Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Shipping Docs Waybill No 2009 xxxx 351.exe

Overview

General Information

Sample name:Shipping Docs Waybill No 2009 xxxx 351.exe
Analysis ID:1589830
MD5:354725d3df06a1f01c0fe40b5613f21f
SHA1:28a300ab00a8e2d8b218adc084a2b946309d4fb7
SHA256:635e20a681b1d8e8a4318e345cff50dc04cbd032a7414640137cbf5fa1c09a84
Tags:exeuser-koluke
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Drops executable to a common third party application directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Shipping Docs Waybill No 2009 xxxx 351.exe (PID: 6240 cmdline: "C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exe" MD5: 354725D3DF06A1F01C0FE40B5613F21F)
    • InstallUtil.exe (PID: 3884 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • adobe.exe (PID: 6828 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • conhost.exe (PID: 7152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • adobe.exe (PID: 4492 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • conhost.exe (PID: 1488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://s4.serv00.com", "Username": "f2241_evica", "Password": "Doll650@@"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.4585427601.0000000002E9C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.2338931748.0000000005050000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 14 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.39c55e8.2.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x32156:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x321c8:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x32252:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x322e4:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x3234e:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x323c0:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x32456:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x324e6:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                    • 0x2f439:$s2: GetPrivateProfileString
                    • 0x2eb44:$s3: get_OSFullName
                    • 0x3016e:$s5: remove_Key
                    • 0x30313:$s5: remove_Key
                    • 0x31272:$s6: FtpWebRequest
                    • 0x32138:$s7: logins
                    • 0x326aa:$s7: logins
                    • 0x353bb:$s7: logins
                    • 0x3546d:$s7: logins
                    • 0x36dbe:$s7: logins
                    • 0x36007:$s9: 1.85 (Hash, version 2, native byte-order)
                    Click to see the 12 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\adobe\adobe.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 3884, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-13T08:17:36.066091+010020299271A Network Trojan was detected192.168.2.649797213.189.52.18121TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-13T08:17:36.634276+010028555421A Network Trojan was detected192.168.2.649808213.189.52.18165180TCP
                    2025-01-13T08:17:36.639600+010028555421A Network Trojan was detected192.168.2.649808213.189.52.18165180TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://s4.serv00.comAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://s4.serv00.com", "Username": "f2241_evica", "Password": "Doll650@@"}
                    Multi AV Scanner detection for submitted file
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeVirustotal: Detection: 45%Perma Link
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeReversingLabs: Detection: 42%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeJoe Sandbox ML: detected
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49786 version: TLS 1.2
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339673768.0000000005220000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339673768.0000000005220000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: adobe.exe, 00000005.00000000.2455879904.0000000000262000.00000002.00000001.01000000.00000007.sdmp, adobe.exe.4.dr
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: InstallUtil.pdb source: adobe.exe, 00000005.00000000.2455879904.0000000000262000.00000002.00000001.01000000.00000007.sdmp, adobe.exe.4.dr
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_04D005FC
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_04D00608
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 0513C959h0_2_0513C8F8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 0513C531h0_2_0513C198
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 0513C531h0_2_0513C1A8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 0513C959h0_2_0513C888
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 0513C959h0_2_0513C8E9
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 0513C959h0_2_0513CAEC
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 051721D8h0_2_05172118
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 051721D8h0_2_05172120
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 05184313h0_2_0518409D
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 05184313h0_2_05183F90
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 4x nop then jmp 05184313h0_2_05183FB8

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.6:49808 -> 213.189.52.181:65180
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.6:49797 -> 213.189.52.181:21
                    Source: global trafficTCP traffic: 192.168.2.6:49808 -> 213.189.52.181:65180
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewIP Address: 213.189.52.181 213.189.52.181
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownFTP traffic detected: 213.189.52.181:21 -> 192.168.2.6:49797 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.220-Local time is now 08:17. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.220-Local time is now 08:17. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.220-Local time is now 08:17. Server port: 21.220-This is a private system - No anonymous login220 You will be disconnected after 15 minutes of inactivity.
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: s4.serv00.com
                    Source: InstallUtil.exe, 00000004.00000002.4585427601.0000000002E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s4.serv00.com
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: InstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: InstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49786 version: TLS 1.2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05177850 NtResumeThread,0_2_05177850
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05173A90 NtProtectVirtualMemory,0_2_05173A90
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05177940 NtResumeThread,0_2_05177940
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0517784B NtResumeThread,0_2_0517784B
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05173A8B NtProtectVirtualMemory,0_2_05173A8B
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D0F5F00_2_04D0F5F0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D077B80_2_04D077B8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D0911B0_2_04D0911B
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D052200_2_04D05220
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D0F3180_2_04D0F318
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D0D5F80_2_04D0D5F8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D077A80_2_04D077A8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D01A800_2_04D01A80
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D01A710_2_04D01A71
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D052100_2_04D05210
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04D228480_2_04D22848
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F7D5800_2_04F7D580
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F76CB80_2_04F76CB8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F76CA80_2_04F76CA8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F708380_2_04F70838
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F708280_2_04F70828
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F7DFB80_2_04F7DFB8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F773800_2_04F77380
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_04F7736F0_2_04F7736F
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0504C6F00_2_0504C6F0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_050419980_2_05041998
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_050432E00_2_050432E0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0504152A0_2_0504152A
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_050415380_2_05041538
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0504ABC00_2_0504ABC0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_050432D00_2_050432D0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05138E380_2_05138E38
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0513E3E80_2_0513E3E8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051575A80_2_051575A8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0515DCB00_2_0515DCB0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05151F2A0_2_05151F2A
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05159BD80_2_05159BD8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0515759B0_2_0515759B
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051500060_2_05150006
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051500400_2_05150040
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0515F2A80_2_0515F2A8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0515DFD70_2_0515DFD7
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0515A9400_2_0515A940
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05159BC80_2_05159BC8
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051701B00_2_051701B0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0517573F0_2_0517573F
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051701580_2_05170158
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051701A30_2_051701A3
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051815F00_2_051815F0
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051815E10_2_051815E1
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0532E5380_2_0532E538
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_053100070_2_05310007
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_053100400_2_05310040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011CE3204_2_011CE320
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011CB3A24_2_011CB3A2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011C4A904_2_011C4A90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011C3E784_2_011C3E78
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011CEEB04_2_011CEEB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011C41C04_2_011C41C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068335C84_2_068335C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068328984_2_06832898
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068328A84_2_068328A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068966384_2_06896638
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068934A84_2_068934A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_06897DC84_2_06897DC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_0689C5D84_2_0689C5D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068955E84_2_068955E8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_06895D1B4_2_06895D1B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_0689B2694_2_0689B269
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068976E84_2_068976E8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_0689E8004_2_0689E800
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068900074_2_06890007
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_068900404_2_06890040
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B3A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B8A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2337660756.0000000004D50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDeaksbwsbek.dll" vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2320983186.00000000008DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed9e9e37e-59b8-4cab-97db-2b15f3b5cf75.exe4 vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.0000000002B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed9e9e37e-59b8-4cab-97db-2b15f3b5cf75.exe4 vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339673768.0000000005220000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000000.2125752738.0000000000360000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVglmtzbyai.exe6 vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeBinary or memory string: OriginalFilenameVglmtzbyai.exe6 vs Shipping Docs Waybill No 2009 xxxx 351.exe
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/4@2/2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\adobe\adobe.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:120:WilError_03
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeVirustotal: Detection: 45%
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeReversingLabs: Detection: 42%
                    Source: unknownProcess created: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exe "C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exe"
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic file information: File size 1166336 > 1048576
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x11c200
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339673768.0000000005220000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339673768.0000000005220000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: adobe.exe, 00000005.00000000.2455879904.0000000000262000.00000002.00000001.01000000.00000007.sdmp, adobe.exe.4.dr
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: InstallUtil.pdb source: adobe.exe, 00000005.00000000.2455879904.0000000000262000.00000002.00000001.01000000.00000007.sdmp, adobe.exe.4.dr

                    Data Obfuscation

                    barindex
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.39c55e8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.5050000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.5050000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.39c55e8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.38fc7f8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2338931748.0000000005050000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Docs Waybill No 2009 xxxx 351.exe PID: 6240, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_0504B008 push eax; retf 0_2_0504B00A
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05171DB7 push eax; retf 0_2_05171DC1
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051773EB push eax; ret 0_2_051773F1
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_051773E8 pushad ; ret 0_2_051773E9
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeCode function: 0_2_05313DB4 push esi; ret 0_2_05313DBA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011CE320 push eax; ret 4_2_011CE9F5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011CEAAC push eax; ret 4_2_011CE9F5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011C0C54 push ebx; retf 4_2_011C0C52
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011C0C45 push ebx; retf 4_2_011C0C52
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_011C0CCC push edi; retf 4_2_011C0C7A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_06837ACB push es; ret 4_2_06837AD0
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exeStatic PE information: section name: .text entropy: 7.970709490276797

                    Persistence and Installation Behavior

                    barindex
                    Drops executable to a common third party application directory
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile written: C:\Users\user\AppData\Roaming\Adobe\adobe.exeJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeFile created: \shipping docs waybill no 2009 xxxx 351.exe
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeFile created: \shipping docs waybill no 2009 xxxx 351.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Adobe\adobe.exeJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run adobeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run adobeJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\adobe\adobe.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Shipping Docs Waybill No 2009 xxxx 351.exe PID: 6240, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory allocated: CD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory allocated: 26A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory allocated: 46A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 11C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 900000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 26A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 24F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597787Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597121Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596358Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596016Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595797Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595686Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595577Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595357Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594921Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594811Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594702Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594393Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1634Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8214Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5608Thread sleep count: 1634 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5608Thread sleep count: 8214 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -599000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598672s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598343s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598234s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598125s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -598015s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597906s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597787s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597672s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597343s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597234s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597121s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -597015s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596906s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596796s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596687s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596578s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596468s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596358s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596249s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596140s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -596016s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595906s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595797s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595686s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595577s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595468s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595357s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595249s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595140s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -595031s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -594921s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -594811s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -594702s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -594393s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5648Thread sleep time: -594140s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 4868Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 7032Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597787Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597121Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596358Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596016Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595797Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595686Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595577Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595357Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594921Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594811Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594702Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594393Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                    Source: Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                    Source: InstallUtil.exe, 00000004.00000002.4590647038.0000000006032000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: DCD008Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeQueries volume information: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\adobe.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\adobe.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4585427601.0000000002E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4585427601.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Docs Waybill No 2009 xxxx 351.exe PID: 6240, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3884, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4585427601.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Docs Waybill No 2009 xxxx 351.exe PID: 6240, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3884, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Shipping Docs Waybill No 2009 xxxx 351.exe.37c6228.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4585427601.0000000002E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4585427601.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Shipping Docs Waybill No 2009 xxxx 351.exe PID: 6240, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3884, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		211
                    Process Injection                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		2
                    Software Packing                    		Security Account Manager211
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    DLL Side-Loading                    		NTDS1
                    Process Discovery                    		Distributed Component Object Model1
                    Clipboard Data                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                    Masquerading                    		LSA Secrets141
                    Virtualization/Sandbox Evasion                    		SSHKeylogging23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
                    Virtualization/Sandbox Evasion                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                    Process Injection                    		DCSync1
                    System Network Configuration Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Hidden Files and Directories                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589830 Sample: Shipping Docs Waybill No 20... Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 25 s4.serv00.com 2->25 27 api.ipify.org 2->27 41 Suricata IDS alerts for network traffic 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 9 other signatures 2->47 7 Shipping Docs Waybill No 2009 xxxx 351.exe 2 2->7         started        10 adobe.exe 4 2->10         started        12 adobe.exe 3 2->12         started        signatures3 process4 signatures5 49 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->49 51 Writes to foreign memory regions 7->51 53 Injects a PE file into a foreign processes 7->53 14 InstallUtil.exe 16 3 7->14         started        19 conhost.exe 10->19         started        21 conhost.exe 12->21         started        process6 dnsIp7 29 s4.serv00.com 213.189.52.181, 21, 49797, 49808 ECO-ATMAN-PLECO-ATMAN-PL Poland 14->29 31 api.ipify.org 104.26.13.205, 443, 49786 CLOUDFLARENETUS United States 14->31 23 C:\Users\user\AppData\Roaming\...\adobe.exe, PE32 14->23 dropped 33 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->33 35 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 14->35 37 Tries to steal Mail credentials (via file / registry access) 14->37 39 4 other signatures 14->39 file8 signatures9

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Shipping Docs Waybill No 2009 xxxx 351.exe46%VirustotalBrowse
                    Shipping Docs Waybill No 2009 xxxx 351.exe42%ReversingLabsWin32.Virus.Virut
                    Shipping Docs Waybill No 2009 xxxx 351.exe100%AviraTR/Dropper.Gen
                    Shipping Docs Waybill No 2009 xxxx 351.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Adobe\adobe.exe0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://s4.serv00.com100%Avira URL Cloudmalware

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.13.205
                    		truefalse
                      		high
                      s4.serv00.com
                      		213.189.52.181
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://github.com/mgravell/protobuf-netShipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://api.ipify.orgShipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/mgravell/protobuf-netiShipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/14436606/23354Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://account.dyn.com/Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/mgravell/protobuf-netJShipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.ipify.org/tInstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameShipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4585427601.0000000002E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://stackoverflow.com/q/11564914/23354;Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://stackoverflow.com/q/2152978/23354Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2339113136.00000000050C0000.00000004.08000000.00040000.00000000.sdmp, Shipping Docs Waybill No 2009 xxxx 351.exe, 00000000.00000002.2335863356.0000000003A7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://s4.serv00.comInstallUtil.exe, 00000004.00000002.4585427601.0000000002E9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              104.26.13.205
                                              		api.ipify.orgUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              213.189.52.181
                                              		s4.serv00.comPoland
                                              		57367ECO-ATMAN-PLECO-ATMAN-PLfalse

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1589830
                                              Start date and time:2025-01-13 08:16:21 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 8m 35s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:12
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:Shipping Docs Waybill No 2009 xxxx 351.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@7/4@2/2
                                              EGA Information:
                                              • Successful, ratio: 50%
                                              HCA Information:
                                              • Successful, ratio: 97%
                                              • Number of executed functions: 456
                                              • Number of non-executed functions: 32
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.109.210.53
                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target adobe.exe, PID 4492 because it is empty
                                              • Execution Graph export aborted for target adobe.exe, PID 6828 because it is empty
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              02:17:33API Interceptor10464442x Sleep call for process: InstallUtil.exe modified
                                              08:17:37AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run adobe C:\Users\user\AppData\Roaming\adobe\adobe.exe
                                              08:17:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run adobe C:\Users\user\AppData\Roaming\adobe\adobe.exe

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              104.26.13.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                              • api.ipify.org/
                                              lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                              • api.ipify.org/
                                              Simple1.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                              • api.ipify.org/
                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                              • api.ipify.org/
                                              file.exeGet hashmaliciousRDPWrap ToolBrowse
                                              • api.ipify.org/
                                              Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                              • api.ipify.org/
                                              213.189.52.181ukBQ4ch2nE.exeGet hashmaliciousAgentTeslaBrowse
                                                Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                  HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                    Statement JULY #U007e SEP 2024 USD 19,055.00.exeGet hashmaliciousAgentTeslaBrowse
                                                      Arrival Notice - BL 713410220035.PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                        BL NBNSA240600050.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                          DC74433Y7889021.xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            PRE ALERT Docs_PONBOM01577.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                              Ship Docs YINGHAI-MANE PO 240786.xlsx.exeGet hashmaliciousAgentTeslaBrowse

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                s4.serv00.comukBQ4ch2nE.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                Statement JULY #U007e SEP 2024 USD 19,055.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                Arrival Notice - BL 713410220035.PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                BL NBNSA240600050.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • 213.189.52.181
                                                                DC74433Y7889021.xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                • 213.189.52.181
                                                                PRE ALERT Docs_PONBOM01577.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                Ship Docs YINGHAI-MANE PO 240786.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                api.ipify.orgrCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                http://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                • 104.26.12.205
                                                                gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                • 104.26.13.205
                                                                gem2.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.12.205
                                                                gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                • 104.26.12.205
                                                                https://pub-ce1f93897bdf44e9b1cd99ad0325c570.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                • 172.67.74.152
                                                                https://support-confirm-help.click/Get hashmaliciousUnknownBrowse
                                                                • 172.67.74.152
                                                                zmpZMfK1b4.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                • 172.67.74.152
                                                                kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • 104.26.13.205
                                                                dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                CLOUDFLARENETUStrow.exeGet hashmaliciousUnknownBrowse
                                                                • 188.114.96.3
                                                                https://encryption-deme-group.lomiraxen.ru/PdoodjcL/#Mvercauteren.william@deme-group.comGet hashmaliciousUnknownBrowse
                                                                • 104.17.25.14
                                                                https://link.mail.beehiiv.com/ss/c/u001.dSnm3kaGd0BkNqLYPjeMfxWXllAYaBQ5sAn4OVD0j89GQGPZtwQlLugE_8c0wQMKfkpy5_wJ66BvE1Ognfzf5MlQMAeZ1qYs5mgwUBu3TAc6279Q43ISHz-HkVRC08yeDA4QvKWsqLTI1us9a0eXx18qeAibsZhjMMPvES-iG2zoVABKcwKIVWyx95VTVcFMSh6AEN3OCUfP_rXFvjKRbIPMuhn_dqYr8yUBKJvhhlJR9FhTpZPAULxzMbsYWp8k/4cu/JfECY1HwRl-ipvrNOktVcw/h23/h001.ibQl2N4tDD79TTzErix_sFWEGLTTuM6dTVMrTg3y5DkGet hashmaliciousUnknownBrowse
                                                                • 172.67.40.50
                                                                g3.elfGet hashmaliciousUnknownBrowse
                                                                • 1.1.1.1
                                                                g5.elfGet hashmaliciousUnknownBrowse
                                                                • 1.1.1.1
                                                                rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                https://app-nadexlxogi.webflow.io/Get hashmaliciousUnknownBrowse
                                                                • 172.64.151.8
                                                                https://postaboutx.com/Get hashmaliciousUnknownBrowse
                                                                • 172.67.134.64
                                                                https://informed.deliveryerz.top/us/Get hashmaliciousUnknownBrowse
                                                                • 104.16.40.28
                                                                https://informed.deliveryelc.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                • 104.21.38.157
                                                                ECO-ATMAN-PLECO-ATMAN-PLhttps://premium-subscription.app/planGet hashmaliciousUnknownBrowse
                                                                • 128.204.223.98
                                                                ukBQ4ch2nE.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                eu6OEBpBCI.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                • 91.227.41.9
                                                                HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                Amalgamers.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 185.36.171.17
                                                                Statement JULY #U007e SEP 2024 USD 19,055.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 213.189.52.181
                                                                9zldYT23H2.elfGet hashmaliciousMirai, GafgytBrowse
                                                                • 31.186.82.2
                                                                RicevutaPagamento_115538206.datGet hashmaliciousUnknownBrowse
                                                                • 128.204.223.111
                                                                http://bdvenlineabanven.serv00.net/Get hashmaliciousUnknownBrowse
                                                                • 85.194.246.69

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                3b5074b1b5d032e5620f69f9f700ff0ewuknbFMdeq.exeGet hashmaliciousFunkLockerBrowse
                                                                • 104.26.13.205
                                                                rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205
                                                                https://www.flndmy.er-xu.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://www.maps-s.xz-sr.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://www.support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://www.location.as-nt.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://findmy.cl-ew.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://www.maps.cx-vr.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                https://flndmy.ef-uc.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Users\user\AppData\Roaming\Adobe\adobe.exeOrder88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                  Factura modificada____678979879.exeGet hashmaliciousDarkCloudBrowse
                                                                    Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                      ORDER REF_47806798 .exeGet hashmaliciousXWormBrowse
                                                                        chiara.exeGet hashmaliciousCryptOne, DarkTortilla, Mofksys, XWormBrowse
                                                                          Bank Details.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                            Signed Document..exeGet hashmaliciousRemcos, DarkTortilla, PureLog StealerBrowse
                                                                              PO CONTRACT.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                image.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                  ABA NEW ORDER No.2400228341.pdf.exeGet hashmaliciousAsyncRATBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\adobe.exe.log

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                                                    File Type:CSV text
                                                                                    Category:modified
                                                                                    Size (bytes):1089
                                                                                    Entropy (8bit):5.3331074454898735
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:ML9E4KlKNE4oK2nMK/KDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlIHoVnM6YHKh3oPtHo6hAHKzeR
                                                                                    MD5:E54FE55F93C5501D5C4737CCF0E6E48B
                                                                                    SHA1:BEF9C1A7166E3E8C2C7762C42F8FCBB753B63283
                                                                                    SHA-256:2434AE4C4C8436A64A4F3317638DF77C38CB7FFC226037ADE1DC6F6CD4745619
                                                                                    SHA-512:5422F02595B12ACFE23AF8C69ACF43B5529C700FC3FA5ADEDDBDFF36737C22D7AE23FCD4A39869DF6D02D7D708F951142983E60ED90EADFDCE5CC40B164AD19D
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\48ee4ec9441351bbe4d9095c96b8ea01\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\Nati

                                                                                    C:\Users\user\AppData\Roaming\Adobe\adobe.exe

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:modified
                                                                                    Size (bytes):42064
                                                                                    Entropy (8bit):6.19564898727408
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:qtpFVLK0MsihB9VKS7xdgl6KJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+RPZTg:GBMs2SqdSZ6Iq8BxTfqWR8h7ukP
                                                                                    MD5:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                    SHA1:F0209900FBF08D004B886A0B3BA33EA2B0BF9DA8
                                                                                    SHA-256:AC1A3F21FCC88F9CEE7BF51581EAFBA24CC76C924F0821DEB2AFDF1080DDF3D3
                                                                                    SHA-512:9AC94880684933BA3407CDC135ABC3047543436567AF14CD9269C4ADC5A6535DB7B867D6DE0D6238A21B94E69F9890DBB5739155871A624520623A7E56872159
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: Order88983273293729387293828PDF.exe, Detection: malicious, Browse
                                                                                    • Filename: Factura modificada____678979879.exe, Detection: malicious, Browse
                                                                                    • Filename: Lista de cotizaciones.exe, Detection: malicious, Browse
                                                                                    • Filename: ORDER REF_47806798 .exe, Detection: malicious, Browse
                                                                                    • Filename: chiara.exe, Detection: malicious, Browse
                                                                                    • Filename: Bank Details.exe, Detection: malicious, Browse
                                                                                    • Filename: Signed Document..exe, Detection: malicious, Browse
                                                                                    • Filename: PO CONTRACT.exe, Detection: malicious, Browse
                                                                                    • Filename: image.exe, Detection: malicious, Browse
                                                                                    • Filename: ABA NEW ORDER No.2400228341.pdf.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,>.]..............0..T...........r... ........@.. ....................................`.................................4r..O....................b..PB...........p............................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............`..............@..B................hr......H........"..|J..........lm.......o......................................2~.....o....*.r...p(....*VrK..p(....s.........*..0..........(....(....o....o....(....o.... .....T(....o....(....o....o ...o!....4(....o....(....o....o ...o".....(....rm..ps#...o....($........(%....o&....ry..p......%.r...p.%.(.....(....('....((.......o)...('........*.*................"..(*...*..{Q...-...}Q.....(+...(....(,....(+...*"..(-...*..(....*..(.....r...p.(/...o0...s....}T...*....0.. .......~S...-.s

                                                                                    \Device\ConDrv

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):2017
                                                                                    Entropy (8bit):4.659840607039457
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:zK4QsD4ql0+1AcJRy0EJP64gFljVlWo3ggxUnQK2qmBvgw1+5:zKgDEcTytNe3Wo3uQVBIe+5
                                                                                    MD5:3BF802DEB390033F9A89736CBA5BFAFF
                                                                                    SHA1:25A7177A92E0283B99C85538C4754A12AC8AD197
                                                                                    SHA-256:5202EB464D6118AC60F72E89FBAAACF1FB8CF6A232F98F47F88D0E7B2F3AFDB3
                                                                                    SHA-512:EB4F440D28ECD5834FD347F43D4828CA9FEE900FF003764DD1D18B95E0B84E414EAECF70D75236A1463366A189BC5CBA21613F79B5707BF7BDB3CEA312CCE4F7
                                                                                    Malicious:false
                                                                                    Preview:Microsoft (R) .NET Framework Installation utility Version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....Usage: InstallUtil [/u | /uninstall] [option [...]] assembly [[option [...]] assembly] [...]]....InstallUtil executes the installers in each given assembly...If the /u or /uninstall switch is specified, it uninstalls..the assemblies, otherwise it installs them. Unlike other..options, /u applies to all assemblies, regardless of where it..appears on the command line.....Installation is done in a transactioned way: If one of the..assemblies fails to install, the installations of all other..assemblies are rolled back. Uninstall is not transactioned.....Options take the form /switch=[value]. Any option that occurs..before the name of an assembly will apply to that assembly's..installation. Options are cumulative but overridable - options..specified for one assembly will apply to the next as well unless..the option is specified with a new value. The default for

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):7.967455101637419
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    File name:Shipping Docs Waybill No 2009 xxxx 351.exe
                                                                                    File size:1'166'336 bytes
                                                                                    MD5:354725d3df06a1f01c0fe40b5613f21f
                                                                                    SHA1:28a300ab00a8e2d8b218adc084a2b946309d4fb7
                                                                                    SHA256:635e20a681b1d8e8a4318e345cff50dc04cbd032a7414640137cbf5fa1c09a84
                                                                                    SHA512:9c8b7807ce0531a688c26426b90352a6d21f9cfe7df480d484bea46d451ba5e6f6a56570a86a6be6673a6e38013ddb46bfbdfa9115c216c7807c6fec5218b78e
                                                                                    SSDEEP:24576:yr/LaBQDJDFlGOhvP7iUOpqYqjpYlA7dfUWTpSuaWV0cMc92:yvvDrGkvP7iUw98p57dflbaWOcMC2
                                                                                    TLSH:C245230AFB4D9AF2D185BB39C9A78C060370FB869513E98E348F065E5E0377E4D5429B
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*1.g................................. ........@.. .......................@............`................................

