ef660e10268
                                    • Instruction Fuzzy Hash: CFF0591290C799DAFF33B6744C1422C7A4ECB81264B5427BEE3D89F25BD2018D0983D1
                                    Function 016614EC Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5bd4204ae55ff160249da5566914454edcaab8b90d3f38052e1de7a8c0347930
                                    • Instruction ID: e4c47ef8089ca5b075b0868d2a8a80bd4f14b5fe0ce5633d4c0fba41ffae242d
                                    • Opcode Fuzzy Hash: 5bd4204ae55ff160249da5566914454edcaab8b90d3f38052e1de7a8c0347930
                                    • Instruction Fuzzy Hash: BBF0F633E061508BDB218BAC8C901ACBFB9EAE616171800EBD805DB711D335E942C751
                                    Function 01668171 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b96c6e6d26b1375bedf7969f97492eed772f81c7bc7e73491aa0ba920b74f4ff
                                    • Instruction ID: ef3464038cd65c54f8644334095bf7553ba4b41203b4a4b9401cea8d85d6a5c0
                                    • Opcode Fuzzy Hash: b96c6e6d26b1375bedf7969f97492eed772f81c7bc7e73491aa0ba920b74f4ff
                                    • Instruction Fuzzy Hash: 9201F23051018F8FCB06EBA4EA509CD7BB1EB41300F1046EDC0004F29BEE356A46D781
                                    Function 01668180 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3321938879.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1660000_Shipping Documents_pdf.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 09caddb408d2233e10e9edf0b10b2595e7bf2f5230502606dda7694fb4e442d3
                                    • Instruction ID: 2a0be93efe24c901ed80f65067d64b46e695a486ada586a18d11e50bd4e058ef
                                    • Opcode Fuzzy Hash: 09caddb408d2233e10e9edf0b10b2595e7bf2f5230502606dda7694fb4e442d3
                                    • Instruction Fuzzy Hash: E1F0313091010FDFDB05FFA4EA5059DBBB1EB40300F5086A9C1049B259EE346E4A9B81