                                                                                    File Icon

                                                                                    Icon Hash:00928e8e8686b000

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x51e10e
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x6784312A [Sun Jan 12 21:16:26 2025 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x11e0c00x4b.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1200000x5b8.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1220000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x11c1140x11c20084b86329431e1326b9115637968d1c3aFalse0.9701059310382754data7.970709490276797IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x1200000x5b80x600b0229303330d8757ed13da3358506ceeFalse0.419921875data4.094465691842465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x1220000xc0x20000b6333d21438afda920dc11186f5de5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_VERSION0x1200a00x32cdata0.4248768472906404
                                                                                    RT_MANIFEST0x1203cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2025-01-13T08:17:36.066091+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.649797213.189.52.18121TCP
                                                                                    2025-01-13T08:17:36.634276+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.649808213.189.52.18165180TCP
                                                                                    2025-01-13T08:17:36.639600+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.649808213.189.52.18165180TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Jan 13, 2025 08:17:32.917012930 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:32.917088032 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:32.917473078 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:32.925250053 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:32.925278902 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.401822090 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.401964903 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:33.406141996 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:33.406171083 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.406640053 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.457142115 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:33.460027933 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:33.507325888 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.566023111 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.566174984 CET44349786104.26.13.205192.168.2.6
                                                                                    Jan 13, 2025 08:17:33.566555023 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:33.575964928 CET49786443192.168.2.6104.26.13.205
                                                                                    Jan 13, 2025 08:17:34.121335030 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:34.126229048 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:34.126416922 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:34.730808020 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:34.731091976 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:34.736732006 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:34.926415920 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:34.939913988 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:34.944802999 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.241342068 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.241513968 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:35.246371984 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.448038101 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.448326111 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:35.453152895 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.643153906 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.643317938 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:35.648225069 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.846856117 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:35.847014904 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:35.851886034 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.060436010 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.061023951 CET4980865180192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.065872908 CET6518049808213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.066009998 CET4980865180192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.066091061 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.070879936 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.634001970 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.634275913 CET4980865180192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.634319067 CET4980865180192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.639166117 CET6518049808213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.639542103 CET6518049808213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.639600039 CET4980865180192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.675900936 CET4979721192.168.2.6213.189.52.181
                                                                                    Jan 13, 2025 08:17:36.829602957 CET2149797213.189.52.181192.168.2.6
                                                                                    Jan 13, 2025 08:17:36.879012108 CET4979721192.168.2.6213.189.52.181

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Jan 13, 2025 08:17:32.904504061 CET5748253192.168.2.61.1.1.1
                                                                                    Jan 13, 2025 08:17:32.911578894 CET53574821.1.1.1192.168.2.6
                                                                                    Jan 13, 2025 08:17:34.097464085 CET5669853192.168.2.61.1.1.1
                                                                                    Jan 13, 2025 08:17:34.120623112 CET53566981.1.1.1192.168.2.6

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Jan 13, 2025 08:17:32.904504061 CET192.168.2.61.1.1.10x1fd3Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 08:17:34.097464085 CET192.168.2.61.1.1.10x806bStandard query (0)s4.serv00.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Jan 13, 2025 08:17:32.911578894 CET1.1.1.1192.168.2.60x1fd3No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 08:17:32.911578894 CET1.1.1.1192.168.2.60x1fd3No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 08:17:32.911578894 CET1.1.1.1192.168.2.60x1fd3No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 08:17:34.120623112 CET1.1.1.1192.168.2.60x806bNo error (0)s4.serv00.com213.189.52.181A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • api.ipify.org

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.649786104.26.13.2054433884C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 07:17:33 UTC155OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                    Host: api.ipify.org
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 07:17:33 UTC424INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 07:17:33 GMT
                                                                                    Content-Type: text/plain
                                                                                    Content-Length: 12
                                                                                    Connection: close
                                                                                    Vary: Origin
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 90139b7479ac6a5b-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1568&rtt_var=620&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=769&delivery_rate=1720683&cwnd=209&unsent_bytes=0&cid=d304fe2ba345259b&ts=180&x=0"
                                                                                    2025-01-13 07:17:33 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                    Data Ascii: 8.46.123.189


                                                                                    FTP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                                    Jan 13, 2025 08:17:34.730808020 CET2149797213.189.52.181192.168.2.6220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                                                    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.
                                                                                    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.220-Local time is now 08:17. Server port: 21.
                                                                                    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.220-Local time is now 08:17. Server port: 21.220-This is a private system - No anonymous login
                                                                                    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 150 allowed.220-Local time is now 08:17. Server port: 21.220-This is a private system - No anonymous login220 You will be disconnected after 15 minutes of inactivity.
                                                                                    Jan 13, 2025 08:17:34.731091976 CET4979721192.168.2.6213.189.52.181USER f2241_evica
                                                                                    Jan 13, 2025 08:17:34.926415920 CET2149797213.189.52.181192.168.2.6331 User f2241_evica OK. Password required
                                                                                    Jan 13, 2025 08:17:34.939913988 CET4979721192.168.2.6213.189.52.181PASS Doll650@@
                                                                                    Jan 13, 2025 08:17:35.241342068 CET2149797213.189.52.181192.168.2.6230 OK. Current restricted directory is /
                                                                                    Jan 13, 2025 08:17:35.448038101 CET2149797213.189.52.181192.168.2.6504 Unknown command
                                                                                    Jan 13, 2025 08:17:35.448326111 CET4979721192.168.2.6213.189.52.181PWD
                                                                                    Jan 13, 2025 08:17:35.643153906 CET2149797213.189.52.181192.168.2.6257 "/" is your current location
                                                                                    Jan 13, 2025 08:17:35.643317938 CET4979721192.168.2.6213.189.52.181TYPE I
                                                                                    Jan 13, 2025 08:17:35.846856117 CET2149797213.189.52.181192.168.2.6200 TYPE is now 8-bit binary
                                                                                    Jan 13, 2025 08:17:35.847014904 CET4979721192.168.2.6213.189.52.181PASV
                                                                                    Jan 13, 2025 08:17:36.060436010 CET2149797213.189.52.181192.168.2.6227 Entering Passive Mode (213,189,52,181,254,156)
                                                                                    Jan 13, 2025 08:17:36.066091061 CET4979721192.168.2.6213.189.52.181STOR PW_user-424505_2025_01_13_02_17_33.html
                                                                                    Jan 13, 2025 08:17:36.634001970 CET2149797213.189.52.181192.168.2.6150 Accepted data connection
                                                                                    Jan 13, 2025 08:17:36.829602957 CET2149797213.189.52.181192.168.2.6226-File successfully transferred
                                                                                    226-File successfully transferred226 0.195 seconds (measured here), 1.75 Kbytes per second

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:02:17:12
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Shipping Docs Waybill No 2009 xxxx 351.exe"
                                                                                    Imagebase:0x240000
                                                                                    File size:1'166'336 bytes
                                                                                    MD5 hash:354725D3DF06A1F01C0FE40B5613F21F
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2338931748.0000000005050000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2335863356.000000000387D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2335863356.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2335863356.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2322165464.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:02:17:31
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                    Imagebase:0xb30000
                                                                                    File size:42'064 bytes
                                                                                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4585427601.0000000002E9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4585427601.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4585427601.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4582316143.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:02:17:45
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                                                    Imagebase:0x260000
                                                                                    File size:42'064 bytes
                                                                                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 0%, ReversingLabs
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:02:17:45
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff66e660000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:8
                                                                                    Start time:02:17:53
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                                                    Imagebase:0x430000
                                                                                    File size:42'064 bytes
                                                                                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:02:17:53
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff66e660000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:13.2%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:7%
                                                                                      Total number of Nodes:227
                                                                                      Total number of Limit Nodes:12
                                                                                      execution_graph 60357 4d007c0 60358 4d00809 VirtualProtect 60357->60358 60360 4d00876 60358->60360 60365 5158981 60366 51586f7 60365->60366 60367 513d3d0 2 API calls 60366->60367 60368 513d3c0 2 API calls 60366->60368 60367->60366 60368->60366 60369 5158881 60370 5158890 60369->60370 60376 5182240 60370->60376 60381 5182231 60370->60381 60371 51586f7 60374 513d3d0 2 API calls 60371->60374 60375 513d3c0 2 API calls 60371->60375 60374->60371 60375->60371 60377 5182255 60376->60377 60387 51823ff 60377->60387 60392 51824d3 60377->60392 60378 518226b 60378->60371 60382 51821da 60381->60382 60383 518223e 60381->60383 60382->60371 60385 51823ff 2 API calls 60383->60385 60386 51824d3 2 API calls 60383->60386 60384 518226b 60384->60371 60385->60384 60386->60384 60389 518240f 60387->60389 60388 51824ee 60388->60378 60389->60388 60390 5182fd8 VirtualProtect 60389->60390 60391 5182fe0 VirtualProtect 60389->60391 60390->60389 60391->60389 60394 51824d9 60392->60394 60393 51824ee 60393->60378 60394->60393 60395 5182fd8 VirtualProtect 60394->60395 60396 5182fe0 VirtualProtect 60394->60396 60395->60394 60396->60394 60321 5173a90 60322 5173adf NtProtectVirtualMemory 60321->60322 60324 5173b57 60322->60324 60325 515879e 60326 51586f7 60325->60326 60329 513d3d0 60326->60329 60334 513d3c0 60326->60334 60330 513d3e5 60329->60330 60339 513d818 60330->60339 60344 513d808 60330->60344 60331 513d3fb 60331->60326 60335 513d3e5 60334->60335 60337 513d818 2 API calls 60335->60337 60338 513d808 2 API calls 60335->60338 60336 513d3fb 60336->60326 60337->60336 60338->60336 60340 513d842 60339->60340 60341 513d886 60340->60341 60349 5181f68 60340->60349 60353 5181f60 60340->60353 60341->60331 60346 513d842 60344->60346 60345 513d886 60345->60331 60346->60345 60347 5181f68 SleepEx 60346->60347 60348 5181f60 SleepEx 60346->60348 60347->60346 60348->60346 60350 5181fac SleepEx 60349->60350 60352 518200c 60350->60352 60352->60340 60354 5181fac SleepEx 60353->60354 60356 518200c 60354->60356 60356->60340 60619 515935e 60620 51586f7 60619->60620 60621 5159382 60620->60621 60622 513d3d0 2 API calls 60620->60622 60623 513d3c0 2 API calls 60620->60623 60622->60620 60623->60620 60397 5158b08 60398 5158b12 60397->60398 60404 518ad98 60398->60404 60415 518ada8 60398->60415 60399 51586f7 60400 513d3d0 2 API calls 60399->60400 60401 513d3c0 2 API calls 60399->60401 60400->60399 60401->60399 60405 518ada8 60404->60405 60426 518b30e 60405->60426 60429 518b575 60405->60429 60432 518b2a4 60405->60432 60435 518b263 60405->60435 60438 518b4c2 60405->60438 60441 518b1e0 60405->60441 60444 518b1f0 60405->60444 60447 518b5b0 60405->60447 60416 518adbd 60415->60416 60418 518b30e 11 API calls 60416->60418 60419 518b5b0 11 API calls 60416->60419 60420 518b1f0 11 API calls 60416->60420 60421 518b1e0 11 API calls 60416->60421 60422 518b4c2 11 API calls 60416->60422 60423 518b263 11 API calls 60416->60423 60424 518b2a4 11 API calls 60416->60424 60425 518b575 11 API calls 60416->60425 60417 518add3 60417->60399 60418->60417 60419->60417 60420->60417 60421->60417 60422->60417 60423->60417 60424->60417 60425->60417 60427 518b24d 60426->60427 60450 518c7e0 60427->60450 60430 518b24d 60429->60430 60430->60429 60431 518c7e0 11 API calls 60430->60431 60431->60430 60433 518b24d 60432->60433 60434 518c7e0 11 API calls 60433->60434 60434->60433 60436 518b24d 60435->60436 60437 518c7e0 11 API calls 60436->60437 60437->60436 60439 518b24d 60438->60439 60440 518c7e0 11 API calls 60439->60440 60440->60439 60442 518b1e5 60441->60442 60443 518c7e0 11 API calls 60442->60443 60443->60442 60445 518b21a 60444->60445 60446 518c7e0 11 API calls 60445->60446 60446->60445 60448 518b24d 60447->60448 60449 518c7e0 11 API calls 60448->60449 60449->60448 60451 518c805 60450->60451 60454 518c9cb 60451->60454 60455 518c9e3 60454->60455 60459 518d110 60455->60459 60473 518d100 60455->60473 60456 518c9f5 60460 518d125 60459->60460 60487 518e85d 60460->60487 60492 518e4eb 60460->60492 60497 518dab9 60460->60497 60502 518e586 60460->60502 60507 518dec5 60460->60507 60512 518e214 60460->60512 60518 518d854 60460->60518 60523 518e2e1 60460->60523 60528 518ddbf 60460->60528 60535 518dbbf 60460->60535 60540 518e6dd 60460->60540 60461 518d147 60461->60456 60474 518d110 60473->60474 60476 518dab9 2 API calls 60474->60476 60477 518e4eb 2 API calls 60474->60477 60478 518e85d 2 API calls 60474->60478 60479 518e6dd 2 API calls 60474->60479 60480 518dbbf 2 API calls 60474->60480 60481 518ddbf 3 API calls 60474->60481 60482 518e2e1 2 API calls 60474->60482 60483 518d854 2 API calls 60474->60483 60484 518e214 3 API calls 60474->60484 60485 518dec5 2 API calls 60474->60485 60486 518e586 2 API calls 60474->60486 60475 518d147 60475->60456 60476->60475 60477->60475 60478->60475 60479->60475 60480->60475 60481->60475 60482->60475 60483->60475 60484->60475 60485->60475 60486->60475 60488 518e875 60487->60488 60546 518ee10 60488->60546 60550 518ee00 60488->60550 60489 518d655 60493 518e4fa 60492->60493 60567 51768a8 60493->60567 60571 51768a1 60493->60571 60494 518e526 60498 518dac8 60497->60498 60575 51771c0 60498->60575 60579 51771c8 60498->60579 60499 518db39 60503 518e595 60502->60503 60505 51771c0 WriteProcessMemory 60503->60505 60506 51771c8 WriteProcessMemory 60503->60506 60504 518d655 60505->60504 60506->60504 60508 518decf 60507->60508 60583 5176ef0 60508->60583 60587 5176ef8 60508->60587 60509 518e384 60513 518e21e 60512->60513 60591 5177940 60513->60591 60596 517784b 60513->60596 60600 5177850 60513->60600 60514 518e276 60514->60461 60519 518d863 60518->60519 60521 51771c0 WriteProcessMemory 60519->60521 60522 51771c8 WriteProcessMemory 60519->60522 60520 518d655 60520->60461 60521->60520 60522->60520 60524 518e2eb 60523->60524 60526 5176ef0 VirtualAllocEx 60524->60526 60527 5176ef8 VirtualAllocEx 60524->60527 60525 518e384 60526->60525 60527->60525 60529 518e23a 60528->60529 60530 518d655 60528->60530 60532 5177940 NtResumeThread 60529->60532 60533 5177850 NtResumeThread 60529->60533 60534 517784b NtResumeThread 60529->60534 60531 518e276 60531->60461 60532->60531 60533->60531 60534->60531 60536 518dbce 60535->60536 60538 51768a1 Wow64SetThreadContext 60536->60538 60539 51768a8 Wow64SetThreadContext 60536->60539 60537 518d655 60538->60537 60539->60537 60541 518d655 60540->60541 60542 518e307 60540->60542 60544 5176ef0 VirtualAllocEx 60542->60544 60545 5176ef8 VirtualAllocEx 60542->60545 60543 518e384 60544->60543 60545->60543 60547 518ee27 60546->60547 60548 518ee49 60547->60548 60554 518f021 60547->60554 60548->60489 60551 518ee10 60550->60551 60552 518ee49 60551->60552 60553 518f021 2 API calls 60551->60553 60552->60489 60553->60552 60555 518f030 60554->60555 60559 51745df 60555->60559 60563 51745e8 60555->60563 60560 5174668 CreateProcessA 60559->60560 60562 5174864 60560->60562 60564 5174668 CreateProcessA 60563->60564 60566 5174864 60564->60566 60568 51768f1 Wow64SetThreadContext 60567->60568 60570 5176969 60568->60570 60570->60494 60572 51768f1 Wow64SetThreadContext 60571->60572 60574 5176969 60572->60574 60574->60494 60576 51771c8 WriteProcessMemory 60575->60576 60578 51772ad 60576->60578 60578->60499 60580 5177214 WriteProcessMemory 60579->60580 60582 51772ad 60580->60582 60582->60499 60584 5176ef6 VirtualAllocEx 60583->60584 60586 5176fb4 60584->60586 60586->60509 60588 5176f3c VirtualAllocEx 60587->60588 60590 5176fb4 60588->60590 60590->60509 60592 517794a 60591->60592 60595 51778ac 60591->60595 60592->60514 60593 517791b 60593->60514 60594 51778ba NtResumeThread 60594->60595 60595->60593 60595->60594 60598 5177850 60596->60598 60597 51778ba NtResumeThread 60597->60598 60598->60597 60599 517791b 60598->60599 60599->60514 60602 5177899 60600->60602 60601 51778ba NtResumeThread 60601->60602 60602->60601 60603 517791b 60602->60603 60603->60514 60604 515890a 60605 515892f 60604->60605 60607 5182240 2 API calls 60605->60607 60608 5182231 2 API calls 60605->60608 60606 51586f7 60609 513d3d0 2 API calls 60606->60609 60610 513d3c0 2 API calls 60606->60610 60607->60606 60608->60606 60609->60606 60610->60606

                                                                                      Executed Functions

                                                                                      Function 05151F2A Relevance: 7.0, Strings: 4, Instructions: 1954COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 5151f2a-51522db 39 51522e2-515230c 0->39 40 51522dd 0->40 225 5152312 call 5154a31 39->225 226 5152312 call 5154a40 39->226 227 5152312 call 5154ac0 39->227 40->39 42 5152318-51526aa 63 51526b1-51528a0 42->63 64 51526ac 42->64 77 51528a7-5152ab0 63->77 78 51528a2 63->78 64->63 91 5152ab7-5152cea 77->91 92 5152ab2 77->92 78->77 105 5152cf1-5153d26 91->105 106 5152cec 91->106 92->91 217 5153d2c-5153d34 105->217 218 51500d8-51500de 105->218 106->105 217->218 219 51500e7-5151094 218->219 220 51500e0-515056b 218->220 219->218 220->218 224 5150571-5150579 220->224 224->218 225->42 226->42 227->42
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4$Fnv$Om]$Z
                                                                                      • API String ID: 0-1436779786
                                                                                      • Opcode ID: c50b3e123a46a26cc9b81669d7fdab0d51d2b753735e0b7f721dee61c90d6468
                                                                                      • Instruction ID: e6468f1b2ddc4ba7aea7b6517cdc90462f0ca349ca2cc325211dd0e63840e100
                                                                                      • Opcode Fuzzy Hash: c50b3e123a46a26cc9b81669d7fdab0d51d2b753735e0b7f721dee61c90d6468
                                                                                      • Instruction Fuzzy Hash: BF13E27A510514AFCB469F84DC44E99BBB2FB4D314B0681D4E2099B33ACB36EDA1EF50
                                                                                      Function 04D077B8 Relevance: 2.6, Strings: 1, Instructions: 1335COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 367 4d077b8-4d077e6 368 4d077e8 367->368 369 4d077ed-4d0790f 367->369 368->369 373 4d07911-4d0792d call 4d0a338 369->373 374 4d07933-4d0793f 369->374 373->374 375 4d07941 374->375 376 4d07946-4d0794b 374->376 375->376 377 4d07983-4d079cc 376->377 378 4d0794d-4d07959 376->378 389 4d079d3-4d07c98 377->389 390 4d079ce 377->390 380 4d07960-4d0797e 378->380 381 4d0795b 378->381 382 4d090e7-4d090ed 380->382 381->380 384 4d09118 382->384 385 4d090ef-4d0910f 382->385 388 4d09119 384->388 385->384 388->388 415 4d086c8-4d086d4 389->415 390->389 416 4d086da-4d08712 415->416 417 4d07c9d-4d07ca9 415->417 425 4d087ec-4d087f2 416->425 418 4d07cb0-4d07dd5 417->418 419 4d07cab 417->419 454 4d07e15-4d07e9e 418->454 455 4d07dd7-4d07e0f 418->455 419->418 427 4d08717-4d08794 425->427 428 4d087f8-4d08830 425->428 444 4d08796-4d0879a 427->444 445 4d087c7-4d087e9 427->445 438 4d08b8e-4d08b94 428->438 440 4d08835-4d08a37 438->440 441 4d08b9a-4d08be2 438->441 535 4d08ad6-4d08ada 440->535 536 4d08a3d-4d08ad1 440->536 451 4d08be4-4d08c57 441->451 452 4d08c5d-4d08c69 441->452 444->445 446 4d0879c-4d087c4 444->446 445->425 446->445 451->452 456 4d08c70-4d08ca8 452->456 480 4d07ea0-4d07ea8 454->480 481 4d07ead-4d07f31 454->481 455->454 474 4d090b1-4d090b7 456->474 476 4d08cad-4d08d2f 474->476 477 4d090bd-4d090e5 474->477 495 4d08d31-4d08d4c 476->495 496 4d08d57-4d08d63 476->496 477->382 484 4d086b9-4d086c5 480->484 516 4d07f40-4d07fc4 481->516 517 4d07f33-4d07f3b 481->517 484->415 495->496 497 4d08d65 496->497 498 4d08d6a-4d08d76 496->498 497->498 502 4d08d78-4d08d84 498->502 503 4d08d89-4d08d98 498->503 504 4d09098-4d090ae 502->504 505 4d08da1-4d09079 503->505 506 4d08d9a 503->506 504->474 539 4d09084-4d09090 505->539 506->505 508 4d08f00-4d08f69 506->508 509 4d08e92-4d08efb 506->509 510 4d08e15-4d08e8d 506->510 511 4d08da7-4d08e10 506->511 512 4d08f6e-4d08fd6 506->512 508->539 509->539 510->539 511->539 546 4d0904a-4d09050 512->546 560 4d07fd3-4d08057 516->560 561 4d07fc6-4d07fce 516->561 517->484 542 4d08b37-4d08b74 535->542 543 4d08adc-4d08b35 535->543 558 4d08b75-4d08b8b 536->558 539->504 542->558 543->558 551 4d09052-4d0905c 546->551 552 4d08fd8-4d09036 546->552 551->539 565 4d09038 552->565 566 4d0903d-4d09047 552->566 558->438 573 4d08066-4d080ea 560->573 574 4d08059-4d08061 560->574 561->484 565->566 566->546 580 4d080f9-4d0817d 573->580 581 4d080ec-4d080f4 573->581 574->484 587 4d0818c-4d08210 580->587 588 4d0817f-4d08187 580->588 581->484 594 4d08212-4d0821a 587->594 595 4d0821f-4d082a3 587->595 588->484 594->484 601 4d082b2-4d08336 595->601 602 4d082a5-4d082ad 595->602 608 4d08345-4d083c9 601->608 609 4d08338-4d08340 601->609 602->484 615 4d083d8-4d0845c 608->615 616 4d083cb-4d083d3 608->616 609->484 622 4d0846b-4d084ef 615->622 623 4d0845e-4d08466 615->623 616->484 629 4d084f1-4d084f9 622->629 630 4d084fe-4d08582 622->630 623->484 629->484 636 4d08591-4d08615 630->636 637 4d08584-4d0858c 630->637 643 4d08624-4d086a8 636->643 644 4d08617-4d0861f 636->644 637->484 650 4d086b4-4d086b6 643->650 651 4d086aa-4d086b2 643->651 644->484 650->484 651->484
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 2
                                                                                      • API String ID: 0-450215437
                                                                                      • Opcode ID: d1f692d148df4d53687c458788b21732ea1892b172002c81af5d3da6e3ebd5a7
                                                                                      • Instruction ID: 16e15305869562eb43eb61e020843b24a04d928e80de12e7b3ef0e9389489e08
                                                                                      • Opcode Fuzzy Hash: d1f692d148df4d53687c458788b21732ea1892b172002c81af5d3da6e3ebd5a7
                                                                                      • Instruction Fuzzy Hash: 2FE2C274A016288FCB64DF69D88479EBBF2FB89301F1191E9D509A7359DB30AE85CF40
                                                                                      Function 0515DCB0 Relevance: 2.4, Strings: 1, Instructions: 1175COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4
                                                                                      • API String ID: 0-4088798008
                                                                                      • Opcode ID: 5ee35172cebeee6e7897fac66f6d76cb218224c66dca30b8bad178bbadcdf1a5
                                                                                      • Instruction ID: 685f7d823d6c0263a85f44301ffd91663af91e0dac23364408f27f9afae5f3c7
                                                                                      • Opcode Fuzzy Hash: 5ee35172cebeee6e7897fac66f6d76cb218224c66dca30b8bad178bbadcdf1a5
                                                                                      • Instruction Fuzzy Hash: FBB2F834A00218CFDB14DFA4C994BADB7BAFF48310F158599E915AB2A9DB70ED81CF50
                                                                                      Function 051701B0 Relevance: 1.9, Strings: 1, Instructions: 610COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1057 51701b0-51701d1 1058 51701d3 1057->1058 1059 51701d8-5170268 call 5170cf0 1057->1059 1058->1059 1064 517026e-51702ab 1059->1064 1066 51702ad-51702b8 1064->1066 1067 51702ba 1064->1067 1068 51702c4-51703df 1066->1068 1067->1068 1079 51703f1-517041c 1068->1079 1080 51703e1-51703e7 1068->1080 1081 5170bd0-5170bec 1079->1081 1080->1079 1082 5170bf2-5170c0d 1081->1082 1083 5170421-5170584 1081->1083 1093 5170596-5170713 1083->1093 1094 5170586-517058c 1083->1094 1104 5170715-5170719 1093->1104 1105 5170778-5170782 1093->1105 1094->1093 1106 5170721-5170773 1104->1106 1107 517071b-517071c 1104->1107 1108 51709a9-51709c8 1105->1108 1109 5170a4e-5170ab9 1106->1109 1107->1109 1110 5170787-51708cd 1108->1110 1111 51709ce-51709f8 1108->1111 1127 5170acb-5170b16 1109->1127 1128 5170abb-5170ac1 1109->1128 1139 51708d3-517099f 1110->1139 1140 51709a2-51709a3 1110->1140 1117 5170a4b-5170a4c 1111->1117 1118 51709fa-5170a48 1111->1118 1117->1109 1118->1117 1130 5170bb5-5170bcd 1127->1130 1131 5170b1c-5170bb4 1127->1131 1128->1127 1130->1081 1131->1130 1139->1140 1140->1108
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8
                                                                                      • API String ID: 0-4194326291
                                                                                      • Opcode ID: 0496a325933afdc42eae6502cf7083b0e383d656a514c94661a569562146ca2f
                                                                                      • Instruction ID: bd63aab829c135f4a2b8d2324dff45666121dbf619d140663724d38d71d5ed41
                                                                                      • Opcode Fuzzy Hash: 0496a325933afdc42eae6502cf7083b0e383d656a514c94661a569562146ca2f
                                                                                      • Instruction Fuzzy Hash: E252C575E016298FDB64EF69C854AD9B7B2BF89300F1086EAD40DA7355DB30AE81CF50
                                                                                      Function 0515DFD7 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4
                                                                                      • API String ID: 0-4088798008
                                                                                      • Opcode ID: df6ce069451e3b185e49397ca9c42851b168a0c19fdeb90a059078ddd6c5c7d1
                                                                                      • Instruction ID: 5891fc9041f3fb66d00dff975227863ceeaece622d87991d59c359647882f93c
                                                                                      • Opcode Fuzzy Hash: df6ce069451e3b185e49397ca9c42851b168a0c19fdeb90a059078ddd6c5c7d1
                                                                                      • Instruction Fuzzy Hash: 1622F834A00215CFDB24DF64C994BADB7B6BF48310F1481E9E91AAB295DB70EE81CF50
                                                                                      Function 05173A8B Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05173B45
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2706961497-0
                                                                                      • Opcode ID: 5a116de96d5d3741bbe32c81ac7a3552c7a534af9cde4af6bd87c843a4b26a0b
                                                                                      • Instruction ID: 49a46b7a6ada8192daea5824cf5e1a2dad6c11cc6b04406023735c94c8848c14
                                                                                      • Opcode Fuzzy Hash: 5a116de96d5d3741bbe32c81ac7a3552c7a534af9cde4af6bd87c843a4b26a0b
                                                                                      • Instruction Fuzzy Hash: 454197B5D042589FCF10CFAAD980ADEFBB1BB49310F10A42AE915B7200D775A901CF68
                                                                                      Function 05173A90 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05173B45
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2706961497-0
                                                                                      • Opcode ID: 5011f609eb9e366a883021359ee4cd7e3a3645cf1f1a3f2c78c193677aa2483d
                                                                                      • Instruction ID: 189684008bb666906e4de54fc4e978929d4077dfa959146c569c7f5dba64d15f
                                                                                      • Opcode Fuzzy Hash: 5011f609eb9e366a883021359ee4cd7e3a3645cf1f1a3f2c78c193677aa2483d
                                                                                      • Instruction Fuzzy Hash: F54188B5D042599FCF10CFAAD980ADEFBB5BB49310F10A42AE915B7200D775A901CF68
                                                                                      Function 0517784B Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtResumeThread.NTDLL(?,?), ref: 051778DE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: 8cb592611b40f7d177173b1cfb9bfa50f7203a3104c19b6a9d3de65659376274
                                                                                      • Instruction ID: 70056b11f66e32242faee4a5c90e51e7847d70af6bf6c2114772fa2d9804c7e8
                                                                                      • Opcode Fuzzy Hash: 8cb592611b40f7d177173b1cfb9bfa50f7203a3104c19b6a9d3de65659376274
                                                                                      • Instruction Fuzzy Hash: 8E31B7B5D012199FDB10CFAAD980AAEFBF5FF48310F20942AE914B7240C779A901CF94
                                                                                      Function 05177850 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtResumeThread.NTDLL(?,?), ref: 051778DE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: eb5ef941db2784dad49c3fc277cb66ab3b3ca6689ca405817ed16f78906f58ba
                                                                                      • Instruction ID: d9f2b6ce0dede02dcd2a2cec9f7b51eb122bcfb2a0483c5dd2026a0b4e2260da
                                                                                      • Opcode Fuzzy Hash: eb5ef941db2784dad49c3fc277cb66ab3b3ca6689ca405817ed16f78906f58ba
                                                                                      • Instruction Fuzzy Hash: 9831C8B4D012199FDB10CFAAD980AAEFBF5FF48310F20942AE914B7200C775A901CF94
                                                                                      Function 05177940 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 961ac7a94a2e674b0248394c5fcc76bfe6f0dac7f290707941fcce57b4c22463
                                                                                      • Instruction ID: ec8910ede80640ade5dddb90801a0dc77c0a6483413638021a587a1765c25a94
                                                                                      • Opcode Fuzzy Hash: 961ac7a94a2e674b0248394c5fcc76bfe6f0dac7f290707941fcce57b4c22463
                                                                                      • Instruction Fuzzy Hash: A1212F75E06208CFDB10EFA8E884BADBBB0FF48314F14852AE415B7390CB756841CBA4
                                                                                      Function 04F7D580 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "
                                                                                      • API String ID: 0-123907689
                                                                                      • Opcode ID: 1dc32f22ad640e550a85f05f3b60d6733265d41d78afc6a59593511ed2b28a8f
                                                                                      • Instruction ID: c582a7596ae14b1b43bcda48a8cd20dac937afcf9b9eeb8dcf4fa436214fb0c4
                                                                                      • Opcode Fuzzy Hash: 1dc32f22ad640e550a85f05f3b60d6733265d41d78afc6a59593511ed2b28a8f
                                                                                      • Instruction Fuzzy Hash: DEB11974E05208CFEB14DF69D484B9DBBF2BF89304F6090AAD009A7395DB786986DF11
                                                                                      Function 05170158 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: h
                                                                                      • API String ID: 0-2439710439
                                                                                      • Opcode ID: 6d92314bfaf95e72844e2c16e1833a9895a760a9909c497d7aecd5d577660056
                                                                                      • Instruction ID: 497a5d2f7c46e0edee9719cef422284c92cc1451fa4e31b7f1437023cfe2f08c
                                                                                      • Opcode Fuzzy Hash: 6d92314bfaf95e72844e2c16e1833a9895a760a9909c497d7aecd5d577660056
                                                                                      • Instruction Fuzzy Hash: 6881B175E01629CFDB64EF69D854AD9B7B2BB89300F1082AAD509A7354DB30AE818F50
                                                                                      Function 051701A3 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: h
                                                                                      • API String ID: 0-2439710439
                                                                                      • Opcode ID: cc7347fc92d90d2d5894db09b447a65df924732e2d2b3ba81ca12894d40ddf45
                                                                                      • Instruction ID: cdac850f5bc83cc7c555e0ff2262ae83d29d79ccc4780c360c50b4efc9096d74
                                                                                      • Opcode Fuzzy Hash: cc7347fc92d90d2d5894db09b447a65df924732e2d2b3ba81ca12894d40ddf45
                                                                                      • Instruction Fuzzy Hash: F771E475E016298FDB24EF69D854BD9B7B2FF89300F1082AAD509A7354DB30AE85CF50
                                                                                      Function 04D05220 Relevance: 1.0, Instructions: 983COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70eaa41edbae17a5a8758edeee5e9a10a58a6191922f74db136e2cc56d38788a
                                                                                      • Instruction ID: 1be3fef720f0eedee9725242cc5ecccf79f2d4cf3da08d6c818619befcd7b51f
                                                                                      • Opcode Fuzzy Hash: 70eaa41edbae17a5a8758edeee5e9a10a58a6191922f74db136e2cc56d38788a
                                                                                      • Instruction Fuzzy Hash: ACA2C675A00228DFDB65CF69C884B99BBB2FF89304F1481D9D509AB365DB31AE81CF50
                                                                                      Function 05138E38 Relevance: .6, Instructions: 599COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7023e7fc1909b10515ef7dac8df141963f36cd575ae59f03445f122ac1e447c3
                                                                                      • Instruction ID: 62a028f6bbcea2ce91f19dc211042e950db063bca43879ddd3a3bf8708f56781
                                                                                      • Opcode Fuzzy Hash: 7023e7fc1909b10515ef7dac8df141963f36cd575ae59f03445f122ac1e447c3
                                                                                      • Instruction Fuzzy Hash: 3F327C74B006168FDB19CFA9C4A5A6EFBF2FF88300F24852AD55AD7341DB74A941CB90
                                                                                      Function 0504C6F0 Relevance: .5, Instructions: 549COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e87d5f1c4d13d3f6fd2561d2c71c96e7217fa202edc14e57ec70349f890dda1
                                                                                      • Instruction ID: fc310918bdc2c1a01748fcda950b8dd0623fb4527cc5866346cafd7c70be430b
                                                                                      • Opcode Fuzzy Hash: 4e87d5f1c4d13d3f6fd2561d2c71c96e7217fa202edc14e57ec70349f890dda1
                                                                                      • Instruction Fuzzy Hash: D7222274B012048FEB54DF29D588A6EBBE2BF89714F1584A9E506DB3A1DB31EC41CF90
                                                                                      Function 04D0911B Relevance: .5, Instructions: 539COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d9ecb1b556cd9184c85c2b07ec34a876f45e7f429b06a67db2da1595be57a04
                                                                                      • Instruction ID: 005e635d9a0ea7f1057ba19b64889949180c6923bf51deb419389480f09cb5e5
                                                                                      • Opcode Fuzzy Hash: 3d9ecb1b556cd9184c85c2b07ec34a876f45e7f429b06a67db2da1595be57a04
                                                                                      • Instruction Fuzzy Hash: 7A52BFB4A05628CFCB64DF28C994B9AB7B2FB89301F1091D9D90DA7355DB30AE81CF50
                                                                                      Function 05159BD8 Relevance: .4, Instructions: 413COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 61aab33c32923b11131a561d3fb4dbfc2ac9b27f9362b51d037517abd20677bc
                                                                                      • Instruction ID: a00eec925abbba9be6982a6cd8f7cb39fa19735d3592d7ba9611f1a94588ec44
                                                                                      • Opcode Fuzzy Hash: 61aab33c32923b11131a561d3fb4dbfc2ac9b27f9362b51d037517abd20677bc
                                                                                      • Instruction Fuzzy Hash: 82023374E05218CFDB24DF69D884BADBBF2BB89311F1081AAD819A7355DB706E85CF01
                                                                                      Function 05159BC8 Relevance: .4, Instructions: 404COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e86dcf7f7f46c0be705f8016e131681471b0b436aa0acdafcca660883e9376e6
                                                                                      • Instruction ID: 139948764a0f776106588b2dc8d79ae92a8e76e7a0c9eacd00dc2281aed362f3
                                                                                      • Opcode Fuzzy Hash: e86dcf7f7f46c0be705f8016e131681471b0b436aa0acdafcca660883e9376e6
                                                                                      • Instruction Fuzzy Hash: 13022374E05218CFDB24DF69D884BADBBF2BB89311F1081AAD819A7354DB746E85CF01
                                                                                      Function 0513E3E8 Relevance: .3, Instructions: 305COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d019f5279ea0c820faac5f63a0db0bf062c59c4242ec78ce42ba04f68a024d9
                                                                                      • Instruction ID: 3d25a470b062849344d146cba62705f1055b51ac838cb3d4e5de91d1e1fe5aa8
                                                                                      • Opcode Fuzzy Hash: 2d019f5279ea0c820faac5f63a0db0bf062c59c4242ec78ce42ba04f68a024d9
                                                                                      • Instruction Fuzzy Hash: F3D122B4E09318CFEB24DF69D555BADBBF6BB89300F2182A9D409A7344DB345985CF00
                                                                                      Function 050432E0 Relevance: .3, Instructions: 296COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5fa918949b4956c3fe24ccf649be52c1f7de33ff5191c368feb0adeb199596c3
                                                                                      • Instruction ID: 8ab48b7bcfacbcd76cb76357289b9e6c0f91efb7b2dc20b00c3d830b22afc22d
                                                                                      • Opcode Fuzzy Hash: 5fa918949b4956c3fe24ccf649be52c1f7de33ff5191c368feb0adeb199596c3
                                                                                      • Instruction Fuzzy Hash: 63C11AB0D09249CFDB20CF99E048BEEBBF2BB45315F00E469D856A7245D7785989CF80
                                                                                      Function 050432D0 Relevance: .3, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 401418b135488f8b29ccc16b244804169d7865a9da679c0087c9b83f1702698e
                                                                                      • Instruction ID: f5f2b997cc1f681b1c60634142ef9be0abe16db3d8fe46f52d9817a95ae694ef
                                                                                      • Opcode Fuzzy Hash: 401418b135488f8b29ccc16b244804169d7865a9da679c0087c9b83f1702698e
                                                                                      • Instruction Fuzzy Hash: 4DB106B4D09249CFDB20CF99E048BEEBBF2BB45315F00E469D85AAB245D7785985CF80
                                                                                      Function 04D0F5F0 Relevance: .3, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f0b74ae50d4388e809929e380a69ced8a3389e24ca3220d0ce8169966c5f07d
                                                                                      • Instruction ID: 97ed53eb7def4237ab1076b9d2e3b754eddcecc848513291792edb29818a9ab7
                                                                                      • Opcode Fuzzy Hash: 2f0b74ae50d4388e809929e380a69ced8a3389e24ca3220d0ce8169966c5f07d
                                                                                      • Instruction Fuzzy Hash: 35D1A474A01258CFDB54DFA9D890B9DBBF2FF49300F2091A9D409AB365DB71A981CF50
                                                                                      Function 051575A8 Relevance: .2, Instructions: 245COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9a2af65cce8e17c8fd078a3571dc3efceb188e42ff0460da2b68b8259bd632a
                                                                                      • Instruction ID: 2830f65f223215a0b5a2dfcd4c0bf69e2c403b8e184cb94c226db38a9dc05240
                                                                                      • Opcode Fuzzy Hash: d9a2af65cce8e17c8fd078a3571dc3efceb188e42ff0460da2b68b8259bd632a
                                                                                      • Instruction Fuzzy Hash: 3CA11874E05218CFEB14DFA9D885BADBBF2FB89350F209069D819A7395DB306985CF10
                                                                                      Function 0515759B Relevance: .2, Instructions: 241COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9208934ecf30f7b847f45b1746517abd3a174e09e557ba6b8d9f30207c586468
                                                                                      • Instruction ID: c8c9ccc3aea011ba3e50e5920a97e90738661f7ff2432683e6ee3c6f77d47996
                                                                                      • Opcode Fuzzy Hash: 9208934ecf30f7b847f45b1746517abd3a174e09e557ba6b8d9f30207c586468
                                                                                      • Instruction Fuzzy Hash: 29A10774E05218CFEB14DFA9D885BADBBF2FB89350F209069D819A7395DB306985CF10
                                                                                      Function 0517573F Relevance: .2, Instructions: 227COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 68f135eea3e5b94451e6f27ee88d51d309773911c7600b0b7d5a61a4e0d93c0d
                                                                                      • Instruction ID: 7826353567a8e1e616857211924de8c698d26eb2181d4a272985d237255d2c4e
                                                                                      • Opcode Fuzzy Hash: 68f135eea3e5b94451e6f27ee88d51d309773911c7600b0b7d5a61a4e0d93c0d
                                                                                      • Instruction Fuzzy Hash: ABA1F174E0562CCFEB24DF59C884BADBBF2BB89300F2291A9D509A7384D7705A85CF10
                                                                                      Function 05041998 Relevance: .2, Instructions: 187COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca9b2c256391c6ea701b6faae65458d9ca907a3e166114fa1af8b915d00a02e4
                                                                                      • Instruction ID: 5761470ec0376fcd48075952ad909f6f376fba1cacffc096204bdfea7114c733
                                                                                      • Opcode Fuzzy Hash: ca9b2c256391c6ea701b6faae65458d9ca907a3e166114fa1af8b915d00a02e4
                                                                                      • Instruction Fuzzy Hash: A87127B4E046098FDB54DFA9E444BAEB7F2FB88300F208169D40AA7389DB746D81CF50
                                                                                      Function 04D0F318 Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8c95e1794d41a676e3750ee225f43678e4710db3d85871202283460d8cfe590f
                                                                                      • Instruction ID: 63cfa42297ec342ec8238786dc47ac6842c5e6a452314f11bd57ab94c3139a29
                                                                                      • Opcode Fuzzy Hash: 8c95e1794d41a676e3750ee225f43678e4710db3d85871202283460d8cfe590f
                                                                                      • Instruction Fuzzy Hash: 19512674E052098BDB14DFA9D4807AEBBF2FB89310F24D529E409E7394D774E982CB90
                                                                                      Function 0513C888 Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1beee4d73afd9f0850d86b5a34f261fd8f61e1200447a604351ad3a2e767e57e
                                                                                      • Instruction ID: 022c8ab2cbc97be6611cc384bc8cab1bdc64c9a7cf2fd8a12d2461a1aef35b74
                                                                                      • Opcode Fuzzy Hash: 1beee4d73afd9f0850d86b5a34f261fd8f61e1200447a604351ad3a2e767e57e
                                                                                      • Instruction Fuzzy Hash: 4251E074905208CFDB14DFA8E5697ACBBF2BF49308F22512AD409B7294EB746D46CF40
                                                                                      Function 0513C8E9 Relevance: .1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c788789d045a0455764c70a504b458e8247ede697f660e1171fd1da26064b3fa
                                                                                      • Instruction ID: b60d9170d1acc6a83d34d1b75adc9404bffa8ebc7d3e7cb91210a398442da120
                                                                                      • Opcode Fuzzy Hash: c788789d045a0455764c70a504b458e8247ede697f660e1171fd1da26064b3fa
                                                                                      • Instruction Fuzzy Hash: 9E51F174909218CFDB14DFA8E4697EDBBB2BF49318F22512AD409B7284E7746D46CF80
                                                                                      Function 0513C8F8 Relevance: .1, Instructions: 140COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a80531b49fff71799d5b9787eb24caefe2b293959c2c0e6bd6c0bf7ffe86ac6
                                                                                      • Instruction ID: 5bb56a7d10edffd951808b31a03869da23d6e81cc36edf014411b48e67a5abd1
                                                                                      • Opcode Fuzzy Hash: 8a80531b49fff71799d5b9787eb24caefe2b293959c2c0e6bd6c0bf7ffe86ac6
                                                                                      • Instruction Fuzzy Hash: ED51F374909208CFDB14DFA8E4697ADBBF6BF49308F12502AD409B7255E7746D46CF80
                                                                                      Function 04D077A8 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e3f6abca060a857997fe471ed6449b95f2e6d11897bcae68fc38b353123d674
                                                                                      • Instruction ID: 354ab66ee3be514fd625b4d970917c6151f9c02896a0b028fe010e29025349c9
                                                                                      • Opcode Fuzzy Hash: 2e3f6abca060a857997fe471ed6449b95f2e6d11897bcae68fc38b353123d674
                                                                                      • Instruction Fuzzy Hash: D551A971E01A588BDB18CF6BDC4479EBAF3BFC9301F14D1A99408AB259DB705A818F50
                                                                                      Function 0513CAEC Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a45060a7e1410fdd982ca95ca36d18af39c80bd41cd9f869770a7e4e73e5fdef
                                                                                      • Instruction ID: fed6e1989cfad77b8bb402757e2f7b6aa8e9a13aa5bad9a8284f72215ee88f8a
                                                                                      • Opcode Fuzzy Hash: a45060a7e1410fdd982ca95ca36d18af39c80bd41cd9f869770a7e4e73e5fdef
                                                                                      • Instruction Fuzzy Hash: 3341E374905208CFDB14DFA8E56A7ACBBF2BF49304F22502AE409B7295EB746D46CF40
                                                                                      Function 051815E1 Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 243b180b8e3dd7c09acce9016a8c64ae50f4d0819363835b8d793fc38560cede
                                                                                      • Instruction ID: e31b24ec5e79b9dbdb34e8ffc28bc616fce42a17ebf964e5f2cd4206416eeb4c
                                                                                      • Opcode Fuzzy Hash: 243b180b8e3dd7c09acce9016a8c64ae50f4d0819363835b8d793fc38560cede
                                                                                      • Instruction Fuzzy Hash: D4310AB2D015189BEB18CFAAC9447EDBBF3BF89300F14C1AAD809A7254DB750946CF40
                                                                                      Function 05046C40 Relevance: 4.0, Strings: 3, Instructions: 273COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 228 5046c40 229 5046c9c-5046ca5 228->229 230 5046ca7-5046cbe 229->230 231 5046c7f-5046c89 call 504700f 229->231 232 5046cc4-5046cca 230->232 233 50468b1-50468b7 230->233 234 5046c8f-5046c9b 231->234 232->233 235 50468c0-50468c1 233->235 236 50468b9 233->236 237 5046907-5046908 235->237 236->229 236->231 236->235 236->237 238 50469c0-50469cd 236->238 239 5046901-5046902 236->239 240 5046c42-5046c53 236->240 241 50468c3-50468d0 236->241 242 5046a0d-5046a3c call 5041428 236->242 243 504690d-5046926 236->243 244 5046ace-5046acf 236->244 245 5046a4f-5046a50 236->245 246 504698f-50469ad 236->246 247 5046ad4-5046ae6 236->247 248 5046a55-5046a56 236->248 249 50469d2-50469d8 236->249 250 5046a52-5046a53 236->250 251 50468d2-50468d3 236->251 252 5046b93 236->252 253 5046b13-5046b1c 236->253 254 504695c-504697c 236->254 255 5046a9d-5046abd 236->255 256 5046b9f-5046bae 236->256 257 5046c5f-5046c60 236->257 258 50468d8-50468e4 236->258 259 5046b99-5046b9a 236->259 260 5046c59-5046c5a 236->260 261 5046b5a-5046b80 236->261 262 5046a5b-5046a61 236->262 263 5046c65 236->263 264 5046c28-5046c2c 236->264 265 5046c6b-5046c7a 236->265 266 5046bf5-5046c15 236->266 267 5046935-5046957 236->267 268 5046a77-5046a98 call 5041428 236->268 269 5046bb3-5046be2 call 5041428 236->269 270 5046c3f 236->270 237->253 238->233 239->249 240->260 241->233 242->233 297 5046a42-5046a4a 242->297 243->233 271 5046928-5046930 243->271 244->249 245->262 246->233 273 50469b3-50469bb 246->273 281 5046aed-5046b0e 247->281 282 5046ae8 247->282 248->249 274 50469e1-50469fa 249->274 275 50469da 249->275 250->268 251->249 252->259 283 5046b23-5046b2b 253->283 284 5046b1e 253->284 254->233 272 5046982-504698a 254->272 255->233 280 5046ac3-5046ac9 255->280 256->233 257->249 289 50468e6 258->289 290 50468eb-50468ff 258->290 259->262 260->262 261->233 285 5046b86-5046b8e 261->285 277 5046a63 262->277 278 5046a6a-5046a72 262->278 263->265 264->255 288 5046c32-5046c3a 264->288 265->233 266->233 287 5046c1b-5046c23 266->287 267->233 268->233 269->233 299 5046be8-5046bf0 269->299 270->228 271->233 272->233 273->233 274->233 293 5046a00-5046a08 274->293 275->238 275->240 275->246 275->247 275->253 275->258 275->261 275->263 275->264 275->274 277->240 277->247 277->258 277->278 278->233 280->233 281->233 282->281 283->243 292 5046b31-5046b47 283->292 284->283 285->233 287->233 288->233 289->290 290->233 292->233 298 5046b4d-5046b55 292->298 293->233 297->233 298->233 299->233
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$"$#
                                                                                      • API String ID: 0-2106968986
                                                                                      • Opcode ID: 97503084fca81b27f8c9882650d10ea9f81b4c950b1028977a93519cf310f937
                                                                                      • Instruction ID: 9183948db5b8a0664c7e1693fa0015e1c1f79548da27f20dfa35db12afd3824a
                                                                                      • Opcode Fuzzy Hash: 97503084fca81b27f8c9882650d10ea9f81b4c950b1028977a93519cf310f937
                                                                                      • Instruction Fuzzy Hash: 3CC1C2B4D05208CBEB00CFA9E448BEDB7F6BB4A304F109129D415BB345E7B6A989CF14
                                                                                      Function 04F70D50 Relevance: 3.8, Strings: 3, Instructions: 50COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 301 4f70d50-4f70d9e 305 4f722f6-4f722fd 301->305 306 4f70da4-4f70dac 301->306 307 4f726c3-4f726ca 305->307 308 4f72303-4f7230b 305->308 309 4f70917-4f7091f 306->309 310 4f711d0-4f711df 307->310 311 4f726d0-4f726d7 307->311 312 4f70921-4f70ca2 309->312 313 4f70928-4f71861 309->313 315 4f711e6-4f7120b 310->315 312->309 325 4f70ca8-4f70cb0 312->325 313->309 323 4f71867-4f7186f 313->323 315->309 320 4f71211-4f71219 315->320 320->309 323->309 325->309
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %$7$9
                                                                                      • API String ID: 0-1872426427
                                                                                      • Opcode ID: ac41f2b4e97357ccb15da74f9b2378e1eb6ad80ab7b547decaccea9da7382a6c
                                                                                      • Instruction ID: 00d1d7fe3d8bdd46746fb161e37319c54bca8d182b58220fe6c6df450bb97692
                                                                                      • Opcode Fuzzy Hash: ac41f2b4e97357ccb15da74f9b2378e1eb6ad80ab7b547decaccea9da7382a6c
                                                                                      • Instruction Fuzzy Hash: 8121F470E05229DFEB25DF64E888BADB7B5BF05304F0041AAD40967394DBB86A82DF00
                                                                                      Function 05048E08 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 326 5048e08-5048e43 328 5048e45 326->328 329 5048e4a-5048e78 326->329 328->329 332 5048e7b-5048e81 329->332 333 5048e83 332->333 334 5048e8a-5048e8b 332->334 335 5048fff-504902e call 5049ba9 333->335 336 5048f8a-5048fa5 333->336 337 5048ec4-5048ed5 333->337 338 5049069-5049098 call 5041428 333->338 334->335 334->336 344 5049034-504904d 335->344 336->332 340 5048fab-5048fb3 336->340 337->332 338->332 343 504909e-50490a6 338->343 340->332 343->332 344->332 345 5049053-504905b 344->345 345->332
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$&
                                                                                      • API String ID: 0-3844837790
                                                                                      • Opcode ID: f9729309436379787cc1cde09cfc7943c415720956b152226845fb2c44161ee3
                                                                                      • Instruction ID: d11440df4f233a7687ec348a4db543c1e6ea07c3aff60017e9d8b58cb459c3c5
                                                                                      • Opcode Fuzzy Hash: f9729309436379787cc1cde09cfc7943c415720956b152226845fb2c44161ee3
                                                                                      • Instruction Fuzzy Hash: 9D41E1B4E046188FEB14CFAAD844BAEBBF2BF89300F00C169D409AB355DB785985CF50
                                                                                      Function 05048E18 Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 347 5048e18-5048e43 348 5048e45 347->348 349 5048e4a-5048e78 347->349 348->349 352 5048e7b-5048e81 349->352 353 5048e83 352->353 354 5048e8a-5048e8b 352->354 355 5048fff-504902e call 5049ba9 353->355 356 5048f8a-5048fa5 353->356 357 5048ec4-5048ed5 353->357 358 5049069-5049098 call 5041428 353->358 354->355 354->356 364 5049034-504904d 355->364 356->352 360 5048fab-5048fb3 356->360 357->352 358->352 363 504909e-50490a6 358->363 360->352 363->352 364->352 365 5049053-504905b 364->365 365->352
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$&
                                                                                      • API String ID: 0-3844837790
                                                                                      • Opcode ID: c90b92cddca99b77a35795ff254086040ad87b0ab2b41b6e74bcdb202d5a8012
                                                                                      • Instruction ID: 9b01f00af1246ea2f8ab9d63b4756daefbd4388ed514b5036f731db2234b1aa0
                                                                                      • Opcode Fuzzy Hash: c90b92cddca99b77a35795ff254086040ad87b0ab2b41b6e74bcdb202d5a8012
                                                                                      • Instruction Fuzzy Hash: A241BEB4E046188FEB14CFAAD844BAEBBF2BF89300F10C569D409AB355DB745985DF50
                                                                                      Function 0504929C Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 653 504929c-50492e4 655 5048ee8-5048f1e 653->655 656 50492ea-50492f2 653->656 657 5048e7b-5048e81 655->657 662 5048f8a-5048fa5 655->662 656->657 659 5048e83 657->659 660 5048e8a-5048e8b 657->660 661 5048fff-504902e call 5049ba9 659->661 659->662 663 5048ec4-5048ed5 659->663 664 5049069-5049098 call 5041428 659->664 660->661 660->662 671 5049034-504904d 661->671 662->657 667 5048fab-5048fb3 662->667 663->657 664->657 670 504909e-50490a6 664->670 667->657 670->657 671->657 672 5049053-504905b 671->672 672->657
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "$&
                                                                                      • API String ID: 0-3882692551
                                                                                      • Opcode ID: ce4d20fac42ea4994898f0f691bb36822aec48d1e9cebaf07c7ab0ea6b4b7112
                                                                                      • Instruction ID: b1dda564f44cf5bcb406bf9c859c735e54e5fc3b513569e170d558c335cec4c4
                                                                                      • Opcode Fuzzy Hash: ce4d20fac42ea4994898f0f691bb36822aec48d1e9cebaf07c7ab0ea6b4b7112
                                                                                      • Instruction Fuzzy Hash: 8231F2B4A05218CFDB10CF99D888BAEBBF2FF89304F118165E405AB354C778A885DF20
                                                                                      Function 05048ED7 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 695 5048ed7-5048ee6 696 5048f8a-5048fa5 695->696 697 5048e7b-5048e81 695->697 696->697 700 5048fab-5048fb3 696->700 698 5048e83 697->698 699 5048e8a-5048e8b 697->699 698->696 701 5048fff-504902e call 5049ba9 698->701 702 5048ec4-5048ed5 698->702 703 5049069-5049098 call 5041428 698->703 699->696 699->701 700->697 708 5049034-504904d 701->708 702->697 703->697 707 504909e-50490a6 703->707 707->697 708->697 709 5049053-504905b 708->709 709->697
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &$'
                                                                                      • API String ID: 0-2539894669
                                                                                      • Opcode ID: 80132e555af789ee3ae349f2b4fc7d1cb56a172191081555e18b4ef531c3902d
                                                                                      • Instruction ID: 370ca119cedfa1dbf3bbb009b576264279ce2eae0744f85ae0defb5eee7a8d0b
                                                                                      • Opcode Fuzzy Hash: 80132e555af789ee3ae349f2b4fc7d1cb56a172191081555e18b4ef531c3902d
                                                                                      • Instruction Fuzzy Hash: 7121F5B4905218CFDB10CF99D948BADBBF2FF49304F108165D405AB354D7785989CF24
                                                                                      Function 051745DF Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1147 51745df-517467a 1149 51746c3-51746eb 1147->1149 1150 517467c-5174693 1147->1150 1154 5174731-5174787 1149->1154 1155 51746ed-5174701 1149->1155 1150->1149 1153 5174695-517469a 1150->1153 1156 51746bd-51746c0 1153->1156 1157 517469c-51746a6 1153->1157 1163 51747cd-5174862 CreateProcessA 1154->1163 1164 5174789-517479d 1154->1164 1155->1154 1165 5174703-5174708 1155->1165 1156->1149 1158 51746aa-51746b9 1157->1158 1159 51746a8 1157->1159 1158->1158 1162 51746bb 1158->1162 1159->1158 1162->1156 1177 5174864-517486a 1163->1177 1178 517486b-51748e1 1163->1178 1164->1163 1173 517479f-51747a4 1164->1173 1166 517472b-517472e 1165->1166 1167 517470a-5174714 1165->1167 1166->1154 1170 5174716 1167->1170 1171 5174718-5174727 1167->1171 1170->1171 1171->1171 1172 5174729 1171->1172 1172->1166 1175 51747c7-51747ca 1173->1175 1176 51747a6-51747b0 1173->1176 1175->1163 1179 51747b4-51747c3 1176->1179 1180 51747b2 1176->1180 1177->1178 1186 51748e3-51748e7 1178->1186 1187 51748f1-51748f5 1178->1187 1179->1179 1181 51747c5 1179->1181 1180->1179 1181->1175 1186->1187 1190 51748e9 1186->1190 1188 51748f7-51748fb 1187->1188 1189 5174905-5174909 1187->1189 1188->1189 1191 51748fd 1188->1191 1192 517490b-517490f 1189->1192 1193 5174919 1189->1193 1190->1187 1191->1189 1192->1193 1194 5174911 1192->1194 1195 517491a 1193->1195 1194->1193 1195->1195
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0517484F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: d8575cc384aaf4c000f3f9d8b39b1923d293607889b5f39fb2cc51ee4f108698
                                                                                      • Instruction ID: fc40e9a6bab37b53bef1b1dafb061f0334752f971d460fdbaaa12a71d2223aba
                                                                                      • Opcode Fuzzy Hash: d8575cc384aaf4c000f3f9d8b39b1923d293607889b5f39fb2cc51ee4f108698
                                                                                      • Instruction Fuzzy Hash: 7EA1FFB4D0025D9FDF20CFA9C885BEDBBB1BF49304F149169E859A7280DBB48985CF85
                                                                                      Function 051745E8 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1196 51745e8-517467a 1198 51746c3-51746eb 1196->1198 1199 517467c-5174693 1196->1199 1203 5174731-5174787 1198->1203 1204 51746ed-5174701 1198->1204 1199->1198 1202 5174695-517469a 1199->1202 1205 51746bd-51746c0 1202->1205 1206 517469c-51746a6 1202->1206 1212 51747cd-5174862 CreateProcessA 1203->1212 1213 5174789-517479d 1203->1213 1204->1203 1214 5174703-5174708 1204->1214 1205->1198 1207 51746aa-51746b9 1206->1207 1208 51746a8 1206->1208 1207->1207 1211 51746bb 1207->1211 1208->1207 1211->1205 1226 5174864-517486a 1212->1226 1227 517486b-51748e1 1212->1227 1213->1212 1222 517479f-51747a4 1213->1222 1215 517472b-517472e 1214->1215 1216 517470a-5174714 1214->1216 1215->1203 1219 5174716 1216->1219 1220 5174718-5174727 1216->1220 1219->1220 1220->1220 1221 5174729 1220->1221 1221->1215 1224 51747c7-51747ca 1222->1224 1225 51747a6-51747b0 1222->1225 1224->1212 1228 51747b4-51747c3 1225->1228 1229 51747b2 1225->1229 1226->1227 1235 51748e3-51748e7 1227->1235 1236 51748f1-51748f5 1227->1236 1228->1228 1230 51747c5 1228->1230 1229->1228 1230->1224 1235->1236 1239 51748e9 1235->1239 1237 51748f7-51748fb 1236->1237 1238 5174905-5174909 1236->1238 1237->1238 1240 51748fd 1237->1240 1241 517490b-517490f 1238->1241 1242 5174919 1238->1242 1239->1236 1240->1238 1241->1242 1243 5174911 1241->1243 1244 517491a 1242->1244 1243->1242 1244->1244
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0517484F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: d9c65b8ab6f7b8c7da1f7d7c988fe33c153b41cd100ef7b904dfbc077e4365d2
                                                                                      • Instruction ID: b1f8901c83af697a16ade10cb68960e37bd0e775ab6e573e7d8e1c08e53812c2
                                                                                      • Opcode Fuzzy Hash: d9c65b8ab6f7b8c7da1f7d7c988fe33c153b41cd100ef7b904dfbc077e4365d2
                                                                                      • Instruction Fuzzy Hash: 12A10170D0025D9FDF20CFA9C885BEEBBF1BB49304F109169E859A7240DBB48985CF85
                                                                                      Function 05176EF0 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1558 5176ef0-5176fb2 VirtualAllocEx 1562 5176fb4-5176fba 1558->1562 1563 5176fbb-5177005 1558->1563 1562->1563
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05176FA2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 8c7fb16854c86016a7f70fa416964c32067fb7cb046d11fc51b57efc08f236d5
                                                                                      • Instruction ID: ca79ac8bc5f4c6aba89b28c91f520e79f2cb14f3ebf04d46e297a5f03c1d07a2
                                                                                      • Opcode Fuzzy Hash: 8c7fb16854c86016a7f70fa416964c32067fb7cb046d11fc51b57efc08f236d5
                                                                                      • Instruction Fuzzy Hash: C451CFB9D0065DDFCF04CFA9D981AAEBBB1BB49310F10902AE919B7214D734A941CF54
                                                                                      Function 051771C0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1569 51771c0-5177233 1572 5177235-5177247 1569->1572 1573 517724a-51772ab WriteProcessMemory 1569->1573 1572->1573 1575 51772b4-5177306 1573->1575 1576 51772ad-51772b3 1573->1576 1576->1575
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0517729B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: ffa7e528e8f529d7b3379d82fae469efc299ca50bbec3a1cb0fd1a9a8ad8bbf8
                                                                                      • Instruction ID: c895924262e2acb61ad293bae61913a7e0057bc0acdf6fa33911dcbce8010172
                                                                                      • Opcode Fuzzy Hash: ffa7e528e8f529d7b3379d82fae469efc299ca50bbec3a1cb0fd1a9a8ad8bbf8
                                                                                      • Instruction Fuzzy Hash: 5B41A9B5D012589FDF00CFA9D984AEEBBF1FB49310F24902AE818B7250D775AA45CF64
                                                                                      Function 051771C8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0517729B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: d01f66765f3ea338d8d4a7a502f63d17d9413c94fcaa4bba8efb8174cd2ac4cc
                                                                                      • Instruction ID: 35b41c07a9166fd809aa344ada26fe50e603a28d6815c2f1a785ffaf470d1477
                                                                                      • Opcode Fuzzy Hash: d01f66765f3ea338d8d4a7a502f63d17d9413c94fcaa4bba8efb8174cd2ac4cc
                                                                                      • Instruction Fuzzy Hash: 9541A9B5D012589FDF00CFA9D984AEEBBF1BB49310F24902AE818B7240D774AA41CF64
                                                                                      Function 05176EF8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05176FA2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 3ad29d711ad10f88ed5f0d4416b9e1b448d3a2692fb6c94e35156d5658dcbd35
                                                                                      • Instruction ID: d8582d0ef7e3d8305b3044a755f5d09007809893410e49426bd645f71f079f07
                                                                                      • Opcode Fuzzy Hash: 3ad29d711ad10f88ed5f0d4416b9e1b448d3a2692fb6c94e35156d5658dcbd35
                                                                                      • Instruction Fuzzy Hash: 4F3197B9D042589FCF10CFA9D980AAEFBB5BB49310F10A42AE915BB200D775A901CF58
                                                                                      Function 05182FD8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05183084
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 18e69a781d11cab077e68334b4e64f22e8c7e09cfc7f509567ba2fed1d8526d8
                                                                                      • Instruction ID: e4fe34bb16308daf840c88632fd7df0cf702046d73eac446811bf5b78558d90b
                                                                                      • Opcode Fuzzy Hash: 18e69a781d11cab077e68334b4e64f22e8c7e09cfc7f509567ba2fed1d8526d8
                                                                                      • Instruction Fuzzy Hash: 7631D8B9D042589FCF10CFA9D985AEEFBB0BB08310F24942AE824B7200C779A945CF54
                                                                                      Function 05182FE0 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05183084
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: fb758d3324e231c38c69d523f63d78308d4f3a5adbb921d4ac0fb6754b8d0e50
                                                                                      • Instruction ID: b25c8e006bc9683fac7de96894af16f11716caedc6fe3fc21aa480141048e795
                                                                                      • Opcode Fuzzy Hash: fb758d3324e231c38c69d523f63d78308d4f3a5adbb921d4ac0fb6754b8d0e50
                                                                                      • Instruction Fuzzy Hash: 8F31D8B4D042489FCF10CFAAD980AEEFBB0BB48310F24942AE814B7200C779A944CF54
                                                                                      Function 04D007B9 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04D00864
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 322e6da0a4fbbe0a661c980f951d7e6f450b6df00bb5c5d99a7572cf76d41cf0
                                                                                      • Instruction ID: 09d4c50e6877661c00df31455331ee3ebfb9c1ee0d93cd8c992b3767ad32115e
                                                                                      • Opcode Fuzzy Hash: 322e6da0a4fbbe0a661c980f951d7e6f450b6df00bb5c5d99a7572cf76d41cf0
                                                                                      • Instruction Fuzzy Hash: 3C31C9B8D002499FDF14CFA9D980AEEFBB0BF49310F20942AE814BB200D735A941CF94
                                                                                      Function 04D007C0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04D00864
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 96acf5cc291d48c6003876643223d42dcabd111f82103dea83fc1fcd01dc6d9f
                                                                                      • Instruction ID: a39b38f211d913d93d982689a42e36d023b0e646ec69e67658e78f8d5b1a1a9a
                                                                                      • Opcode Fuzzy Hash: 96acf5cc291d48c6003876643223d42dcabd111f82103dea83fc1fcd01dc6d9f
                                                                                      • Instruction Fuzzy Hash: 5431A9B4D01248AFDF10CFA9D980AAEFBB0BF49310F20942AE814B7210D775A945CF94
                                                                                      Function 051768A1 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,?), ref: 05176957
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: 294bef234808b90d211510adfcc93cd713ed73579b454ff29c73db76641502a9
                                                                                      • Instruction ID: e15262e93cd469c8e0df4aec56768668b745ada141c91f48a94b8c864caafe04
                                                                                      • Opcode Fuzzy Hash: 294bef234808b90d211510adfcc93cd713ed73579b454ff29c73db76641502a9
                                                                                      • Instruction Fuzzy Hash: A241CAB5D00259DFDB14CFA9D985AEEBBF1BF48310F24802AE419BB240D778AA45CF54
                                                                                      Function 051768A8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,?), ref: 05176957
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: bdaaf07c44c1345c14401c0a7d1ef6ea3b17115894e87dd799dbfb0c3c808587
                                                                                      • Instruction ID: 6c573c5308bebcd6cee826d7a3670559976b26a186b4914b22d0307572f2d25c
                                                                                      • Opcode Fuzzy Hash: bdaaf07c44c1345c14401c0a7d1ef6ea3b17115894e87dd799dbfb0c3c808587
                                                                                      • Instruction Fuzzy Hash: E331CBB4D002589FDB14CFAAD984AAEBBF1BB48310F24802AE419BB240D778A945CF54
                                                                                      Function 0504E540 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: d
                                                                                      • API String ID: 0-2564639436
                                                                                      • Opcode ID: 51c9b8be9d29e1638edc85c027eb1e8028d0f45f56c8daa797f250ed4b02f7c0
                                                                                      • Instruction ID: 704d5cd996010c584703ea6584b62e99364d11726a5f0ce9b1913ed9614b1903
                                                                                      • Opcode Fuzzy Hash: 51c9b8be9d29e1638edc85c027eb1e8028d0f45f56c8daa797f250ed4b02f7c0
                                                                                      • Instruction Fuzzy Hash: 34D16974600602CFCB14CF28D584A6EBBF6FF88314B258969D55A9B7A1DB30F846CF91
                                                                                      Function 05181F60 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: 9550fa2559727618c520fa5e527b09d963a41a181e97fa3da1de02374743747f
                                                                                      • Instruction ID: 9c0908d21bbca766966829e18fe52038e3870577990ab195212d66c9cc1eb543
                                                                                      • Opcode Fuzzy Hash: 9550fa2559727618c520fa5e527b09d963a41a181e97fa3da1de02374743747f
                                                                                      • Instruction Fuzzy Hash: AC31DDB5D012589FDF10CFA9D981AEEBBF1BF48310F14942AE415B7240C778A905CF94
                                                                                      Function 05181F68 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: 6c713d828845c097401d46ad95a1817555424476888032875c748504217a1957
                                                                                      • Instruction ID: bbb2841ef1ccc96d2149356dfe57257c363f2f11967468e81033dac536be111c
                                                                                      • Opcode Fuzzy Hash: 6c713d828845c097401d46ad95a1817555424476888032875c748504217a1957
                                                                                      • Instruction Fuzzy Hash: C931EAB5D012189FCF20CFA9D980AAEFBF5BF48310F20942AE815B7200C779A901CF94
                                                                                      Function 0504069B Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: a3a0a3efac827cd9efab8cce242cd5d7d625835d34a4d3b9b51d571aab15f70f
                                                                                      • Instruction ID: c9ffa08b791a3555d28d018a66ca309664e0eb76237617bc406691d31800ff89
                                                                                      • Opcode Fuzzy Hash: a3a0a3efac827cd9efab8cce242cd5d7d625835d34a4d3b9b51d571aab15f70f
                                                                                      • Instruction Fuzzy Hash: 0C716DB4A05228DFDBA1DF68D994B99B7B2BB49300F1081EAE50DA7354DB306E81CF51
                                                                                      Function 05049BA9 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "
                                                                                      • API String ID: 0-123907689
                                                                                      • Opcode ID: 0908ef5ad1efda8f2d86ba128fae6d812f460b197f68b35beef43be3ea623319
                                                                                      • Instruction ID: b0bd0177ae57cab2a51ed3e12a16f86ea72c92d91b0b471c0d7c0cd137c9472a
                                                                                      • Opcode Fuzzy Hash: 0908ef5ad1efda8f2d86ba128fae6d812f460b197f68b35beef43be3ea623319
                                                                                      • Instruction Fuzzy Hash: F85175B4E04208DFDB04CF99E980AEEBBF6FB89310F10957AE814AB214C7359945CF64
                                                                                      Function 05048F24 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: e40ac161336aed03fb90f44cb54e958c769b0d62720ed2c9479ae264e2bf6adc
                                                                                      • Instruction ID: b4293960baf4d0fcf47ec1652753bfff62b0ff621f04888cca4a5b683ca5aa86
                                                                                      • Opcode Fuzzy Hash: e40ac161336aed03fb90f44cb54e958c769b0d62720ed2c9479ae264e2bf6adc
                                                                                      • Instruction Fuzzy Hash: 5D51D2B4A05218CFDB10CF99E988BADBBF2FF89304F108165E405AB355D778A989CF14
                                                                                      Function 05049064 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 4cd89fa12fb03cc17d87ce985551cbdf1f16f6f1dff32fce51d2db48c4823d19
                                                                                      • Instruction ID: 0c96dcc035e0ded0d0bea363a760038ab2f6f2be02097d468107b7dd5b9f00a8
                                                                                      • Opcode Fuzzy Hash: 4cd89fa12fb03cc17d87ce985551cbdf1f16f6f1dff32fce51d2db48c4823d19
                                                                                      • Instruction Fuzzy Hash: 0551D2B4A05218CFDB10CF99E888BADBBF2FF89304F108165E405AB355D778A985CF14
                                                                                      Function 05048E90 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: df1cec6d429aa16f1028e8d3ce4bafb21d6047b8c703797d6246625b38c53bd6
                                                                                      • Instruction ID: 4ab6261a566d484ff6631f917bdc93a52748c5e79a206b762ff2e74cd68c7d89
                                                                                      • Opcode Fuzzy Hash: df1cec6d429aa16f1028e8d3ce4bafb21d6047b8c703797d6246625b38c53bd6
                                                                                      • Instruction Fuzzy Hash: 6841C1B4909218CFDB10CF99E888BAEBBF2FF89304F109565D405AB365D7789989CF14
                                                                                      Function 04D018F1 Relevance: 1.3, APIs: 1, Instructions: 99memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04D01997
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 65dee34648d8d0bf7cc1ad5420263ea4a7b757ce0cc7a6dca5d76793b17fde6f
                                                                                      • Instruction ID: 866d89a220640f0dc7a3a22bfe13c37e5c7ee23f5011e1768340c5d7df817fc4
                                                                                      • Opcode Fuzzy Hash: 65dee34648d8d0bf7cc1ad5420263ea4a7b757ce0cc7a6dca5d76793b17fde6f
                                                                                      • Instruction Fuzzy Hash: ED31AAB5D00258DFDF14CFA9D880AAEFBB5BF49310F14942AE814BB210D775A945CF54
                                                                                      Function 04D018F8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04D01997
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: afcd8507894b7576b476ccdf1db1bc0e58b405b5d598dd778cf5859fc3d9fde0
                                                                                      • Instruction ID: 5bdd8078906f66ed1b5b99897f244891489634f4f3b88ba23e64f8c5952ad4c4
                                                                                      • Opcode Fuzzy Hash: afcd8507894b7576b476ccdf1db1bc0e58b405b5d598dd778cf5859fc3d9fde0
                                                                                      • Instruction Fuzzy Hash: 6F31BAB8D00248DFDF10CFA9D880AAEFBB4BF49310F14941AE814B7210D775A941CF54
                                                                                      Function 050490AC Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 9c8c26c72ceed420940a74852a30657dfb9b24722ec5f7de2a2ccbdb656f6089
                                                                                      • Instruction ID: 1a57dab88ccc94f9d5653c58b0912ad2906d1781edc1577fe6c777035d8052ea
                                                                                      • Opcode Fuzzy Hash: 9c8c26c72ceed420940a74852a30657dfb9b24722ec5f7de2a2ccbdb656f6089
                                                                                      • Instruction Fuzzy Hash: A931D2B4A05618CFDB10DF99E884BADBBF2FF89304F108565E405AB364D778A949CF14
                                                                                      Function 0504929F Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 49487fba4682eb0bcae1c01d9344ec83e15910eb3cfaf9a05d0e4c0e46b10f39
                                                                                      • Instruction ID: 1650c19f397c4f3b8c964993095913230fae8936e0c8c06724b5850462b22604
                                                                                      • Opcode Fuzzy Hash: 49487fba4682eb0bcae1c01d9344ec83e15910eb3cfaf9a05d0e4c0e46b10f39
                                                                                      • Instruction Fuzzy Hash: 9A31D2B4A05618CFDB10DF99E884BADBBF2FF89304F108565E405AB364D778A949CF14
                                                                                      Function 05048EE8 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: d7508755ec6eb0d2c7c9cc8ee29f95626766b9ba28ee77800f5ae2bcc2f1698a
                                                                                      • Instruction ID: 4ac77a704663c8e375be6e79de80a9b1e1941ee553353b9631587bb5485fc3a4
                                                                                      • Opcode Fuzzy Hash: d7508755ec6eb0d2c7c9cc8ee29f95626766b9ba28ee77800f5ae2bcc2f1698a
                                                                                      • Instruction Fuzzy Hash: 3E31C5B4A05618CFDB10DF99D888B9DBBF2FF89304F118165E405AB354D778A945DF20
                                                                                      Function 05049386 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 7c224b7c70230894865916cc50f4a47a915e5ab53f0b9b3e4e74df30fcdd3ec1
                                                                                      • Instruction ID: 6b08ebb40fb50875d48602e93cfdc0b65440e11619c19e46b9aa8d131c018455
                                                                                      • Opcode Fuzzy Hash: 7c224b7c70230894865916cc50f4a47a915e5ab53f0b9b3e4e74df30fcdd3ec1
                                                                                      • Instruction Fuzzy Hash: 0631CEB4A05208CFDB10DF99D988BADBBF2BF89304F109169D404AB355D7786985CF24
                                                                                      Function 05049134 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 2038262e868e8ccc66cc4ef1e126598ca9a3b6439d395ec25dd028a0cc70eb53
                                                                                      • Instruction ID: 99b187c7aa4f3a0708cd454bac1ebb77688fedb86de8130a20ff25d6bda28fbd
                                                                                      • Opcode Fuzzy Hash: 2038262e868e8ccc66cc4ef1e126598ca9a3b6439d395ec25dd028a0cc70eb53
                                                                                      • Instruction Fuzzy Hash: C331E3B4A05618CFDB10CF99D588BADBBF2FF88304F108169D409AB355D778A985CF24
                                                                                      Function 050492A4 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 0bd706233cc8cf841d24d530bf9db16c3bab01731cee636c4229443b39ce7679
                                                                                      • Instruction ID: f19b293d236526bb33d35c9d20d8a1e7b706c53f58d783138d0e0e0c35b4b937
                                                                                      • Opcode Fuzzy Hash: 0bd706233cc8cf841d24d530bf9db16c3bab01731cee636c4229443b39ce7679
                                                                                      • Instruction Fuzzy Hash: 7431D5B4A05618CFDB10CF99D988B9DBBF2FF89304F108165D405AB354D778A985DF24
                                                                                      Function 05048FDA Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: b420aafd59ada3df2750722ee3d77288d1be6da62566a884f608464dbc3627e0
                                                                                      • Instruction ID: 4003a7e705f83ea8561a0e4ee97f8f1b2ee490593a9ebe94322d0c8fdee5e4cb
                                                                                      • Opcode Fuzzy Hash: b420aafd59ada3df2750722ee3d77288d1be6da62566a884f608464dbc3627e0
                                                                                      • Instruction Fuzzy Hash: 2F21F4B4A05618CFDB10CF99D988BADBBF2FF89304F108565E405AB354D378A889CF24
                                                                                      Function 05048F29 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 9602aa36aa0d7ade97dd6610506ee304f9d093394a24b42ad1c60a81b7a0df58
                                                                                      • Instruction ID: 7bdec3d7d9eb92dafbafe4ad3a4aa11498d62e9a741e9f5c0a60df34db8869b7
                                                                                      • Opcode Fuzzy Hash: 9602aa36aa0d7ade97dd6610506ee304f9d093394a24b42ad1c60a81b7a0df58
                                                                                      • Instruction Fuzzy Hash: 9F21E4B4A05618CFDB10CF99D948BAEBBF2FF89304F108165D405AB354D7785985CF24
                                                                                      Function 05049061 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &
                                                                                      • API String ID: 0-1010288
                                                                                      • Opcode ID: 6b4f9ecbbf7bc58675cf1a41ad57d97047b8adb4ae1cec0881299f2410e3e57c
                                                                                      • Instruction ID: f3a93fc73d6dbb7454d99975bc6955d87dd3347e718d24a20bfaefdf04fdb7ad
                                                                                      • Opcode Fuzzy Hash: 6b4f9ecbbf7bc58675cf1a41ad57d97047b8adb4ae1cec0881299f2410e3e57c
                                                                                      • Instruction Fuzzy Hash: F721F7B4A05218CFDB10CF99D948BADBBF2FF49304F108565E405AB354D7789985CF24
                                                                                      Function 05318F87 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: +
                                                                                      • API String ID: 0-2126386893
                                                                                      • Opcode ID: 4826d1c31d82f395f81f8f5084e5cc94157b0a1a98722ebc6b673a2a774928d7
                                                                                      • Instruction ID: 6d6bb97b8cdee864b1737a20af228f5a14c95208d6b45ac3ab3617f7a9d4b85c
                                                                                      • Opcode Fuzzy Hash: 4826d1c31d82f395f81f8f5084e5cc94157b0a1a98722ebc6b673a2a774928d7
                                                                                      • Instruction Fuzzy Hash: 61110574A05228CFEB68DF28D885B9AB7B5FB08300F1142E4E409A3349CB346EC58F40
                                                                                      Function 053123D5 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: A
                                                                                      • API String ID: 0-3554254475
                                                                                      • Opcode ID: 28bcaa03c138dce2b87b9440a7cec144e44acfa4e9ba2ed2e30900667c42c6cf
                                                                                      • Instruction ID: 04b412e9b84589b2a78c11295087084ff56ee8f2c7de9515c65821f6e175a343
                                                                                      • Opcode Fuzzy Hash: 28bcaa03c138dce2b87b9440a7cec144e44acfa4e9ba2ed2e30900667c42c6cf
                                                                                      • Instruction Fuzzy Hash: 2A0116B8910229CFDB69DF24E8487E972B5FB44340F1045E9E40EA7245CB786EC4CF54
                                                                                      Function 05045442 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 1
                                                                                      • API String ID: 0-2212294583
                                                                                      • Opcode ID: e75a336514e9d44cc891ee541e74fd0ccb81ca0676b93201b875bcac36771f8a
                                                                                      • Instruction ID: 0d1c2405f2bde895ffb925f5becdec1f87ec23b613ca9b323d6f1b4ae86a610d
                                                                                      • Opcode Fuzzy Hash: e75a336514e9d44cc891ee541e74fd0ccb81ca0676b93201b875bcac36771f8a
                                                                                      • Instruction Fuzzy Hash: ECF0F9B4805328EFDB40DF54F988BAC7BB1FB45305F141169E405A7344D779A844CF04
                                                                                      Function 05044FCD Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P
                                                                                      • API String ID: 0-3110715001
                                                                                      • Opcode ID: 81ed9bf2e13449264b8c16c9f1e766ca883c6f37f64c9bfd14bc915f72bcc20a
                                                                                      • Instruction ID: 5227865de7f297761949f31efbbb63c997b3e1772f74cf05540c1eb22f6559c6
                                                                                      • Opcode Fuzzy Hash: 81ed9bf2e13449264b8c16c9f1e766ca883c6f37f64c9bfd14bc915f72bcc20a
                                                                                      • Instruction Fuzzy Hash: 2FF01CB090122CDFEB90DF54E885FADBBB2FB41311F1091A5E00DAB244CB756D888F44
                                                                                      Function 04F779C0 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8
                                                                                      • API String ID: 0-4194326291
                                                                                      • Opcode ID: 9730af19d2e05088196b009669658e92c304b4eb7c0431166729ab9d7496ef33
                                                                                      • Instruction ID: b7833fab425698a67c916c6705ecfa34cf7316dcea66381f2ef9464644fab5c3
                                                                                      • Opcode Fuzzy Hash: 9730af19d2e05088196b009669658e92c304b4eb7c0431166729ab9d7496ef33
                                                                                      • Instruction Fuzzy Hash: 88F0A474A8022ADFCBA4DF14C884BEABBF0BB09308F1040E6D458A3241DB346E85CF05
                                                                                      Function 05040A98 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: :
                                                                                      • API String ID: 0-336475711
                                                                                      • Opcode ID: 9aec07512daa64fff5c4de235ae10c58fbd8a174c4d1a8b1cd5873cc4aed7ac6
                                                                                      • Instruction ID: 56e148766925546d2f948a9571da0937ca07d7de8d33e56ec297db7d1cb30f84
                                                                                      • Opcode Fuzzy Hash: 9aec07512daa64fff5c4de235ae10c58fbd8a174c4d1a8b1cd5873cc4aed7ac6
                                                                                      • Instruction Fuzzy Hash: 63F08574A09258CFCB01DFA8D89829CBBB0FF0A300F1101EAD948AB342D774188ACF01
                                                                                      Function 05046F0E Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: )
                                                                                      • API String ID: 0-2427484129
                                                                                      • Opcode ID: 2bec4498af3e510256eb4c560ef8c51dfba50c6109ec3ce3c4e955dba9f4da52
                                                                                      • Instruction ID: aae4a73a0aa2d559c865c15c803c18a7f57e23cf1839950a3c20d573563e401f
                                                                                      • Opcode Fuzzy Hash: 2bec4498af3e510256eb4c560ef8c51dfba50c6109ec3ce3c4e955dba9f4da52
                                                                                      • Instruction Fuzzy Hash: 26F0C9B4E00218EFCB50CF95E590BADBBF6FB06310F109596E408A7341D7759985CF05
                                                                                      Function 05040195 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8
                                                                                      • API String ID: 0-4194326291
                                                                                      • Opcode ID: 25a5ffdfcb3a44ebb7bdd3b443442112a30bafa133aa32d39076a2eec73b7c08
                                                                                      • Instruction ID: 308363e93ada44c3a01457c8078c5d953c7bafe920c4cc0cd2ea8ad705651124
                                                                                      • Opcode Fuzzy Hash: 25a5ffdfcb3a44ebb7bdd3b443442112a30bafa133aa32d39076a2eec73b7c08
                                                                                      • Instruction Fuzzy Hash: F2E0BFF4619515CBC740DF84F968ABDB7BAE74A341F1190A1E20AAA244CB755C85CF44
                                                                                      Function 05047B29 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /
                                                                                      • API String ID: 0-2043925204
                                                                                      • Opcode ID: e49f612de007b85ec2a17ff35d66a4ec8a96ba6d163b17296bc93d3df88f7764
                                                                                      • Instruction ID: 15ab5ce40e213499b931fdf8ce67a9953a6a833f58f3442500cb61fa3a3b4de3
                                                                                      • Opcode Fuzzy Hash: e49f612de007b85ec2a17ff35d66a4ec8a96ba6d163b17296bc93d3df88f7764
                                                                                      • Instruction Fuzzy Hash: ABE0ECB0508125CFDB10DF58D954BADB7F6EB49301F0140A9A509A3345C734AE418F32
                                                                                      Function 04F71E83 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [
                                                                                      • API String ID: 0-784033777
                                                                                      • Opcode ID: e231e96246134f3711be46aa016ce966e76f5f8a33e7d4f4daa15914ee999e18
                                                                                      • Instruction ID: 88469fa2d4ff61e9d4ac58562b9b001b9cc584fb47b8f7f56c915708400909ac
                                                                                      • Opcode Fuzzy Hash: e231e96246134f3711be46aa016ce966e76f5f8a33e7d4f4daa15914ee999e18
                                                                                      • Instruction Fuzzy Hash: 9ED01774E043188FCB12CF10D840A9DBBB0BF54200F0090C6E80463301DB302F49DF00
                                                                                      Function 05131918 Relevance: .7, Instructions: 677COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9f7417e3f350239ed4dc060009642b718fd4ff2b8a4da2ebc1a866689822a487
                                                                                      • Instruction ID: b943983095ea1f694bd49918dd2202d44cfec0fea378d2d347bfe885d5dd0dbe
                                                                                      • Opcode Fuzzy Hash: 9f7417e3f350239ed4dc060009642b718fd4ff2b8a4da2ebc1a866689822a487
                                                                                      • Instruction Fuzzy Hash: 21520875A002288FDB28DF69C991BADBBF2BF88300F1541D9E509A7351DB349E81CF61
                                                                                      Function 0504BF68 Relevance: .5, Instructions: 534COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6052352db856a94062efe032ebcc80a428f521c026f85ef0f831e7bdc4f9895a
                                                                                      • Instruction ID: 91dacd8ce2c9e42e2146be1cdfecf6789fef22938ed40b7d52605b0be7676176
                                                                                      • Opcode Fuzzy Hash: 6052352db856a94062efe032ebcc80a428f521c026f85ef0f831e7bdc4f9895a
                                                                                      • Instruction Fuzzy Hash: 5E228D75A002149FDB14DFA8E494A6EBBF2FF88300F148569E906AB365CB75ED41CF90
                                                                                      Function 0504EE88 Relevance: .5, Instructions: 479COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73316f44fcc284cd9babc441e25f9e6857d7fc33bc130e98c4c6df05cab93312
                                                                                      • Instruction ID: 28724c686d8dffffa63e03fb430865022603dc81f1be80d2d0c471c4cc456af7
                                                                                      • Opcode Fuzzy Hash: 73316f44fcc284cd9babc441e25f9e6857d7fc33bc130e98c4c6df05cab93312
                                                                                      • Instruction Fuzzy Hash: 39125A70A00205DFDB64DFA4E884A6EBBF6FF88300F248569E50A9B755DB35AC46CF50
                                                                                      Function 05134928 Relevance: .4, Instructions: 437COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23a4080efece38b6fbed65b3c0644d688e37295f7d74e3c1a6650b89bb733717
                                                                                      • Instruction ID: be635928b898c254ed21c5f3aae5a2aecc8aff106e5c51213ddc0b7aabddd11e
                                                                                      • Opcode Fuzzy Hash: 23a4080efece38b6fbed65b3c0644d688e37295f7d74e3c1a6650b89bb733717
                                                                                      • Instruction Fuzzy Hash: AA12F934B102198FCB14EF64C899B9DBBB2BF89300F5185A8D50AAB365DF74AD85CF40
                                                                                      Function 05130A38 Relevance: .4, Instructions: 370COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 74decf2c91748efa8120be7bf671389a2267b0564511855b3849dd7b886cf22d
                                                                                      • Instruction ID: 81a585b0c1554a59c65d388d180a280103ccaf53cb6516a447b3935afed29a66
                                                                                      • Opcode Fuzzy Hash: 74decf2c91748efa8120be7bf671389a2267b0564511855b3849dd7b886cf22d
                                                                                      • Instruction Fuzzy Hash: 8AF1CC34B10218CFCB14DFA4D9A9A9DBBB2FF89301F558158E806AB365DB75EC42CB40
                                                                                      Function 04D24210 Relevance: .4, Instructions: 362COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337571655.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d20000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13f2149ba751d6bddc19f9faac54a47a2b7804bd85f01584543b46943362f09d
                                                                                      • Instruction ID: eb09d80b6cc7cb8aba7d97e280e35c002e69c45e7c434e4e9d41ea253b3693b2
                                                                                      • Opcode Fuzzy Hash: 13f2149ba751d6bddc19f9faac54a47a2b7804bd85f01584543b46943362f09d
                                                                                      • Instruction Fuzzy Hash: C1F1DA34E01218DFCB14DFA4E5986ADBBB2FF59316F204569E805A7391DB74AD81CF01
                                                                                      Function 05135020 Relevance: .4, Instructions: 358COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 71e2adb9932d548282adde8857fe980a9dd2cabd3fa03b384db79b73ebdad28b
                                                                                      • Instruction ID: 9c703525cdc4790d4145c225360eb3b6f54f1c4d67db8cd33a4166044c65950e
                                                                                      • Opcode Fuzzy Hash: 71e2adb9932d548282adde8857fe980a9dd2cabd3fa03b384db79b73ebdad28b
                                                                                      • Instruction Fuzzy Hash: D6E12134B00209DFCB14EF64D4959ADBBB2FF89710F118569E806AB365DF34AD42CB90
                                                                                      Function 05133C21 Relevance: .3, Instructions: 343COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07132cbd4212ffccf592f79bc0b090aa03e2929a2db7aa81fb0cdc308a8c67ce
                                                                                      • Instruction ID: 4cb836ea9515f2d1bd140f65042fac9b809d8f713dc789258985b8959319039b
                                                                                      • Opcode Fuzzy Hash: 07132cbd4212ffccf592f79bc0b090aa03e2929a2db7aa81fb0cdc308a8c67ce
                                                                                      • Instruction Fuzzy Hash: 5BB1A176600515EFCB0A8F94D958D95BBB2FF4D310B0A81D4E6096F232C772E9A1EF81
                                                                                      Function 05131908 Relevance: .3, Instructions: 287COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c3dd2a352963d8cf2578d4f6739ffdd75f3c264d241fead5f4d9d1b29ee5d040
                                                                                      • Instruction ID: faadf9a35449fc955ac7ff6153d8bd651510c403a9f54373affd5638d60460bf
                                                                                      • Opcode Fuzzy Hash: c3dd2a352963d8cf2578d4f6739ffdd75f3c264d241fead5f4d9d1b29ee5d040
                                                                                      • Instruction Fuzzy Hash: 00C16D74A00228DFDB18DBA8C955BDDBBF6BF88700F158099E509AB391CB749D81CF61
                                                                                      Function 051355B0 Relevance: .3, Instructions: 277COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8559774e82a7c5f18c003c2605add808f33d0e5d0f561a65dde0d2d8e2794ede
                                                                                      • Instruction ID: 055c3e1d80b8d88508726e20e8f5d32feec9225d94db2583fe71da87a780f9b1
                                                                                      • Opcode Fuzzy Hash: 8559774e82a7c5f18c003c2605add808f33d0e5d0f561a65dde0d2d8e2794ede
                                                                                      • Instruction Fuzzy Hash: 47A190757042009FD7159F64D8A5F2A7BB3FF89710F1585A9E6068B3A2CB36EC02CB90
                                                                                      Function 04F738F8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 32a52fc462ff5def6c228162fb0f0934e38dd0f8122558097de2c45bfd33cc05
                                                                                      • Instruction ID: 1ff0df57ba5e364a430d6d0c3a7b3bc50033e98a6ae889543885a5eb63b867eb
                                                                                      • Opcode Fuzzy Hash: 32a52fc462ff5def6c228162fb0f0934e38dd0f8122558097de2c45bfd33cc05
                                                                                      • Instruction Fuzzy Hash: 73C11370E05219DFDB14DFA9D4446EEBBF2FB49300F10912AE809A7345DB78A982EF51
                                                                                      Function 04F738E8 Relevance: .3, Instructions: 258COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7ed2196a863cd6e6298ca365ab0a2dca768c1973267a6d672ad982d47f4f5e7
                                                                                      • Instruction ID: ce0af7d4a8d0ec761c7d4921690b23f4dd3c3446023539669350c39d639e837c
                                                                                      • Opcode Fuzzy Hash: d7ed2196a863cd6e6298ca365ab0a2dca768c1973267a6d672ad982d47f4f5e7
                                                                                      • Instruction Fuzzy Hash: CEB113B0E05219DFDB14DFA9D4446EEBBF2FB49300F10802AE849A7345E7786986EF51
                                                                                      Function 0504D3F1 Relevance: .2, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 059a4fef1032ea216d1537148cd469d65c97c2645c524a801f55205e07c06c03
                                                                                      • Instruction ID: 72377c14a0c33ce139a439025ec65a066c40e9aeb6e6146e0c73a527a3d13741
                                                                                      • Opcode Fuzzy Hash: 059a4fef1032ea216d1537148cd469d65c97c2645c524a801f55205e07c06c03
                                                                                      • Instruction Fuzzy Hash: 79910376A00614CFCB15DF68D584A9EBBF6FF89310B1585AAE8069B361DB30ED42CF50
                                                                                      Function 05134919 Relevance: .2, Instructions: 235COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 59153e975d5c8607c9a7caf37b6a5ddb22b0983b67deb3c174b22a33359bf420
                                                                                      • Instruction ID: 448df5efee1bc565791490fbc15b73ed86a6e29adda1575859cdb42165e94511
                                                                                      • Opcode Fuzzy Hash: 59153e975d5c8607c9a7caf37b6a5ddb22b0983b67deb3c174b22a33359bf420
                                                                                      • Instruction Fuzzy Hash: 0EA1FA34B002158FDB14DF24C899B9DBBB2BF89300F5585A8E54AAB3A5DF74AD85CF40
                                                                                      Function 04D23EE8 Relevance: .2, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337571655.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d20000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 928103381bd5b49ca3d3409076dace1b3a920c55eb0656bab49923325da6a48e
                                                                                      • Instruction ID: ab74b619e40c7ace00d5a9e39369b54300e784eb5ad06acb769a54815f8f25ee
                                                                                      • Opcode Fuzzy Hash: 928103381bd5b49ca3d3409076dace1b3a920c55eb0656bab49923325da6a48e
                                                                                      • Instruction Fuzzy Hash: 16A1F674E00229CFDB19DFA4D5596ADBBB2FF98305F10812AE81677350DB39A982CF50
                                                                                      Function 051358D0 Relevance: .2, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 32af2ffe17ab5e15246c900326415b51b30ce71e619fb2f0886517f36439bbec
                                                                                      • Instruction ID: f87f8b7f922e168e90028a91376dca8d1ca468f9eb9f2795f08db6aea430ba37
                                                                                      • Opcode Fuzzy Hash: 32af2ffe17ab5e15246c900326415b51b30ce71e619fb2f0886517f36439bbec
                                                                                      • Instruction Fuzzy Hash: A2914B34B102148FCB14DF68D4A9A6DBBF6FF89710F1541A9E406DB3A6DB34AC42CB90
                                                                                      Function 05130A29 Relevance: .2, Instructions: 224COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28ee522defc59f827b7ef507aeea9d0fc813c8f4d41c765501856ec5c0ee1b00
                                                                                      • Instruction ID: a498943540a5a3efeb31d91feb4680bf6d97300c716a7f2cc90e525fa43c2f4a
                                                                                      • Opcode Fuzzy Hash: 28ee522defc59f827b7ef507aeea9d0fc813c8f4d41c765501856ec5c0ee1b00
                                                                                      • Instruction Fuzzy Hash: E6A1BB34B10218DFCB14DFA4D8A9A9DBBF6FF89301F558159E806AB365DB34AC42CB50
                                                                                      Function 0515CE38 Relevance: .2, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 53bcf2a4f5b7c1bad6ae805ef615db49514e7a1ba9ad9200b487a661767dbca7
                                                                                      • Instruction ID: c9c795f2f0360975c2b61e1de1a1ba98197af3b5e411b4e96765b53bb556fdcd
                                                                                      • Opcode Fuzzy Hash: 53bcf2a4f5b7c1bad6ae805ef615db49514e7a1ba9ad9200b487a661767dbca7
                                                                                      • Instruction Fuzzy Hash: E6813A35B01304CFDB15DF64E559AADBBF2FB88211F244469E912A7390CB39DD42CB90
                                                                                      Function 05139D20 Relevance: .2, Instructions: 216COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c1697c02523b442b189298240b3aa54902f867cfdb65db0d7465e6a574af9e8
                                                                                      • Instruction ID: 883cd3bf48247125a36c9535a381059d20ba58f3a99a4e51a4e1e9e175792011
                                                                                      • Opcode Fuzzy Hash: 6c1697c02523b442b189298240b3aa54902f867cfdb65db0d7465e6a574af9e8
                                                                                      • Instruction Fuzzy Hash: 2571AA31F046098FDB14DFA9D4916AEBBF2BFC8300F248569D00AA7345DB74AE02CB51
                                                                                      Function 050462EF Relevance: .2, Instructions: 193COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 17a5b1450962e2d3d9086682d0d194ca4fda6d7a766e0a068c1480292f50e7aa
                                                                                      • Instruction ID: 1150c3a110db02b2d622b6c6b0b050601639d88ce853d704936c0d51b2dd8670
                                                                                      • Opcode Fuzzy Hash: 17a5b1450962e2d3d9086682d0d194ca4fda6d7a766e0a068c1480292f50e7aa
                                                                                      • Instruction Fuzzy Hash: 70519CF35492805BC7018B68FDDD6DD7FB0EF43224B1B8596D880CB213E21A960B8F55
                                                                                      Function 05137538 Relevance: .2, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 332aaf242d3e2a438544baa4d303088847c4c9f58ffb24655c2985afb962e052
                                                                                      • Instruction ID: e11d5b75e8e7759a5b076c1e8a6325cd78fda75795e27bd3a028b88035da1fa2
                                                                                      • Opcode Fuzzy Hash: 332aaf242d3e2a438544baa4d303088847c4c9f58ffb24655c2985afb962e052
                                                                                      • Instruction Fuzzy Hash: 7A718F34B00614CFDB14EB64C0A9AAEB7F2FF88700F508569D406AB3A5DF74AD46CB91
                                                                                      Function 051377E0 Relevance: .2, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc758cf3044bb24db796a8c00afb75f5b024778dff8301e3ab67262a8ef0f827
                                                                                      • Instruction ID: b17aad656cbcff1f1a1ee82479272a4b3993901bd93599dbc46715982dd83cf2
                                                                                      • Opcode Fuzzy Hash: dc758cf3044bb24db796a8c00afb75f5b024778dff8301e3ab67262a8ef0f827
                                                                                      • Instruction Fuzzy Hash: 01510476A00515EFCB0ACF94D954D98BBB2FF49320B0641D4E609AB272D732EA61EF40
                                                                                      Function 0513D818 Relevance: .2, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5f18ee21400c7b8e28d62091d5c872635df53323ca1f46cc3032faaf7b138a71
                                                                                      • Instruction ID: f02bbcd206932f44573842d97bdf6d48e2b51b70207ebfd22fce3713e212e48e
                                                                                      • Opcode Fuzzy Hash: 5f18ee21400c7b8e28d62091d5c872635df53323ca1f46cc3032faaf7b138a71
                                                                                      • Instruction Fuzzy Hash: 0C711474D09208CFDB24DFA9E455BADBBF2FB49300F21906AD41AA7395EB746985CF00
                                                                                      Function 0513D808 Relevance: .2, Instructions: 178COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 678c1019c23cdacab8df349a59d4a677e8492d87624b0e384223d73700aa2f96
                                                                                      • Instruction ID: 2eab000009904044e8097c423f6833c7c768ee6cbb1a7fa47c26bdf8bd006144
                                                                                      • Opcode Fuzzy Hash: 678c1019c23cdacab8df349a59d4a677e8492d87624b0e384223d73700aa2f96
                                                                                      • Instruction Fuzzy Hash: B0711574D09208CFDB24DFA9E455BADBBF2FB49300F21906AD41AA7395EB746985CF00
                                                                                      Function 0515F998 Relevance: .2, Instructions: 173COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf263d794026e634da10b0d9154dc2ce6617bec3187cfbf680ccc455669263f4
                                                                                      • Instruction ID: 842c159ac882a5e8e0645bb343f506a35b11ab22572bf4fb0ca0201bf1472da2
                                                                                      • Opcode Fuzzy Hash: cf263d794026e634da10b0d9154dc2ce6617bec3187cfbf680ccc455669263f4
                                                                                      • Instruction Fuzzy Hash: 5D5169307002008FD729AF64D49462E77E2EFC9655B2448ADE9069B3A5DF38EC06CBA4
                                                                                      Function 051358C0 Relevance: .2, Instructions: 165COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7876a0163912bd1cfdd5da0076f90b6e287076d277b7212710c66605670ad0e5
                                                                                      • Instruction ID: 33582b46ae04a60c43a53ff7a3275ea15672e41bc5d8eff4e75900672ec0aa1f
                                                                                      • Opcode Fuzzy Hash: 7876a0163912bd1cfdd5da0076f90b6e287076d277b7212710c66605670ad0e5
                                                                                      • Instruction Fuzzy Hash: 00611A34B10214DFCB14DF68C4A9A6DBBF6FF88710F1581A9E406AB361DB34AD42CB90
                                                                                      Function 0532DD38 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 15fd884d34bdd111901975e06f84e841ffadf99298191ddf9a15c0ea1b012e7a
                                                                                      • Instruction ID: bb2b08c3d599f74f425408d4d70b8e6311747b0fc38df774b9be24dfdd901aec
                                                                                      • Opcode Fuzzy Hash: 15fd884d34bdd111901975e06f84e841ffadf99298191ddf9a15c0ea1b012e7a
                                                                                      • Instruction Fuzzy Hash: 7C6105B0E05A19DFDB04EFA8E488AADBBB6FF49300F105429E106A7754C7746D86CB51
                                                                                      Function 05156DB8 Relevance: .2, Instructions: 162COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69449959f61f74a349563cadbbc7722012a89cc3322b18c5d488187e10068d45
                                                                                      • Instruction ID: ba7317ef7a746004db2aeabeb37d872b97c5293d64dfca9158f8d92823a9e3c7
                                                                                      • Opcode Fuzzy Hash: 69449959f61f74a349563cadbbc7722012a89cc3322b18c5d488187e10068d45
                                                                                      • Instruction Fuzzy Hash: 99710974E05618CFDB14EFA9D495A9DBBF2FB89300F20816AE819A7349DB346D41CF40
                                                                                      Function 05132E08 Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e04c8ed5cd6c9325078fd6f82bd0f90d4fa1435eb5625cd5a5428963a2f612c2
                                                                                      • Instruction ID: 9b42dc6d6485b6a99829ea3550df6a947a885c58d09bf8210294e348d74c1586
                                                                                      • Opcode Fuzzy Hash: e04c8ed5cd6c9325078fd6f82bd0f90d4fa1435eb5625cd5a5428963a2f612c2
                                                                                      • Instruction Fuzzy Hash: 3251B0353042144FDB18AF388865B6E3BE6EFC96117194069E41ADB3A2DF38DC42CB60
                                                                                      Function 0515C6C8 Relevance: .2, Instructions: 155COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0704443238b977b6ae2b3efc7c3baa8c82d863d5bf93d09dd5f3b8234c9abe21
                                                                                      • Instruction ID: 5c517eac29e6c16fb2783b4f996b0814a83ebe9f5f7dc580d0ea75eb0247ceb8
                                                                                      • Opcode Fuzzy Hash: 0704443238b977b6ae2b3efc7c3baa8c82d863d5bf93d09dd5f3b8234c9abe21
                                                                                      • Instruction Fuzzy Hash: CF51D031A04316CFCB11DF68D894A6AFBB5FF86324B158296E925DB241D734EC42CBD0
                                                                                      Function 0515D5A0 Relevance: .2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8947dc9a7f63f75f49ab6dc21904cdcdb24ebaeece04e85e5972c49ce1d2d0ef
                                                                                      • Instruction ID: 8b82282727c00350fdd54873e94ad51ee69dfdf856a2182b9156054ecea454b7
                                                                                      • Opcode Fuzzy Hash: 8947dc9a7f63f75f49ab6dc21904cdcdb24ebaeece04e85e5972c49ce1d2d0ef
                                                                                      • Instruction Fuzzy Hash: 68516A35700115CFCB04EF69D890A6EBBE6FF88321B158169EA05DB365CB31ED06CBA1
                                                                                      Function 05042A80 Relevance: .2, Instructions: 150COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 376207f313b2713be040368b57cfad943041f9f053e7eb996b39707f4b7ab5a7
                                                                                      • Instruction ID: abff8beb8466f2548e57d11ab5f63d2e4384d6f50aa9449547c01fec9d71feef
                                                                                      • Opcode Fuzzy Hash: 376207f313b2713be040368b57cfad943041f9f053e7eb996b39707f4b7ab5a7
                                                                                      • Instruction Fuzzy Hash: A151E6B8E0520ADFDB14CF95E445BAEBBF2FB89300F109029E909A7354D7745A85CF91
                                                                                      Function 05042A71 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5f36d72323f25124120986608a0786566c5177371dc5b90d7102aade4ca5b563
                                                                                      • Instruction ID: 16151957b237f1bd2aac04dbc49bdf2259ca40ddf14d10730b66333fc54b8ab0
                                                                                      • Opcode Fuzzy Hash: 5f36d72323f25124120986608a0786566c5177371dc5b90d7102aade4ca5b563
                                                                                      • Instruction Fuzzy Hash: E851F3B8E0520ADFDB14CF99E484BAEBBF2FB89300F108069E905A7354D7745A85CF91
                                                                                      Function 0515B710 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 649763e6017907f6aec458432fe4375914319a67947d74d7ea20b6c03798ca94
                                                                                      • Instruction ID: e36f99c9f290e8cca708b78382d1465ab7d7467f29b2681afe58c2cc28a04e60
                                                                                      • Opcode Fuzzy Hash: 649763e6017907f6aec458432fe4375914319a67947d74d7ea20b6c03798ca94
                                                                                      • Instruction Fuzzy Hash: 1B513876600100EFCB469FA8D905D29BBF3FF8D31471A8098E2099B276DB32DC22DB50
                                                                                      Function 05156DA8 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01414ad15e38db7f8e980acfab70c74a46b267bdf76ace0cf6cc75336c26715a
                                                                                      • Instruction ID: 72de647bc984de3cb64745e610e5b6452b6b64995d0d75e244a7cbf9682c2cf3
                                                                                      • Opcode Fuzzy Hash: 01414ad15e38db7f8e980acfab70c74a46b267bdf76ace0cf6cc75336c26715a
                                                                                      • Instruction Fuzzy Hash: BD611974E01618CFDB14EFA9D49569DBBF2FB89300F20816AE819A7349DB346D82CF50
                                                                                      Function 0504CF7A Relevance: .1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5931cd419b5362c78664185c6f88e75d7f27d6e3dfd2c0100db94864f985b3c
                                                                                      • Instruction ID: bbfc35b17bfdeb76f7d96cf6621a74afbc8982849b69778e18d3f2ff03acaaf3
                                                                                      • Opcode Fuzzy Hash: c5931cd419b5362c78664185c6f88e75d7f27d6e3dfd2c0100db94864f985b3c
                                                                                      • Instruction Fuzzy Hash: A5415B313006058BEB189F69E8557AE7BE2BBC4745F548169E906CB391CF39DC42CBA0
                                                                                      Function 05137388 Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2bc7b5cf52ed3c58873164c462708e05e67eefb3406cb9af2d9366aa2a3ca7f
                                                                                      • Instruction ID: 317d3d1a7752d593de51a9fb103abf27c63d35f175bdf1e699a1832575937132
                                                                                      • Opcode Fuzzy Hash: b2bc7b5cf52ed3c58873164c462708e05e67eefb3406cb9af2d9366aa2a3ca7f
                                                                                      • Instruction Fuzzy Hash: 2941F2757042508FD705AB38C865A6E7BF2FFC9610B1581AAD006CB3A2CB34ED06C791
                                                                                      Function 0532FC68 Relevance: .1, Instructions: 142COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9358f82b3064c3c6ba0990b7a0346bfa45d39183b6d752d55131dcee349cb0ad
                                                                                      • Instruction ID: fd84859ba17c6eeae0ffbe84de1c6cd0597f7f782ec6aa083803b771d0027d20
                                                                                      • Opcode Fuzzy Hash: 9358f82b3064c3c6ba0990b7a0346bfa45d39183b6d752d55131dcee349cb0ad
                                                                                      • Instruction Fuzzy Hash: 7D517A78E15518DFDB04EFA9E445AADBBF2FB88300F10D169D409A7398DB786941CF50
                                                                                      Function 051346E8 Relevance: .1, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c74a63e02087ffcf86b8a78ea985dc5a666e39817a1d41a5ecaca310c2704bb1
                                                                                      • Instruction ID: 04422db6e4a535521c3b226d64e1d735d5450f5725b434d7b8aae41226f71d8f
                                                                                      • Opcode Fuzzy Hash: c74a63e02087ffcf86b8a78ea985dc5a666e39817a1d41a5ecaca310c2704bb1
                                                                                      • Instruction Fuzzy Hash: 25416D34B106148FCB14AB68D8ADA6EB7FBAFC9700F10416DD406AB395CF74AD46CB91
                                                                                      Function 05138D40 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 027a2dfc7d290f90553e0fb4438a5404021334cb29f3046f724becaaa3616196
                                                                                      • Instruction ID: 26a3a1540c4793eb9c388ffa1a4524b23fee5df998f78836c3d237f3ac63ff86
                                                                                      • Opcode Fuzzy Hash: 027a2dfc7d290f90553e0fb4438a5404021334cb29f3046f724becaaa3616196
                                                                                      • Instruction Fuzzy Hash: C2412535B05305AFCB25CFA8C85579DBBF2FF89710F14456AE14AEB290DB30A906CB50
                                                                                      Function 05138BF8 Relevance: .1, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c314c87c8ab601e25b86355aef053cee9fda75e9f19efc1ea614e88b6d5ebbc
                                                                                      • Instruction ID: 650c1c479da506d2e146915bd5627aab9c8d319cfb9c5d7796d9dc0a15b561fb
                                                                                      • Opcode Fuzzy Hash: 5c314c87c8ab601e25b86355aef053cee9fda75e9f19efc1ea614e88b6d5ebbc
                                                                                      • Instruction Fuzzy Hash: F9419A31A01B04AFCB25CF69C458AAEBBF2BF88300F188959E58697B60D730E904CF50
                                                                                      Function 05135BBF Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb51f3ea3763f9722880823dfa89e62ba7239691cadbb217a995527fb2a88a45
                                                                                      • Instruction ID: 7c60b7b8a9ffeddd767eebf505fa84611cc4d21ee418d9aa50072e4a1fd4c52a
                                                                                      • Opcode Fuzzy Hash: cb51f3ea3763f9722880823dfa89e62ba7239691cadbb217a995527fb2a88a45
                                                                                      • Instruction Fuzzy Hash: 88418235A002189FDF04DFA4D866AEEBBB6FF88711F118065D802BB3A1DB345D45CBA0
                                                                                      Function 0515C492 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 517c6df06db039f7789d9b075c6fb9a8c8ec8640feea4153bfc86b83dd16f3ba
                                                                                      • Instruction ID: 2c765127fc1496cab09f151505874def8dcf916597bb63e11fb0342ebda7f77f
                                                                                      • Opcode Fuzzy Hash: 517c6df06db039f7789d9b075c6fb9a8c8ec8640feea4153bfc86b83dd16f3ba
                                                                                      • Instruction Fuzzy Hash: E2317C75B11209DFCB14CFA8E988A9EBBB6FB88324F104169E911E7360DB70DD05CB90
                                                                                      Function 051331F0 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef875a946f2d52b9cb411ddab8f4bd99628d1f5dbfa256c8528265b8a3a8f245
                                                                                      • Instruction ID: a7d1205a4784eb7f4afec07d11085029dcf2fd3a04b94dee0e6574d60904bb85
                                                                                      • Opcode Fuzzy Hash: ef875a946f2d52b9cb411ddab8f4bd99628d1f5dbfa256c8528265b8a3a8f245
                                                                                      • Instruction Fuzzy Hash: 273106366105049FCB09DF99D899EA9BBB2FF49320F1680A8F5099B372C731ED55DB40
                                                                                      Function 05130608 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7952e1f5cf840cba64fc787c89e82792bf7612f5dafaf756d25126ae4786e0d5
                                                                                      • Instruction ID: c7b6b227311dcbdc13f29c4c61267cd4cd6eb6e70770fb0618341f823a60428f
                                                                                      • Opcode Fuzzy Hash: 7952e1f5cf840cba64fc787c89e82792bf7612f5dafaf756d25126ae4786e0d5
                                                                                      • Instruction Fuzzy Hash: 6A315234B106099FCB18AB64E469B6EBBB6FFC8711F108019F506973A4DF745942CF91
                                                                                      Function 05136950 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c15e9031d6f6c05e087c90017d2c5990880bfe1ea008fd147e04c723fc03c5b3
                                                                                      • Instruction ID: e1f01f41f8b9a64502860e1a10048e58d555099eaf28a29c4b6fc4191c597d00
                                                                                      • Opcode Fuzzy Hash: c15e9031d6f6c05e087c90017d2c5990880bfe1ea008fd147e04c723fc03c5b3
                                                                                      • Instruction Fuzzy Hash: BE31C471E047458FC702DB74C4995DDBFB1EF4A300B154197D445EB362EB345A0ACBA2
                                                                                      Function 05042460 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb1f7b7212004a0772778fa02ec7b025579efacf2a322f26443b9ea54d6cbc9a
                                                                                      • Instruction ID: 0b7936378d7a3369727456345890e3fcd964346ee5b4a34c3e7761ddb5172222
                                                                                      • Opcode Fuzzy Hash: cb1f7b7212004a0772778fa02ec7b025579efacf2a322f26443b9ea54d6cbc9a
                                                                                      • Instruction Fuzzy Hash: D04103B8E052099BDB04CF99E844BEEBBF6FB88310F108025E819B7354D7745A44CF60
                                                                                      Function 0515D2E8 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: df0f31e19011e37023a2387046aacbc0e135ee4a2c2e4141f17b50ac8d23eb3a
                                                                                      • Instruction ID: ac6ac2b1469d75edf18a5d0685eacb649c002bc251e1f616f0d2faffee4e660f
                                                                                      • Opcode Fuzzy Hash: df0f31e19011e37023a2387046aacbc0e135ee4a2c2e4141f17b50ac8d23eb3a
                                                                                      • Instruction Fuzzy Hash: 8041E270A00616CFCB54DFA5D844ABFBBB1FF89311F008429D921D7254D774EA05CB90
                                                                                      Function 0513DEE0 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 784d2a7e7e30aeb4b87b3d07eeb097014f2572bba495cb796e1b2b658679e144
                                                                                      • Instruction ID: ed1d4f808959696cdcef079ee40c4cb58ce65ad8bb999f681eac4654cd0537ca
                                                                                      • Opcode Fuzzy Hash: 784d2a7e7e30aeb4b87b3d07eeb097014f2572bba495cb796e1b2b658679e144
                                                                                      • Instruction Fuzzy Hash: 2341F4B4E056099FCB04CFA8E491AEEBBF6FF48340F11806AE905A7364D774A945CF50
                                                                                      Function 05042450 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 663500d3fe1aed05faa6f92b19083b6801df7ab91cae771e3f7fce4a0ddf94ba
                                                                                      • Instruction ID: faed681ffe8197f9b07a48c012bba644b275a3a5990febb3496ab6c88ade7cd9
                                                                                      • Opcode Fuzzy Hash: 663500d3fe1aed05faa6f92b19083b6801df7ab91cae771e3f7fce4a0ddf94ba
                                                                                      • Instruction Fuzzy Hash: F83102B8E0521ACFDB04CFA9E5406EEBBF6FB89310F10807AE819A7255D7745A45CF50
                                                                                      Function 05157AE1 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b6e2080fd8c3f5eef20ca89a574eff485391ca5c7e15c1bcc01e61eb4e9e7fe
                                                                                      • Instruction ID: ac5a9d36442d7cb05603e9a3c67ab8083013158e55e221c743147d4f79c1746c
                                                                                      • Opcode Fuzzy Hash: 0b6e2080fd8c3f5eef20ca89a574eff485391ca5c7e15c1bcc01e61eb4e9e7fe
                                                                                      • Instruction Fuzzy Hash: EA31F474E05208DBDB04DFA9D845BEEBBF2FB88350F10902AD819A7295D7755A84CF90
                                                                                      Function 0513DEF0 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cfa9049b2c05b0036cc9555e0e8f9c9f5a4150a8663a9d2d73d082886b0a6686
                                                                                      • Instruction ID: b48ab231823e52ad2281e52dfa88f59904bc807c3725be224dcc45fa89414701
                                                                                      • Opcode Fuzzy Hash: cfa9049b2c05b0036cc9555e0e8f9c9f5a4150a8663a9d2d73d082886b0a6686
                                                                                      • Instruction Fuzzy Hash: 2141E574E056099FCB04DF98D495AEEBBF6FB48300F10806AE905A7354DB74AD41CF90
                                                                                      Function 0513E208 Relevance: .1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa7ee34dea16e5d01b1b1afa67336dd6eced5b6906ada414d4856c1e51d1a41e
                                                                                      • Instruction ID: f23fc7a0fca8916f8d6455f80a41c0f526ca8652a57a4acfa278ff9d305633ba
                                                                                      • Opcode Fuzzy Hash: aa7ee34dea16e5d01b1b1afa67336dd6eced5b6906ada414d4856c1e51d1a41e
                                                                                      • Instruction Fuzzy Hash: B2313274E052089FCB18DF99D455AEEBBF6FB88300F208229E409A7344D734AA45CF90
                                                                                      Function 0515DCA1 Relevance: .1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b68f0219423c47a41acdfec58bd4a05217141eb28e8ad42bdfdc3ac10ce69cc2
                                                                                      • Instruction ID: a5feed7d48dcb8ca03ab50e3e8bcadbbb6d4c47c18585c4d9548683d502ac591
                                                                                      • Opcode Fuzzy Hash: b68f0219423c47a41acdfec58bd4a05217141eb28e8ad42bdfdc3ac10ce69cc2
                                                                                      • Instruction Fuzzy Hash: 8441D278A01224CFEB25DB24D991FA9B7B1BB49220F1041D5E919AB3E1CB31EE81CF50
                                                                                      Function 05157AF0 Relevance: .1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9dc6179b1eb2fa23f4a6abaf784a1709817aac7da7fa2f2338a0e8b273fedd76
                                                                                      • Instruction ID: 120b1f142101ed5c6c9f569bd7365bc171556d104af63328bf26a20fb083420d
                                                                                      • Opcode Fuzzy Hash: 9dc6179b1eb2fa23f4a6abaf784a1709817aac7da7fa2f2338a0e8b273fedd76
                                                                                      • Instruction Fuzzy Hash: 4C310574E05218DBDB04DF99D885BEEBBF2FB88350F20902AD819B7295D7715984CF90
                                                                                      Function 0513E218 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 756242e5ed01d61f48d15a479b512e1eea748b309792ab7f858fdbc7a6261d06
                                                                                      • Instruction ID: eb9fc508680dc6e9d86902c09d78e90510931e9202d730d93f2f8b8bb88d3d3a
                                                                                      • Opcode Fuzzy Hash: 756242e5ed01d61f48d15a479b512e1eea748b309792ab7f858fdbc7a6261d06
                                                                                      • Instruction Fuzzy Hash: 44313574E09209DFCB18DF99D455AEEBBFAFB89300F208229E409A7344D7745A45CF90
                                                                                      Function 05158FE3 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f4e402226455dea76aa527c287ce9d360c41569d445ce4488bb5ce59f20148c4
                                                                                      • Instruction ID: fb43db92b154a38d593bde97fea0266f6a45a329b8eca2514534d57bcac68b0f
                                                                                      • Opcode Fuzzy Hash: f4e402226455dea76aa527c287ce9d360c41569d445ce4488bb5ce59f20148c4
                                                                                      • Instruction Fuzzy Hash: 9A3157B0A09348CFDB14CF99D948BADB7F6BB89310F218465E81AAB358D3745D85DF02
                                                                                      Function 04F7FDC0 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1dbb46a877fe741ecb08f60254b0ac92b6c5c5bb3f180dd2e1693071b43d2750
                                                                                      • Instruction ID: 10b59279faec2e2fc21822c3128013aecb0319dce1ffd0351ec08eb59ea048ce
                                                                                      • Opcode Fuzzy Hash: 1dbb46a877fe741ecb08f60254b0ac92b6c5c5bb3f180dd2e1693071b43d2750
                                                                                      • Instruction Fuzzy Hash: AA218035B00114DFCB149FA4D855E5EBBB2EF88310B1540A9EA06AB365CA72EC02CBA1
                                                                                      Function 0513F4B2 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 455d90f477b7f04b6a059c4e0b64507ae9091e98d2b56d5bd19feec2ff1779ac
                                                                                      • Instruction ID: f7948104ed02f3e31eeabc0da9ad8922bb413b876160c9408bc27248663e06cd
                                                                                      • Opcode Fuzzy Hash: 455d90f477b7f04b6a059c4e0b64507ae9091e98d2b56d5bd19feec2ff1779ac
                                                                                      • Instruction Fuzzy Hash: C041BF749062188FDB68DF68D955B9DB7F2FB49300F1081EAD409A7394DB345E86CF10
                                                                                      Function 0513F67D Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 736e8a5803317f0c241ab928ad0473c00f62ac427fadffb2757f6c31648ffc10
                                                                                      • Instruction ID: ed6aae6f1d435f8fb66cbcd54e49eba0449cbb2a5876264c0ff7d4f19eed1524
                                                                                      • Opcode Fuzzy Hash: 736e8a5803317f0c241ab928ad0473c00f62ac427fadffb2757f6c31648ffc10
                                                                                      • Instruction Fuzzy Hash: C7418A74906218CFDB28DF68D955BADBBF2FB49300F5181AAD409AB354DB785A86CF00
                                                                                      Function 0513F2FC Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca5dd8adff1c1915dd81e9cd81836b1ad92713d8a0195efe60e650f5558e4c35
                                                                                      • Instruction ID: 124ad73219dfe9f4c2fd526ca96f93ad426ff768a9fd47dbc2cc6f1a90abc2b9
                                                                                      • Opcode Fuzzy Hash: ca5dd8adff1c1915dd81e9cd81836b1ad92713d8a0195efe60e650f5558e4c35
                                                                                      • Instruction Fuzzy Hash: 1941BBB4D05218CFDB28DF68D965BADBBF2BB09300F5151AAD409AB354DB785A86CF00
                                                                                      Function 05157CD0 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5cebc16247b63ac3312755ec64b46e8fe63031c6a0227b36a2e8f66f95c0c364
                                                                                      • Instruction ID: 757d0295fea7d6bca9259e87164ab02f9bb44190d6270a6e8e348c3778e2e909
                                                                                      • Opcode Fuzzy Hash: 5cebc16247b63ac3312755ec64b46e8fe63031c6a0227b36a2e8f66f95c0c364
                                                                                      • Instruction Fuzzy Hash: 95313378E04209CBDB04DFA9E845BEEBBF2FB89320F109529D825B7294D7B15941CF90
                                                                                      Function 05042DA1 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 39554d6e7b657f1d365628960b595c9697a7996a15251d4c9f2afc14a904fcd0
                                                                                      • Instruction ID: 9f6190002cb093f78928a70d34bc52d83636bcf6f45469fe70fcf944b578a4bb
                                                                                      • Opcode Fuzzy Hash: 39554d6e7b657f1d365628960b595c9697a7996a15251d4c9f2afc14a904fcd0
                                                                                      • Instruction Fuzzy Hash: DE3188B8A0520ACFDB04CF94E5406EDBBB6FB49310F109269D415A7391CB74AD85CFA0
                                                                                      Function 051313A8 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a55dd0f9497954d869ef83175c0c93d2a734b9fd3caaf295b7c973f2d32f700
                                                                                      • Instruction ID: 2295f83e215a5a35e08a053bc1ae57b131982593569aafe8d6f55718a24b1114
                                                                                      • Opcode Fuzzy Hash: 1a55dd0f9497954d869ef83175c0c93d2a734b9fd3caaf295b7c973f2d32f700
                                                                                      • Instruction Fuzzy Hash: F921D436344200AFC7248B6AE895B6ABBE5FFC1321B19847AE50EC7651CF71EC82C750
                                                                                      Function 0513F415 Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c39cfaa0107fc98788d60c6e8f03ed7e82cde9dd55dcff6bcaebf6feb511b9ad
                                                                                      • Instruction ID: 997050fd74e38960cd222ebb09a26a8a48f055642b4ed0b049af71deaa3d05d6
                                                                                      • Opcode Fuzzy Hash: c39cfaa0107fc98788d60c6e8f03ed7e82cde9dd55dcff6bcaebf6feb511b9ad
                                                                                      • Instruction Fuzzy Hash: C241BD74D052198FCB28DF68D855BADB7F2FB48300F5041AAD409AB354DB345A81CF00
                                                                                      Function 05157CCB Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6aebaf3ef855d51d3d61bb5cfaa5441be26909f8e92d47b63b7c3061d24cca26
                                                                                      • Instruction ID: 7eb96845b546a56340834e15bc1600eafe3d95a97c5a18f714d77a9b5a11d554
                                                                                      • Opcode Fuzzy Hash: 6aebaf3ef855d51d3d61bb5cfaa5441be26909f8e92d47b63b7c3061d24cca26
                                                                                      • Instruction Fuzzy Hash: 8E310278E00209CBDB04DFA9E845BEEBBF2FB89310F149469D825A7294D7715945CF90
                                                                                      Function 051346D9 Relevance: .1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 611e82e9e20bd7a6004773602812012a6cfd2bc4c1d721d06bbc3b9baf93cb5a
                                                                                      • Instruction ID: f57a6049d5efbc39b8b3141adc94ab195b927041ca992266c2e3c0f75f7ea7ad
                                                                                      • Opcode Fuzzy Hash: 611e82e9e20bd7a6004773602812012a6cfd2bc4c1d721d06bbc3b9baf93cb5a
                                                                                      • Instruction Fuzzy Hash: B5218530B002548BCB14ABA5D86D76E7BB7ABC9700F14406DD006EB395CFB45C06C791
                                                                                      Function 0515BEB8 Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 434b8036ac5baf35595e2ed2c13223178985f7f92ef22a710de121abd669674d
                                                                                      • Instruction ID: a58dce0ff87c9ac073e230807cc9309b997bc3fafe8fd609f3bb57f58484feea
                                                                                      • Opcode Fuzzy Hash: 434b8036ac5baf35595e2ed2c13223178985f7f92ef22a710de121abd669674d
                                                                                      • Instruction Fuzzy Hash: 5B31BD76A04209EFCB15CFA8C8549EE7FB6FB88320F144129F912A7390DB749841CFA0
                                                                                      Function 051369A0 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bab180e6eefe7ebc12792df84d8c697bead179761a08381cf9c5a56a112e135a
                                                                                      • Instruction ID: 19d61f05688840eca2ba21e6103c30703d7f60ae968147849e1c10679c4d3ef8
                                                                                      • Opcode Fuzzy Hash: bab180e6eefe7ebc12792df84d8c697bead179761a08381cf9c5a56a112e135a
                                                                                      • Instruction Fuzzy Hash: D8216775B10A098FCB00EF64C55956EB7F5FF89700F10815AD506A7320EF709A46CB91
                                                                                      Function 05159530 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2957a3e82c0515c2e0161b4398746ccdadf8862e7e28666289eb7f63d210e8c3
                                                                                      • Instruction ID: 4a476640ca82b43199fa99df010446215bf6906adfd4c759b10e157ef2ced11a
                                                                                      • Opcode Fuzzy Hash: 2957a3e82c0515c2e0161b4398746ccdadf8862e7e28666289eb7f63d210e8c3
                                                                                      • Instruction Fuzzy Hash: 9A314678E09609CFDF04DFA9D4406AEBBF2FB89310F208166D925A7354D7345A45CF82
                                                                                      Function 05159540 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b3ce5c561921b297aaba9d0360d2ec6d0a0948f4a61435f75e8ff0dda22d542d
                                                                                      • Instruction ID: fd1cbfa749b087948dcf9167f5a2613919e28b869633162bcac82bd331432dad
                                                                                      • Opcode Fuzzy Hash: b3ce5c561921b297aaba9d0360d2ec6d0a0948f4a61435f75e8ff0dda22d542d
                                                                                      • Instruction Fuzzy Hash: 15315674E04508CFDF04DFAAD4406AEBBF6FB89310F209066D929A7358D7346A45CF92
                                                                                      Function 05132DF8 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ce341a7c1c9a515ddd095e55b09c3d35ecd5896417775ef88ba88cd18ba70f52
                                                                                      • Instruction ID: 03430bb75d9e7aa8705a528b260d8c6d1dec3a387c8611c52dd81954123b7007
                                                                                      • Opcode Fuzzy Hash: ce341a7c1c9a515ddd095e55b09c3d35ecd5896417775ef88ba88cd18ba70f52
                                                                                      • Instruction Fuzzy Hash: 2E21C5393082519FCB219F35D866B793FA9BF85611709406AF852CB3E2DB38CC45C760
                                                                                      Function 0513F743 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7d56b04a3a3b5fb8e5642732185372c6e92646d8a97ed9ce286e9b827d93bb1
                                                                                      • Instruction ID: b4b59ced5396e13ff2cbd17636896ea3281dbb1a8c2ec850837e375d49bd5f65
                                                                                      • Opcode Fuzzy Hash: b7d56b04a3a3b5fb8e5642732185372c6e92646d8a97ed9ce286e9b827d93bb1
                                                                                      • Instruction Fuzzy Hash: 6F31D1749052188FDB28DF68D955BEDBBF2EB48300F5080AAD409AB384DB785E82CF10
                                                                                      Function 05040F69 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a227c4d8066b91fbf19897d6dd51776e0770ce903f87262b7fd82733eef9be03
                                                                                      • Instruction ID: 71d2c84fb7aee94052116773d90d6dcbd5755a96521e94027112da12e9f8d6be
                                                                                      • Opcode Fuzzy Hash: a227c4d8066b91fbf19897d6dd51776e0770ce903f87262b7fd82733eef9be03
                                                                                      • Instruction Fuzzy Hash: 16310FB090A2588BDB24CF19EA19BEEB6F2BB49300F1090E5D009A7205DBB55AC0CE44
                                                                                      Function 0515F770 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e7773511a63017bca3149dfb9ae0c1bafe5e1e2df57e8d3ebc97ac37c467f777
                                                                                      • Instruction ID: 3361a3c238a38b468f151c2cfcb8cf899aaa5c8d519f5b6bc4b82796241bf31e
                                                                                      • Opcode Fuzzy Hash: e7773511a63017bca3149dfb9ae0c1bafe5e1e2df57e8d3ebc97ac37c467f777
                                                                                      • Instruction Fuzzy Hash: DC215CB1E04209DFDB54DFB8D904BAEBBF5AF04360F508066D925D7290E734DA82CB91
                                                                                      Function 0513F6B9 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b56b229054ef0c8319d2e8edff5454c09eedc12e7ed3406b8e13d8d28f9cf293
                                                                                      • Instruction ID: 1dfd3e2f47d1a2509ef007ff858bc2730f08fed344fac400ef381f5f7623afaa
                                                                                      • Opcode Fuzzy Hash: b56b229054ef0c8319d2e8edff5454c09eedc12e7ed3406b8e13d8d28f9cf293
                                                                                      • Instruction Fuzzy Hash: EC31CF74905218CFDB24DF28D955B9DB7F2FB48300F5180AAD409A7354DB785E82CF40
                                                                                      Function 0513CC91 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1beb034b16ab330333dd7b2f5bce0ae80968aa46851db9d1639af57e32782403
                                                                                      • Instruction ID: 56fe911832f5d1e59b5f4e184fea17544be53dd875439a494228df13877431e3
                                                                                      • Opcode Fuzzy Hash: 1beb034b16ab330333dd7b2f5bce0ae80968aa46851db9d1639af57e32782403
                                                                                      • Instruction Fuzzy Hash: 7B21AE78A09248CFD705DFA8D46A7ADBBB1FF46308F14859AC446A72A2DB711E41DB80
                                                                                      Function 04F7F118 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5bb7e7b5426eb0bf6193113192e1e3bd96555b936b6647ac0859470d9fe1895b
                                                                                      • Instruction ID: 9c8a974046842cdbcb6b9f4ea067578791001924edcf9a8f9200c2d73030687c
                                                                                      • Opcode Fuzzy Hash: 5bb7e7b5426eb0bf6193113192e1e3bd96555b936b6647ac0859470d9fe1895b
                                                                                      • Instruction Fuzzy Hash: F4216F717001549FCB15CF2AC840AAA7BEABF8A390F154096FC54CB361CA79EC52CB70
                                                                                      Function 0513F7BE Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f6c0a620e7f88614fbba4dc35de4329449267754bffa463f772e86121d490e4f
                                                                                      • Instruction ID: da1f44ef49a3c738b01da86031592542d3d79cf816d13c87e88c15e123b6f4da
                                                                                      • Opcode Fuzzy Hash: f6c0a620e7f88614fbba4dc35de4329449267754bffa463f772e86121d490e4f
                                                                                      • Instruction Fuzzy Hash: B631AE74D05219CFDB28DF68D965BADBBF2FB49300F5051AAD009AB254DB385A82CF00
                                                                                      Function 0513F3B3 Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 427fd4f08b8b3b9cd82d210f15bbd76a32453bc0ecaccfb26f76c71f3f5ffe84
                                                                                      • Instruction ID: ff3e9fd41d557627edd75eace3fc69c1ca028c5290cc33a482bff50ab56233f1
                                                                                      • Opcode Fuzzy Hash: 427fd4f08b8b3b9cd82d210f15bbd76a32453bc0ecaccfb26f76c71f3f5ffe84
                                                                                      • Instruction Fuzzy Hash: DB31C074905219CFDB28DF68D965BADB7F2FB49300F5180AAE409AB354DB385E85CF10
                                                                                      Function 0504ED58 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 094c095f639ac55bacd14c169400923a8be387d32de48f4a730517eb6f9c8641
                                                                                      • Instruction ID: b64e67fd14ae5077837d827ff81b15146764b20c71f4d71ae713bca90dfc24d8
                                                                                      • Opcode Fuzzy Hash: 094c095f639ac55bacd14c169400923a8be387d32de48f4a730517eb6f9c8641
                                                                                      • Instruction Fuzzy Hash: D2211475A00219CFDB04DF98D544ADDBBF2FB88300F2041A8E505AB2A1CB76AE41CBA0
                                                                                      Function 0515B440 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b33b96916e1afc621db190b60307d711592ea021b28024c8d8de55f47c3a8bf7
                                                                                      • Instruction ID: 32d2807a6525af416ffdb806777a651f06546cc6d25f8819f146c2b839122d9f
                                                                                      • Opcode Fuzzy Hash: b33b96916e1afc621db190b60307d711592ea021b28024c8d8de55f47c3a8bf7
                                                                                      • Instruction Fuzzy Hash: CF21F2316103019FD754EB68E89A79EBFF6EF88300F14456CE10AD7640DFB9A9028BA0
                                                                                      Function 05158881 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 189b7004ce2d69be465c135b3c07d718609306acf28f6a3352c99650754082eb
                                                                                      • Instruction ID: d64caf39bb9a87624f5f0f8301cba05eb62c3da584ff8a9973ab113d51b232b4
                                                                                      • Opcode Fuzzy Hash: 189b7004ce2d69be465c135b3c07d718609306acf28f6a3352c99650754082eb
                                                                                      • Instruction Fuzzy Hash: ED315AB0A05219DFDB24EF68D890BADB7F2FB89700F2140A9E519A7345DB346D85CF05
                                                                                      Function 04F772A0 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb1cfca8f247be6aff9d74ea0a30ae1ad6ab76fd59016552af679ef0da3bb772
                                                                                      • Instruction ID: 5f6ffc50363744e687d376e565ba6d77e6a9009a5fd64370d1662c6edc884092
                                                                                      • Opcode Fuzzy Hash: fb1cfca8f247be6aff9d74ea0a30ae1ad6ab76fd59016552af679ef0da3bb772
                                                                                      • Instruction Fuzzy Hash: 18210C74E04209CFCB44EFA9D4846AEBBF6FB45300F14916AD815A7254D738B982CF91
                                                                                      Function 0513F354 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f6e0f7bebf661cb21db71e4b9695fa54323492f102a2b933163f864ed499aa65
                                                                                      • Instruction ID: efe06140832f3338ee35f513813c8fdc465f72ad2cb24a63f3f6e02a8f58e5ba
                                                                                      • Opcode Fuzzy Hash: f6e0f7bebf661cb21db71e4b9695fa54323492f102a2b933163f864ed499aa65
                                                                                      • Instruction Fuzzy Hash: D531E074D05219CBDB28DF68D965BADB7F2FB45300F5050AAD00AB7354DB785A82CF01
                                                                                      Function 0515D590 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db48710adf01067f6766c9998a66dce8c559cd38930b2727d793da49f015f2fa
                                                                                      • Instruction ID: cf9aee22c0aa41961540d1364cf645d0d1fa8c6a2f5bf8a3df5ba0ce77dcd0b2
                                                                                      • Opcode Fuzzy Hash: db48710adf01067f6766c9998a66dce8c559cd38930b2727d793da49f015f2fa
                                                                                      • Instruction Fuzzy Hash: 8F21DF31700105DFCB14DF68E884BAEBBB5EF85310F208065EA059B3A5DB70ED42CBA1
                                                                                      Function 053177C4 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13d5c5717317db40c5d8bbba1a056eeddbf2f43c623ed0003862c38ec21dc995
                                                                                      • Instruction ID: c565829dcc80ff043088f96a58c0a5699abde413ab9f41369fe393753cc999c7
                                                                                      • Opcode Fuzzy Hash: 13d5c5717317db40c5d8bbba1a056eeddbf2f43c623ed0003862c38ec21dc995
                                                                                      • Instruction Fuzzy Hash: D731A574A052688FCB64DF28D998B9DB7B1FB4A300F1151E5E81DA7344D774AEC18F41
                                                                                      Function 05046580 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1effc1c85fb7d92c0ac68a4fc54f3f277f1ebdec6f9ead41e43ad8b83f3f47e9
                                                                                      • Instruction ID: 5d3c3e6f9d529ddc7b6535d25203176edb895cc640a38ed3be6ff7d68dcdb4cc
                                                                                      • Opcode Fuzzy Hash: 1effc1c85fb7d92c0ac68a4fc54f3f277f1ebdec6f9ead41e43ad8b83f3f47e9
                                                                                      • Instruction Fuzzy Hash: 6A213D74A0421A8BCB04EFA8E4556EEB7F2FB88301F118269D509B7344DB746E45CFA1
                                                                                      Function 0513DD38 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 761c20c6df147418249db7589cfb8d61ca3cf59c778ddbf6c2fa41205a4fac5c
                                                                                      • Instruction ID: 06c5f09d910afdf5835a64bcb22af605c766baa8693c521b7ef12efb5fc51997
                                                                                      • Opcode Fuzzy Hash: 761c20c6df147418249db7589cfb8d61ca3cf59c778ddbf6c2fa41205a4fac5c
                                                                                      • Instruction Fuzzy Hash: 27219DB8E04609DFDB04DFA9E8566EEBBB2FB89300F108066C409A3394D7745A41CF40
                                                                                      Function 0513F86E Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5beab58c17c3f5a1031433ee174f3ff62ed071421feb984842f4c2c7086afc2a
                                                                                      • Instruction ID: c0c3f1ce14ff83156cf8e4a13f3c119f50429c01576fb1eb17cb01d8ec7ab7b3
                                                                                      • Opcode Fuzzy Hash: 5beab58c17c3f5a1031433ee174f3ff62ed071421feb984842f4c2c7086afc2a
                                                                                      • Instruction Fuzzy Hash: 6F31CEB4D05218CBDB28CF28D965BEDBBF2FB09300F5140AAD409AB390D7785A81CF01
                                                                                      Function 0513DD48 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1bb1a8e3120086a4dd9b905a2becaf0dfda18de68984f207073e01710a630df
                                                                                      • Instruction ID: d2f3e5796935f675ef0a4122f5a92a884897ba6f189baf795da9fb889c5dab34
                                                                                      • Opcode Fuzzy Hash: c1bb1a8e3120086a4dd9b905a2becaf0dfda18de68984f207073e01710a630df
                                                                                      • Instruction Fuzzy Hash: 96215CB8E04609DFDB04DFA9E8566AEFBB6FB89300F21C065D409A3384D7745A41CF90
                                                                                      Function 0513FC83 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc7ef6e5810eec2ca49d494ab56da512c33c1e93102ef81e49b8ec871f224bf4
                                                                                      • Instruction ID: 813d08b5d0d6bea53b1f99e0436748ec3a11d2ad352c1c46f2b657f95c378a7d
                                                                                      • Opcode Fuzzy Hash: dc7ef6e5810eec2ca49d494ab56da512c33c1e93102ef81e49b8ec871f224bf4
                                                                                      • Instruction Fuzzy Hash: C8216D74E04609DFDB04DFA9D856BAEB7B2FB49300F108466D804B3355D7785A46CF90
                                                                                      Function 05137408 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 868f27389719fc124021a017399e568bdc1e9d4253e52ebf4320ed3537f39945
                                                                                      • Instruction ID: 256008edcb31c5540d83adff0e227a5016c2b1ae07a7988deb12ec020cf4a263
                                                                                      • Opcode Fuzzy Hash: 868f27389719fc124021a017399e568bdc1e9d4253e52ebf4320ed3537f39945
                                                                                      • Instruction Fuzzy Hash: D1215975A001108FCB44DF68C998E697BF5FF89325B1680A9E105CB3B1D731ED05CB50
                                                                                      Function 0513FC90 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 105688853946ca6ab29feac44f73c12bea446359f5a9b0dd48fff7af5d00f6ef
                                                                                      • Instruction ID: ec9de57642d119025c3e5a367e842cac255c69de8f404eb4ed6516e4de54a6c9
                                                                                      • Opcode Fuzzy Hash: 105688853946ca6ab29feac44f73c12bea446359f5a9b0dd48fff7af5d00f6ef
                                                                                      • Instruction Fuzzy Hash: 4D216A74E54609CFDB04DFA9D85AAAEB7B6FB89300F108466D808B3364D7785A46CF90
                                                                                      Function 0513F856 Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9cd24b2922969ac1522bb737aef9af18545f883e5e7e7fa731337716b622984c
                                                                                      • Instruction ID: 7ccf22e70d533a7fea91bce053711186da5463c8c28d7d256c8cab325d342bfa
                                                                                      • Opcode Fuzzy Hash: 9cd24b2922969ac1522bb737aef9af18545f883e5e7e7fa731337716b622984c
                                                                                      • Instruction Fuzzy Hash: FE210F70D05258CBDB28CF68C965BAEB7F2FB48300F1040AAD00AA7350DB785A82CF00
                                                                                      Function 0515C860 Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb5fb281469f21a0e0b02ff59252f8035f88f095dad43c240e2c5498712495a3
                                                                                      • Instruction ID: c3075a52d9bf8b8eded7ea32f12fc7a9409640d93e639f5532c1a0fb8084d9e0
                                                                                      • Opcode Fuzzy Hash: cb5fb281469f21a0e0b02ff59252f8035f88f095dad43c240e2c5498712495a3
                                                                                      • Instruction Fuzzy Hash: 7811E231B003158FDB218F69D855BAE7FF2AB88210F14442AEE55DB380DB34C801C790
                                                                                      Function 05046590 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09618c5346361c1ec72f45740678be2181da53f91f062187e9398b6980a45ec1
                                                                                      • Instruction ID: 89951daddd5f08eca5de33ab9b4ef5cab457fdbcef34eae5a02567fa05dedfb8
                                                                                      • Opcode Fuzzy Hash: 09618c5346361c1ec72f45740678be2181da53f91f062187e9398b6980a45ec1
                                                                                      • Instruction Fuzzy Hash: CC214D74A0411A8BCF04EF98E4546EEB7F2FB89301F118269D509B7349DB74AE45CFA1
                                                                                      Function 05137418 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69d8cdbc9a724ea5d398d194a5535b8ad5c9f6c1e0211ad2d0c060e4a50191ea
                                                                                      • Instruction ID: 154e43203789a992c75666678117c56aeeda1b2cc44c92286392fb6466a96ac6
                                                                                      • Opcode Fuzzy Hash: 69d8cdbc9a724ea5d398d194a5535b8ad5c9f6c1e0211ad2d0c060e4a50191ea
                                                                                      • Instruction Fuzzy Hash: A11126756001108FCB54DF28C998E69BBF6FF89724B1180A9E505CB3B1DB31ED00CB90
                                                                                      Function 05130F58 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 58d1bd921b827e06c6f5bc3ceefd9eda6f3c8026b5f3ebbac614bd8fcd77d91a
                                                                                      • Instruction ID: 2329c1238152c7710acbd1301ea68cbed843b0ab5f289b8a4382866ec2cc20e4
                                                                                      • Opcode Fuzzy Hash: 58d1bd921b827e06c6f5bc3ceefd9eda6f3c8026b5f3ebbac614bd8fcd77d91a
                                                                                      • Instruction Fuzzy Hash: A80121313112108BD7149A69E89997EB7EBEFD9621328807AF506CB366CF75DC05CB90
                                                                                      Function 0513F390 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5afe20c7980b649a7347cacd361865e12734225c13f50ff991a8ef4bbe7dc7ab
                                                                                      • Instruction ID: 1f9b93ff97f4027256352f2fc896e0c1081caf7774a33e47719bc19b9f10fd41
                                                                                      • Opcode Fuzzy Hash: 5afe20c7980b649a7347cacd361865e12734225c13f50ff991a8ef4bbe7dc7ab
                                                                                      • Instruction Fuzzy Hash: 1A21EE74D05258CBDB28CF68D965BEDB7F2FB49300F5040AAD40AA7350DB785A82CF01
                                                                                      Function 0513F3A4 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ccdc566bd134505151e7bca6e36f650d2582c2220717cd625648a83ea99315d
                                                                                      • Instruction ID: d13fb2cfd513b0e8168e93909de3b9bd090d083752c33b7f1e91b9038e47a3ac
                                                                                      • Opcode Fuzzy Hash: 2ccdc566bd134505151e7bca6e36f650d2582c2220717cd625648a83ea99315d
                                                                                      • Instruction Fuzzy Hash: A521E274D05258CBDB28CF68D965BEDB7F2FB49300F5180AAD40AA7354DB785A82CF00
                                                                                      Function 0515C5E1 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 67cedf5e17268a01ef3dcfb8f670bc363bb4a0d270532bad8bb8f140cd9a26b3
                                                                                      • Instruction ID: 48e166a0b0804d998395d6eab6d15427a67c72a08c90c4271867e7977ca4f480
                                                                                      • Opcode Fuzzy Hash: 67cedf5e17268a01ef3dcfb8f670bc363bb4a0d270532bad8bb8f140cd9a26b3
                                                                                      • Instruction Fuzzy Hash: C9215F78A42219DFCB04CF68D594EADBBB2FF49714B614158E902AB361CB34AD45CB50
                                                                                      Function 0515890A Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aab882b665a1692606c93561537d7ff9dea68e319c222a7b3a4dd7a5150304a2
                                                                                      • Instruction ID: 7f7ab44194cf6dbf0de51f0806ce8d68e1c86932401f547550b8aa23d7078554
                                                                                      • Opcode Fuzzy Hash: aab882b665a1692606c93561537d7ff9dea68e319c222a7b3a4dd7a5150304a2
                                                                                      • Instruction Fuzzy Hash: B42106B4A05218DFDB28DF28D891BADB7F2FB84310F6054A9D409A7346DB349E84CF16
                                                                                      Function 0513F874 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f437efb854248b47d64eb20e395e4931ed753e85ae8d2a20fb89ff6188eeaa96
                                                                                      • Instruction ID: 388d76c14da6fe3e4141091bf777a54bcf5756133c25ce639125a91ac8455e77
                                                                                      • Opcode Fuzzy Hash: f437efb854248b47d64eb20e395e4931ed753e85ae8d2a20fb89ff6188eeaa96
                                                                                      • Instruction Fuzzy Hash: C521A278A152288FDB64EF68D855B99BBB2FB49300F1180E9A50DA7395DB306E81CF41
                                                                                      Function 051586A8 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23469d428a473e6d9e6a8d3396d85c6118f790123a18dfa3333fbc39e008626b
                                                                                      • Instruction ID: 9019d49ce4ac55398eb0976a3f3dfd07059330e57f9312baf2d03425f3991a04
                                                                                      • Opcode Fuzzy Hash: 23469d428a473e6d9e6a8d3396d85c6118f790123a18dfa3333fbc39e008626b
                                                                                      • Instruction Fuzzy Hash: 0C116D74904218DFDB18DF19D890BD9B7F2FB89300F1040A4E919A7394DB745D85CF52
                                                                                      Function 0513F339 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f28795df952603fa9beecde708755f4c5f20bdf9d23a17d04a5fa6d2afb612bb
                                                                                      • Instruction ID: 12bf05d22c466ae119979c47f6a6ba87225d9ce8c1257639bad2dac0e2c6ed0b
                                                                                      • Opcode Fuzzy Hash: f28795df952603fa9beecde708755f4c5f20bdf9d23a17d04a5fa6d2afb612bb
                                                                                      • Instruction Fuzzy Hash: 3221BCB4905219CBDB28DF68D965BEDB7F2FB49300F5040AAD40AAB354DB785E82CF00
                                                                                      Function 0513F678 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 898b0b649aa88b5826bd0f3be18dae2376ebb3e41d9ad27409c698beee97a3b5
                                                                                      • Instruction ID: 18471769088df2abab926fe9dd02a6e52730f0212cd65156093f6356d68a8f5f
                                                                                      • Opcode Fuzzy Hash: 898b0b649aa88b5826bd0f3be18dae2376ebb3e41d9ad27409c698beee97a3b5
                                                                                      • Instruction Fuzzy Hash: 2421DE74905219CBDB28DF28D965BEDB7F2FB49300F5180AAD40AA7344DB785E81CF01
                                                                                      Function 0515C4C0 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3466e7a346e12993e7bc1ebb87c60fdcbed376f68df891876613624388ae8d83
                                                                                      • Instruction ID: 12cec09be6c5dca6e413e29216c3c9a4bc8b52f789e473afe56a3f04ba1ba865
                                                                                      • Opcode Fuzzy Hash: 3466e7a346e12993e7bc1ebb87c60fdcbed376f68df891876613624388ae8d83
                                                                                      • Instruction Fuzzy Hash: EF017136340315AFDB008F59EC94FAA77A9FB88721F10802AFA15CB290D7B1DC008B90
                                                                                      Function 05157478 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70993090f496694d07ab1073a0b1de96c42bb265b6eb6f23b774c18c292ff812
                                                                                      • Instruction ID: 08286381404939859ea04fbe1463d958bb59ecf787e2b92295431bc412b1908e
                                                                                      • Opcode Fuzzy Hash: 70993090f496694d07ab1073a0b1de96c42bb265b6eb6f23b774c18c292ff812
                                                                                      • Instruction Fuzzy Hash: 25111575E00219CFCF05DBA8D4056EEBBF5FB88321F10016AD919A3380D7796E45CBA0
                                                                                      Function 05158CA0 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: edca08fdb1a4b49c36780a80e47129bb24e8c5e2aea5d6eb86e112dfa525b594
                                                                                      • Instruction ID: 1342d718f65d3d5aa920d32c3c17c5d0f9df643b20138e896d7c85952c660a7e
                                                                                      • Opcode Fuzzy Hash: edca08fdb1a4b49c36780a80e47129bb24e8c5e2aea5d6eb86e112dfa525b594
                                                                                      • Instruction Fuzzy Hash: E521D274A05228CFDB64EF28D8557E9B7B2FB49301F2141A9E409A7388D7785EC5CF41
                                                                                      Function 05157467 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 793040b695396f4bb31a536e5620453a44d094db66d8e7c6b59c14d47ee9ed19
                                                                                      • Instruction ID: 33dcd60d063aa46830ea90a67c03ad27bb0b86ba654618ca959db654ef7dea23
                                                                                      • Opcode Fuzzy Hash: 793040b695396f4bb31a536e5620453a44d094db66d8e7c6b59c14d47ee9ed19
                                                                                      • Instruction Fuzzy Hash: 76113375E04249DFCB05EBA8D8456EEBBF5FB48310F10416AD815A3380D7796E44CB91
                                                                                      Function 04F77290 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f748c0db99da60111dc282ba92406bbacbfe4ae509458197055d8137298deefc
                                                                                      • Instruction ID: 0e108092a2416e8b65ce0af93ad642c11fada51f611a3e9fd8e27bc867d79af8
                                                                                      • Opcode Fuzzy Hash: f748c0db99da60111dc282ba92406bbacbfe4ae509458197055d8137298deefc
                                                                                      • Instruction Fuzzy Hash: 1E113CB4E082499FC744EFB988412ADBFF1FB4A300F1481AAD518D3251E734A586CF81
                                                                                      Function 05048D71 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 677210e0ec64495d07263119355919e98e7ba34f825d1e2715a8596fb7ab376d
                                                                                      • Instruction ID: 3b37a1234928996b587c032cf41247ad7d9dfb5d18d192ec445f880c855a6381
                                                                                      • Opcode Fuzzy Hash: 677210e0ec64495d07263119355919e98e7ba34f825d1e2715a8596fb7ab376d
                                                                                      • Instruction Fuzzy Hash: EA019E75909208EFDB11EFA4E810BADBFB5FF5A301F1086AAEC0597261D7319E10EB51
                                                                                      Function 0515935E Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5781bd4843cef051136533c5faa6a413a58e2c999da613b3379c149416d9bfd6
                                                                                      • Instruction ID: 88d7dbdc0e6bd0100f7d976274e35d2376376e45512b25f840e5d254170007a2
                                                                                      • Opcode Fuzzy Hash: 5781bd4843cef051136533c5faa6a413a58e2c999da613b3379c149416d9bfd6
                                                                                      • Instruction Fuzzy Hash: 0311C4B2805248EFD711CF58C9C9B987BB1FB55330FE94095D961A6381DB389945CF02
                                                                                      Function 05135D1A Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4102a0e22bc35ba16ba51c25bd11d4bf45698026744f75781e1cdc5f7cb022a
                                                                                      • Instruction ID: 4b4b1931298de7c2efcd9e7e71083b376f1e6eaeadac9d83d53b508e22494668
                                                                                      • Opcode Fuzzy Hash: b4102a0e22bc35ba16ba51c25bd11d4bf45698026744f75781e1cdc5f7cb022a
                                                                                      • Instruction Fuzzy Hash: 0B0196397047409FC72A9B74C469B7A3BB3AB89210F16495DD5568F3A1CB75D842C740
                                                                                      Function 0515A7D8 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d53cd163f4ecfcdec0b166dd237adcbe23f6b7e4352fb18aac9aa8a7efda0f23
                                                                                      • Instruction ID: d6c42ca56fa788619650e10775347a162b28415b0d95bac429228c6f9cc2ad50
                                                                                      • Opcode Fuzzy Hash: d53cd163f4ecfcdec0b166dd237adcbe23f6b7e4352fb18aac9aa8a7efda0f23
                                                                                      • Instruction Fuzzy Hash: 6C019234A44248EFC711DFA8E54059D7BF0FF4A215F1486DAC899973A1DB315E06DB41
                                                                                      Function 05137527 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: de9ae1e9242dbaf7b57be4735530bcfe46e9404feabbf69dd35847984ce79cd7
                                                                                      • Instruction ID: 27cc5287cd419561565a64e1c5d96dad98261b1aeaafe1b7fa54455c01e97e2b
                                                                                      • Opcode Fuzzy Hash: de9ae1e9242dbaf7b57be4735530bcfe46e9404feabbf69dd35847984ce79cd7
                                                                                      • Instruction Fuzzy Hash: 1E012836B002189BCB18AA64D4AABDEBBB6EBCC320F14413AE90157380DF756C07C7D0
                                                                                      Function 05135D28 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72cd199dd4c1f4c053951756ea77830e14c2cf63bf0c072fbddb2dbea09ecaf5
                                                                                      • Instruction ID: 869fe4f182d1d02d82ff310ea3710f8c529dcb6d50444ea3526d09ae110d4a18
                                                                                      • Opcode Fuzzy Hash: 72cd199dd4c1f4c053951756ea77830e14c2cf63bf0c072fbddb2dbea09ecaf5
                                                                                      • Instruction Fuzzy Hash: 9701B1357006049FC328AB24D469B3B77A3BBC9320F158A6CD5564F791CB71EC42C780
                                                                                      Function 05154AC0 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fbfade03b6fbbd9d2f03c14ff3734a3c49c8313c93036ad4683f77fc0331b0da
                                                                                      • Instruction ID: c2420f357f543360331ca50c6b3c10a9faf1021c4de6b782b021d161ea165f47
                                                                                      • Opcode Fuzzy Hash: fbfade03b6fbbd9d2f03c14ff3734a3c49c8313c93036ad4683f77fc0331b0da
                                                                                      • Instruction Fuzzy Hash: DD01D67A904208EFCB45CF94D940E69BBB6FB49320F15C1D9E9195B232D732DE62EB40
                                                                                      Function 05157548 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 104de102ebcaea80efc8a754419405c8fd56e233865a55e0a6fe15b5608b4e1d
                                                                                      • Instruction ID: b245a97147262ab3f9e80f065fe26c622280c98c7ab165e3ccb2c10ef8f656a6
                                                                                      • Opcode Fuzzy Hash: 104de102ebcaea80efc8a754419405c8fd56e233865a55e0a6fe15b5608b4e1d
                                                                                      • Instruction Fuzzy Hash: 2A012C75D04208EFDB44EFA8D4457ACBBB4FF49354F1086AAD80593351EB319E45EB81
                                                                                      Function 05130741 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec426097515d990ac62f312742b911b823bca3b09597cf7e20a22ea65905e55b
                                                                                      • Instruction ID: 97e96ec58237f638e57e0df4385fe13cd46cca1472e8a5aaefe12a5dc31810e1
                                                                                      • Opcode Fuzzy Hash: ec426097515d990ac62f312742b911b823bca3b09597cf7e20a22ea65905e55b
                                                                                      • Instruction Fuzzy Hash: 4F011E34B10A19CFCB10EF64E598A9DBBB1FF89701F10415AF5029B364EF34A946CB91
                                                                                      Function 05132D90 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ba90318253d76bb032f04b447fb113d0aca546dfc8be32ffb613708edec3d05
                                                                                      • Instruction ID: b905497ea1845b73f1087a92f1259d76558430dce613ff1ea5e985c5805a9ff0
                                                                                      • Opcode Fuzzy Hash: 4ba90318253d76bb032f04b447fb113d0aca546dfc8be32ffb613708edec3d05
                                                                                      • Instruction Fuzzy Hash: 5AF0C8722003069BD716CF14DC84E8ABFB9FFC5314B05892EF955DB552EEB4E90A8760
                                                                                      Function 0515B8E8 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73a8dc1d067d2b7366cbb74d69c909384920b15380e3ae927fd767daea1b52f2
                                                                                      • Instruction ID: bea255e17166244915587e79900bacbbc1a547d802269addbe612a67d5cdfaf2
                                                                                      • Opcode Fuzzy Hash: 73a8dc1d067d2b7366cbb74d69c909384920b15380e3ae927fd767daea1b52f2
                                                                                      • Instruction Fuzzy Hash: 49F0F672B09211AFF3148B18D80472AF7A9FFC8324F144469D90A9B340CB72FC4187D4
                                                                                      Function 051305F8 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ace6c0293e6126bf7ca2b1d6f0c7c240cc965d9c89e306d546c59ea220cccd32
                                                                                      • Instruction ID: 562f239c087614da1bec008c8f394d6e143cc8afe8d89c75c97211a2b202fe62
                                                                                      • Opcode Fuzzy Hash: ace6c0293e6126bf7ca2b1d6f0c7c240cc965d9c89e306d546c59ea220cccd32
                                                                                      • Instruction Fuzzy Hash: 89F09636710104ABCB149A19D859EAEBBAEFBC8360B048026F915D7361EF35AC13CB91
                                                                                      Function 05133C30 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6dad84393cbc6bf68e6a54ab1c2f5a260c4d2b0ed8c6f7c98da5c4e6ea43d01d
                                                                                      • Instruction ID: 3a7419dc7a9546b73076a2935f0b49823b2fe705f2ba393de4d8d8176367a54d
                                                                                      • Opcode Fuzzy Hash: 6dad84393cbc6bf68e6a54ab1c2f5a260c4d2b0ed8c6f7c98da5c4e6ea43d01d
                                                                                      • Instruction Fuzzy Hash: 14018C393006109FC3199B28D469A1EBBA2FFCC721B208168E9068B791CF35EC42CBD0
                                                                                      Function 0504AF15 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1c8651cddd8d95875dc24a6016888eff724c97574913a03570ff3b21af4557f
                                                                                      • Instruction ID: 92edb7ce324c480a8712d53575c9d5c4556b416897d23c81d734b81c7796d610
                                                                                      • Opcode Fuzzy Hash: f1c8651cddd8d95875dc24a6016888eff724c97574913a03570ff3b21af4557f
                                                                                      • Instruction Fuzzy Hash: DD015EB8A146598FDB50DF24D815B9DB7F2FB49304F5080E6990AAB395DB30AD41CF50
                                                                                      Function 05040646 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fa974eddeafc9f11c1d7c85f03600b1956808b4a2dba842a4b120193f5cfda87
                                                                                      • Instruction ID: a2fe4d2bd2b2249a7ac2c03a75356ca5ac9dc495243a3a17016747ab598c3de3
                                                                                      • Opcode Fuzzy Hash: fa974eddeafc9f11c1d7c85f03600b1956808b4a2dba842a4b120193f5cfda87
                                                                                      • Instruction Fuzzy Hash: 621157B4A05158CFDB50DF58E859B9EB7B2FB89301F0180E4E909AB349C734AD86CF40
                                                                                      Function 0515B950 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 148882ec24a0deb1aecdae0ed682ba7726a1417e7eaa64e81939ea77f9d1a572
                                                                                      • Instruction ID: de25ea22d316b09da261ce8c2517f36df3d4739c051506c568bb6b5ff0446910
                                                                                      • Opcode Fuzzy Hash: 148882ec24a0deb1aecdae0ed682ba7726a1417e7eaa64e81939ea77f9d1a572
                                                                                      • Instruction Fuzzy Hash: 4DF0BBA2B0E295DFE31647795811329BFA19BD6224F1900DFC5878F391DBA69806C350
                                                                                      Function 05042121 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b28e85be1780f1502841b56ca547a6bb03105048f7ffd95e1bfb77ad8c8165d3
                                                                                      • Instruction ID: 84a259f1744d00e8b40dd2a4ff558da4f6ae9a4c1661d1948edeedee916da6f5
                                                                                      • Opcode Fuzzy Hash: b28e85be1780f1502841b56ca547a6bb03105048f7ffd95e1bfb77ad8c8165d3
                                                                                      • Instruction Fuzzy Hash: EDF0D179604149AFCB01CFA4E8009ACBFB2FB55310F048299EE1857271CB325922EF41
                                                                                      Function 0513B289 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 95ee02e42561c8ca063ce5946a2f9aad817848bfcca1add01bdc11dadbf65687
                                                                                      • Instruction ID: 8a4d9d92eb00a5d3e9a8b63a511033bfd04f817cd0112ccc30432e49a88636d7
                                                                                      • Opcode Fuzzy Hash: 95ee02e42561c8ca063ce5946a2f9aad817848bfcca1add01bdc11dadbf65687
                                                                                      • Instruction Fuzzy Hash: B4F0A474E0D148DFCB11CBA4D8906ACBFB1FF46214B1583C6C844972A1EB325E06DB45
                                                                                      Function 0515B8F8 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f4b048e16b367a5a95f6454c7768f6e1352ddffe4d79b07a8919ae84c68b2745
                                                                                      • Instruction ID: 222b67ea1878770bd8023f9e35114ad43ed3803b808cdec8980749f8031f429a
                                                                                      • Opcode Fuzzy Hash: f4b048e16b367a5a95f6454c7768f6e1352ddffe4d79b07a8919ae84c68b2745
                                                                                      • Instruction Fuzzy Hash: CEF0E971B096159FE3148619981072FF7A9EBC8720F14406DD94A9B340CB71AC4187D4
                                                                                      Function 04F7D3C0 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 071038e3cdd39dd4d1bc054161b61da9b301207b7d055f91248481568c9f8450
                                                                                      • Instruction ID: 0cc83aaa744719d90d67aa8e3381896bff6cfd870986033ec38d6c9ebce15a29
                                                                                      • Opcode Fuzzy Hash: 071038e3cdd39dd4d1bc054161b61da9b301207b7d055f91248481568c9f8450
                                                                                      • Instruction Fuzzy Hash: 5901C8B4D052098FCB40EFA8D4856AEBBF1FB49300F6142AAD819E3344D7746E41CF91
                                                                                      Function 0513E050 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eef06aa9fca02c95d2f03f080cd6d52bb59f6a46a7c8cb4876f34b3d7bf37562
                                                                                      • Instruction ID: b90fb9b780a7cb1560b06ec631a70e057ff9c462b37e713dd699f70af6f7c74e
                                                                                      • Opcode Fuzzy Hash: eef06aa9fca02c95d2f03f080cd6d52bb59f6a46a7c8cb4876f34b3d7bf37562
                                                                                      • Instruction Fuzzy Hash: 2101F435908388AFC701CFA8C8506ACBFB8FF06200F1481DEE89497242C3318A11DB40
                                                                                      Function 0504FB10 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3f9248839912cf37c9e4385974f08b9c57115f28b27c15d38d8acd3c9766b2e0
                                                                                      • Instruction ID: 47608dd6e124d688038987f1a8ae5a9e6634055b0f9d36984710b0202a7feeeb
                                                                                      • Opcode Fuzzy Hash: 3f9248839912cf37c9e4385974f08b9c57115f28b27c15d38d8acd3c9766b2e0
                                                                                      • Instruction Fuzzy Hash: 09F0A0F670A03247DA211629BCB072EAA9AD796A91F85417EAD46C3344DD168C024AE1
                                                                                      Function 04F73888 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 50d54657a555dd60ea155314eb2961df91ee9f897e04a49f2b613bc3f22edaa0
                                                                                      • Instruction ID: 41168266dc9793f9130c087b90ba1d07d463197884b29bde0b44acff457fdf23
                                                                                      • Opcode Fuzzy Hash: 50d54657a555dd60ea155314eb2961df91ee9f897e04a49f2b613bc3f22edaa0
                                                                                      • Instruction Fuzzy Hash: D6F01D76D04248AFC781CFA8D8416ADBFF4FB59200F04C1AAEC58D7242D2399A13EB51
                                                                                      Function 051339A8 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dd2cf3f5637d3f950a27a07205d327e341c1a7b4dd4879e66f330658db309a9d
                                                                                      • Instruction ID: 57cc0142534f93f05c1d4a6e9add69687d3556c8842c16a848a15bf1b6f0b24b
                                                                                      • Opcode Fuzzy Hash: dd2cf3f5637d3f950a27a07205d327e341c1a7b4dd4879e66f330658db309a9d
                                                                                      • Instruction Fuzzy Hash: DEF06D7A3106008FC305DF24C555E2A7BB6FF89311B1544A9F546CB361CA35DC02CB50
                                                                                      Function 053142FE Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 93b98476628bde3af7854a0a8482dc16cae4f08e70844d6252415b4518fe128a
                                                                                      • Instruction ID: 25c22d072b26217208ec5839232a193b13754b4ae391166624cbe8d8d06fbb32
                                                                                      • Opcode Fuzzy Hash: 93b98476628bde3af7854a0a8482dc16cae4f08e70844d6252415b4518fe128a
                                                                                      • Instruction Fuzzy Hash: C11117B4A01228CFCB68DF28C888BD9B7B5FB49300F0180E5E419A7744CB74AEC18F52
                                                                                      Function 04F79684 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e876b837c552c5f38ed686ff8872f3f27affcb2e81c2e1b25f19a36904f7136
                                                                                      • Instruction ID: d72a7a8380f9ee211d22d5a3c07ce228a4ae2041b104d9b2a5bea7d03bbc4fec
                                                                                      • Opcode Fuzzy Hash: 3e876b837c552c5f38ed686ff8872f3f27affcb2e81c2e1b25f19a36904f7136
                                                                                      • Instruction Fuzzy Hash: 92116374A00628CFCB64DF24DD54B9ABBF1FB89305F1051EA940AAB361DB316E84CF51
                                                                                      Function 0504AF2E Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e7f8ca9bb76b0694434036800c3f80ced199944f43c658c0503d432e44b82679
                                                                                      • Instruction ID: 259ef006a698d7af6ab0ff2ae54ef2525b53d400a5373054d5e7403b178aec0f
                                                                                      • Opcode Fuzzy Hash: e7f8ca9bb76b0694434036800c3f80ced199944f43c658c0503d432e44b82679
                                                                                      • Instruction Fuzzy Hash: B1014B74A10558CFDB14DF68C844B9DBBF2FB48304F6094EA950AAB399DB30AD81CF50
                                                                                      Function 0513B801 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 711480e88c3b4ca83857a008ede545a6228f73eab2b78f866d7a57ef82d43ebd
                                                                                      • Instruction ID: f8af8b4003aa1b4d1e061534b7ef219e0597b16235180c90dd0b68c4c058f151
                                                                                      • Opcode Fuzzy Hash: 711480e88c3b4ca83857a008ede545a6228f73eab2b78f866d7a57ef82d43ebd
                                                                                      • Instruction Fuzzy Hash: 0CF0E27490D284DFC715DB94D8A57FC7BB4FB46214F1A01CAC80A87692D3718E81CB00
                                                                                      Function 05042610 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a18fee23a4681ca80c4bef65144b1b412bb0b14c3f4408063b718ef47f1622ea
                                                                                      • Instruction ID: 3e0bec8a94be62442d9e88d2693354ee4529fb0ff0f2395b90de77211edc0394
                                                                                      • Opcode Fuzzy Hash: a18fee23a4681ca80c4bef65144b1b412bb0b14c3f4408063b718ef47f1622ea
                                                                                      • Instruction Fuzzy Hash: 6DF0DA79A05249EFCB01CF94D581AACBBB1FB59314F1095A5EC5997251C6318A13EF40
                                                                                      Function 051339B8 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5ff6c7189aaf5f0c76ad6ce5efeb61780db339aeaf2547fd41b3d59e184045c9
                                                                                      • Instruction ID: 77e27b67f548d11460a6b28bd841a2b59f467a31864f46fe7394894902893258
                                                                                      • Opcode Fuzzy Hash: 5ff6c7189aaf5f0c76ad6ce5efeb61780db339aeaf2547fd41b3d59e184045c9
                                                                                      • Instruction Fuzzy Hash: 43F05E353506009FC314DB19D458D2A77AAFFC9721B1040A9F9468B360CA31EC02CB90
                                                                                      Function 0504700F Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bfc46641eaea3bd23ba7ef57fd48e839e4533230cd9356850ffe6f75fa4f85e6
                                                                                      • Instruction ID: ebfcbefc67d1e4a1e7a77920a1b19400dc4f39aa79bcde9763593fb639e8bdd4
                                                                                      • Opcode Fuzzy Hash: bfc46641eaea3bd23ba7ef57fd48e839e4533230cd9356850ffe6f75fa4f85e6
                                                                                      • Instruction Fuzzy Hash: 8001DDB4A00118EFDB50CF68E994BADBBF6FB49300F1081A4E408E7341D770AE868F40
                                                                                      Function 0513FC38 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: acc6a035899df0673539bc7dc86efc78c579cddf756d7269a8040fbe9f13d72a
                                                                                      • Instruction ID: e66edc7b488b233cd38282ca1a2115b8630cf5d9c1eac08118a26886681290a8
                                                                                      • Opcode Fuzzy Hash: acc6a035899df0673539bc7dc86efc78c579cddf756d7269a8040fbe9f13d72a
                                                                                      • Instruction Fuzzy Hash: 23F0A771E68244DFC744EB94C493FEC7BF4EB01314F184598C80987251E735AA43DB41
                                                                                      Function 05137379 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 854a7f50175883d052b121e8cbe7d1fff2e499362efa6dc58b04c289f2cfead9
                                                                                      • Instruction ID: e122704dc7b8404ac0b7c4d1b142d965f8a6e9f165bb42451b74a37e21dec90d
                                                                                      • Opcode Fuzzy Hash: 854a7f50175883d052b121e8cbe7d1fff2e499362efa6dc58b04c289f2cfead9
                                                                                      • Instruction Fuzzy Hash: 72F055B370421487D7052528862FB7D2A8BCBD0201F05816B9814C72C2DFB88A0283A0
                                                                                      Function 05315216 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1b27ce84e68c35c1e04a9b7bdc20bda85253a95fc13b53fc62597b5be160e0e0
                                                                                      • Instruction ID: b6f841835318a97c66601cce2ca5e30282534240519d33146255ca625fc05fc2
                                                                                      • Opcode Fuzzy Hash: 1b27ce84e68c35c1e04a9b7bdc20bda85253a95fc13b53fc62597b5be160e0e0
                                                                                      • Instruction Fuzzy Hash: FF01E878945119DFCB68DF25C894AD9B7B6EF48300F2190E69809A3754DB34AE819F90
                                                                                      Function 050428F8 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bc2e10677c3fe2c992bd06ef358446f234b1fe0f9781790e53036f608484660e
                                                                                      • Instruction ID: 3128d72b649ce015e86142a8fb403d80d32e403f8bd2f8176df28862550fa460
                                                                                      • Opcode Fuzzy Hash: bc2e10677c3fe2c992bd06ef358446f234b1fe0f9781790e53036f608484660e
                                                                                      • Instruction Fuzzy Hash: 8EF05E78E08244AFC740CFA4D4866ACBFB4FB45200F00C1EAC84897252D6748E03CF41
                                                                                      Function 05156405 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fa996a68d3f39f284b2d9666fc3fe20804bccac01e3541857dd0ac62f74ab549
                                                                                      • Instruction ID: e2db7990705da588d031294e8c517842220b5831c93e13203894d20bc676f5ae
                                                                                      • Opcode Fuzzy Hash: fa996a68d3f39f284b2d9666fc3fe20804bccac01e3541857dd0ac62f74ab549
                                                                                      • Instruction Fuzzy Hash: EF01C4B4E00218DFDB18DF69D448BADB7F2FB49312F919065E419A7358DB389945CF40
                                                                                      Function 05158715 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9b256ec9e2a5a8c3d07e4fb879867eac2d4ce6221af1317daae85e683a85dcd6
                                                                                      • Instruction ID: 8a38e120c4bd23403bf08b9ac9679d7b9f28cb1544767e8122916b0ac5389407
                                                                                      • Opcode Fuzzy Hash: 9b256ec9e2a5a8c3d07e4fb879867eac2d4ce6221af1317daae85e683a85dcd6
                                                                                      • Instruction Fuzzy Hash: 4F01C474A06118DFDB50DF58D894B9CBBB2FB48300F2141A5E419A7388DB796D85CF05
                                                                                      Function 04F707E1 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7bcb3cfc33c1b2c9e23362633156c3f24b4802898d6affba995ff35ca0a554bf
                                                                                      • Instruction ID: 08132879a660b89da2dab780f7fcadd4f908530a27c0db09a444378a8dd07f46
                                                                                      • Opcode Fuzzy Hash: 7bcb3cfc33c1b2c9e23362633156c3f24b4802898d6affba995ff35ca0a554bf
                                                                                      • Instruction Fuzzy Hash: EFF06D7990C248AFC700DBA4D842ABDBF78EB46300F1481AAD8445B293D635AE43EB95
                                                                                      Function 0504B929 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 78eb024af7b314e46a3082b2bf4459258e0bea62f25b9e4b26711a7bf962324c
                                                                                      • Instruction ID: 5c288c9388bde2729c63ce9c2da99df15265916bd0a5c0f9722c7cb082eb42e1
                                                                                      • Opcode Fuzzy Hash: 78eb024af7b314e46a3082b2bf4459258e0bea62f25b9e4b26711a7bf962324c
                                                                                      • Instruction Fuzzy Hash: 6FF0B275944208AFDB85DFA8E841BADBBF5FB49310F10C1AAEC0992250D7399E52DF40
                                                                                      Function 0513B7B8 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07fa7be53e5b63033db126823d7e7a89f77a6c9efd7a4047fd4f4e98ad3d8ad7
                                                                                      • Instruction ID: e151945b6a1cc27d97f5ff6b966393837c322eee960e431d74eb00a1be3cb95c
                                                                                      • Opcode Fuzzy Hash: 07fa7be53e5b63033db126823d7e7a89f77a6c9efd7a4047fd4f4e98ad3d8ad7
                                                                                      • Instruction Fuzzy Hash: C2F08275D092489FC745DFA8C4956A87FB1FF45204F1546E9D80ACB391E7358E05CB41
                                                                                      Function 05158F43 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f87061539d2c7ab40a78f199bbd95721ca3e58a2e55b32908f6f0df510bc4bed
                                                                                      • Instruction ID: d3c3037e58cbc07fccae53d5971ec5d7fbea802b9b28b7d84663696f4420e0ae
                                                                                      • Opcode Fuzzy Hash: f87061539d2c7ab40a78f199bbd95721ca3e58a2e55b32908f6f0df510bc4bed
                                                                                      • Instruction Fuzzy Hash: 4C01D674A152298FDB64EF28D8507AEB7F2FB49300F2141E5A81DA3749DB356E85CF40
                                                                                      Function 050477B8 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3dd6196620089b8dcad08910a7a55e687131cad67a8bbea2a6e2d920ee972c93
                                                                                      • Instruction ID: 51d100ed41b0178765cbbd0d5de075243039f19ce566e150606830f92db815c9
                                                                                      • Opcode Fuzzy Hash: 3dd6196620089b8dcad08910a7a55e687131cad67a8bbea2a6e2d920ee972c93
                                                                                      • Instruction Fuzzy Hash: BCF0D479904208EFCB40CFA4D940BADBBB5FB48310F1081A9E81466211E7769E52DF40
                                                                                      Function 050427D0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 013ba61072a38889209ba95a82d1cc3970ce9574faeee7fb02397f6ca9525fcb
                                                                                      • Instruction ID: 42946143829aff979758657a65400197f3d12915d4a52733f5385872e92e942f
                                                                                      • Opcode Fuzzy Hash: 013ba61072a38889209ba95a82d1cc3970ce9574faeee7fb02397f6ca9525fcb
                                                                                      • Instruction Fuzzy Hash: 55F015B9E0D248AFD700DBB4EA922ACBBB0EB45204F10C1EAD80997252D6319B43DB41
                                                                                      Function 050426A8 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ccd52522853ebc3bcc8c10dba3dcc3eb061acd4b59abb2fbcc15f397c80be60a
                                                                                      • Instruction ID: f96b56d1a0e38e72a91e2d42d7832819e7f7a8097c35887af959792a65c3519c
                                                                                      • Opcode Fuzzy Hash: ccd52522853ebc3bcc8c10dba3dcc3eb061acd4b59abb2fbcc15f397c80be60a
                                                                                      • Instruction Fuzzy Hash: 76F0E53D219148EFC706CF50D841AACBF36FB1A314F148699EC49471A3CA328E53DB40
                                                                                      Function 0504193A Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 840b535a4c34dab6c141a0685546872dd04c84aac9c03280bd505e00773a6c38
                                                                                      • Instruction ID: 6b2467e9bc7b1089693a01071e3b7782a9b38fb8a9910ea49411a71a28592dd0
                                                                                      • Opcode Fuzzy Hash: 840b535a4c34dab6c141a0685546872dd04c84aac9c03280bd505e00773a6c38
                                                                                      • Instruction Fuzzy Hash: F0F0F8B4D09244DFCB84DBA894512ACBFF1EB4A200F1481EAC848E3252D2354A42DB01
                                                                                      Function 0504AB60 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 718a541364df0ed2ed05d446dfd5c18a5c0f61f9ebe2d291bebfa75b8a7c3835
                                                                                      • Instruction ID: 4cee385119bbe43f387a3a1e472c2a9b327650586d00ddf57548c8b633714e6e
                                                                                      • Opcode Fuzzy Hash: 718a541364df0ed2ed05d446dfd5c18a5c0f61f9ebe2d291bebfa75b8a7c3835
                                                                                      • Instruction Fuzzy Hash: 45F0DAB4D44208EFD780DFA8E440BADBBF5FB48310F10C2AA980892251D7755E41DF40
                                                                                      Function 0513F1F0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 91fe37731973feee6deabfe80cb8ad33ded130317bac8e9cf23b81f288b07262
                                                                                      • Instruction ID: 25e772e8c613aab0e0b422bbaca93f50137a4c8c9a14b4edd8c14afba4bfabd3
                                                                                      • Opcode Fuzzy Hash: 91fe37731973feee6deabfe80cb8ad33ded130317bac8e9cf23b81f288b07262
                                                                                      • Instruction Fuzzy Hash: F6F05E79D08248EFCB41CFA4D8516ACBFB0BB4A300F1581D6D84897252C7359E56DB51
                                                                                      Function 0513F26F Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9532a256298cf62bf458acdc623c9b8bde8dbf88bb6f4ce274405316df632d6
                                                                                      • Instruction ID: fe4070b5334fb7400c2fec2033b7f06515f3e7c6232a25e7bc41e81039ba0c8e
                                                                                      • Opcode Fuzzy Hash: b9532a256298cf62bf458acdc623c9b8bde8dbf88bb6f4ce274405316df632d6
                                                                                      • Instruction Fuzzy Hash: A2F05838904208EFCB40CF98D841AACBBB4BB48200F6082A9A84997341C731EA52DB80
                                                                                      Function 0515DB9F Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d4e47ddb791612e00a6b0c2c186f3879451938acddc3a84cf1beb98322b961e3
                                                                                      • Instruction ID: 76005c681ba2d79ee7d36e1c8478d0a25c7f3f36fbea87ec1f47d190c6ef6b0a
                                                                                      • Opcode Fuzzy Hash: d4e47ddb791612e00a6b0c2c186f3879451938acddc3a84cf1beb98322b961e3
                                                                                      • Instruction Fuzzy Hash: ABF08231A04309DFDB19CFA4D0997DC7FB6AB45211F18C0A9D00697680DB380682CB44
                                                                                      Function 05042130 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 036c359a9197717f5990fafd47f86ee8339f8f4b730dd284779bd03efda337f1
                                                                                      • Instruction ID: b8d199f895b15488d04681a866b290cc0a10738e136e4f1e3381ee8e6b7bab54
                                                                                      • Opcode Fuzzy Hash: 036c359a9197717f5990fafd47f86ee8339f8f4b730dd284779bd03efda337f1
                                                                                      • Instruction Fuzzy Hash: 48F0DA79904208EFCB41DF94D841A9DBBB5FB48300F14C1A9AD1992321D7329A61EF40
                                                                                      Function 05047988 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 53b3397879ee99ec773cc431c185706b516fcd00debcdc0c28209bb59d6988f3
                                                                                      • Instruction ID: 290fdf8d0d54741cefa58e842cf323f3f8e428e6ec28ebbb388f05e57c810ea6
                                                                                      • Opcode Fuzzy Hash: 53b3397879ee99ec773cc431c185706b516fcd00debcdc0c28209bb59d6988f3
                                                                                      • Instruction Fuzzy Hash: A7F017B4905118EFCB40CF88E880EEE77BAFB09300F008165F5099B255CB34AA85DF50
                                                                                      Function 05043280 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73592e159adb69545bf5d0f01011b5bb4c18d99b64543f1e0f159257c323b014
                                                                                      • Instruction ID: 8867545204039ba2dad476512c2a2d9311d6c84dcef5faf415dceef5d9a28aff
                                                                                      • Opcode Fuzzy Hash: 73592e159adb69545bf5d0f01011b5bb4c18d99b64543f1e0f159257c323b014
                                                                                      • Instruction Fuzzy Hash: BFF01C79A00248EFCB44CF94DA40BACBBB1FB49310F10D699E81993261C7328E51EF44
                                                                                      Function 0513CC58 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb1eb749394b155ef30cc570b26aa92285f11c579f76f1a639b1319a5350a99a
                                                                                      • Instruction ID: e1ab443f18d9bbf2fba7be0c4558ade603f076b4b825c8549fd5ae47e9e03ec2
                                                                                      • Opcode Fuzzy Hash: cb1eb749394b155ef30cc570b26aa92285f11c579f76f1a639b1319a5350a99a
                                                                                      • Instruction Fuzzy Hash: 0EE0DFB050A240AFC302CBE098916E67F39AB06224F09458AD80997662E7614E02C380
                                                                                      Function 0513E9D2 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2bd9e38b4cbd47d964661278bd296b6b53fe4ff13b3222be88f78ada021b6cef
                                                                                      • Instruction ID: 33f3f4ce489a7381158da830f75855a66566ad83e6ebf17940833d0928fa4c80
                                                                                      • Opcode Fuzzy Hash: 2bd9e38b4cbd47d964661278bd296b6b53fe4ff13b3222be88f78ada021b6cef
                                                                                      • Instruction Fuzzy Hash: F6F05874D08388AFC740DBA8D8552ACBBB4BB49200F0482DAC849D3342E2359E06DB51
                                                                                      Function 0513B9E0 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62540ab2920e0c791a6594b57efc8f5f9462541bf07505a56a358214b77254e9
                                                                                      • Instruction ID: 2539fe77ff64e80460dfe22b420d5ee63c1a76819d4e5e16b6bdb3dce6edf9aa
                                                                                      • Opcode Fuzzy Hash: 62540ab2920e0c791a6594b57efc8f5f9462541bf07505a56a358214b77254e9
                                                                                      • Instruction Fuzzy Hash: 4AF0A07480D288AFD705CBA4D8512ACBFB4BB46205F1581DACC4497382D7359E06CB91
                                                                                      Function 05157418 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9013908e61ab0776eca1dcb31ff8424218a237d107d967b6f54b5a9bf8f75df3
                                                                                      • Instruction ID: 360ce21895ce7c8cecba9ba2a5573dd6307c27dd032d7c65cd25f2d359e204b3
                                                                                      • Opcode Fuzzy Hash: 9013908e61ab0776eca1dcb31ff8424218a237d107d967b6f54b5a9bf8f75df3
                                                                                      • Instruction Fuzzy Hash: C6F0D475D04208EFCB44DFA8D441BADBBF5FB48210F10C1AA981992351E7759E92DB41
                                                                                      Function 051561C9 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ba3699d347b728877ffc322f752a34f85c1b77814050fc71c5b1ebf50d0e45a
                                                                                      • Instruction ID: 4fca3d02f050ac6da45e4b50dbb3238e1351864d9e6869718487c6205ad1c321
                                                                                      • Opcode Fuzzy Hash: 0ba3699d347b728877ffc322f752a34f85c1b77814050fc71c5b1ebf50d0e45a
                                                                                      • Instruction Fuzzy Hash: 84F03774A04208DFDB14DF59D444B99B7F2FB49311F5180A9E41CA3368D730AC80CF41
                                                                                      Function 051592CE Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 38c881678505abcb94567aa5622a7e3093a4175bf0b3aeb779af2359774e33ef
                                                                                      • Instruction ID: 30eca4daa880b61dce6d2147bbc8df70969b3c3ad5869fe306f8a90991025c19
                                                                                      • Opcode Fuzzy Hash: 38c881678505abcb94567aa5622a7e3093a4175bf0b3aeb779af2359774e33ef
                                                                                      • Instruction Fuzzy Hash: 38F03774A00218DFDB10EF68E49479CBBB2FB88321F2041A9E50AA3345DB356D84CF05
                                                                                      Function 0515A820 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4be5c72863611d6fc5cde5dc260b2c699f5945e7bbd7265c91cf5a81bad792b8
                                                                                      • Instruction ID: 13610fc3fc05ed04641b42fe80a081868ee95c3b4a6ea2985105b9f185083da7
                                                                                      • Opcode Fuzzy Hash: 4be5c72863611d6fc5cde5dc260b2c699f5945e7bbd7265c91cf5a81bad792b8
                                                                                      • Instruction Fuzzy Hash: 4AF0F874D44208EFD744DBA8D8857ADBBF4FB48215F14C2AD985897301D7359E02DB40
                                                                                      Function 05158868 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd08079c606c6aeab843dcad06d8fa796d8bb1f75fd1a9526d55ea440e804b05
                                                                                      • Instruction ID: 80de72ae3b3f2f74d7102df7a9971619c8eafc6d3b33010e885b2ff52f11c94b
                                                                                      • Opcode Fuzzy Hash: cd08079c606c6aeab843dcad06d8fa796d8bb1f75fd1a9526d55ea440e804b05
                                                                                      • Instruction Fuzzy Hash: F6F01D74909208DFDB60DF68D098BACBBB2FB49310F605195E429A3385CB795CC9CF06
                                                                                      Function 04F73898 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73b5029ca36f41d070b41346dacea277ae51fae3749737cc1a223005ff16eca9
                                                                                      • Instruction ID: 786cf33a1decd07cd0b69eb3415c6f9eabf820aa8e4f1b49c6c3b74e4eec6914
                                                                                      • Opcode Fuzzy Hash: 73b5029ca36f41d070b41346dacea277ae51fae3749737cc1a223005ff16eca9
                                                                                      • Instruction Fuzzy Hash: 4FF0F875D04248AFCB80DFA8C840AADBBF8BB49200F14C1AAAC58D3241D6399A51EF51
                                                                                      Function 050467EB Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70062f2de525f24712ddd0b683187f912fcce58c0d14a476c4fc7ddea4c8dc44
                                                                                      • Instruction ID: 3a25c94c7b1f725e840c84cd5b61c4a4339e6ed65ef59c93e97708df71d2459d
                                                                                      • Opcode Fuzzy Hash: 70062f2de525f24712ddd0b683187f912fcce58c0d14a476c4fc7ddea4c8dc44
                                                                                      • Instruction Fuzzy Hash: BAF0C975D05208AFDB44DFA8D8417ADBBF4FB4A204F14C2AD9809E7352D6369E42DF41
                                                                                      Function 0504B0AE Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6da437daaa40a597113f08fa222d610b90b4d01482d3e10c5cf5751015a8d4e1
                                                                                      • Instruction ID: 429048d881a5abc1e6590975537ae6b955f0a2c453c3b8b45b3c7a5c4dc54155
                                                                                      • Opcode Fuzzy Hash: 6da437daaa40a597113f08fa222d610b90b4d01482d3e10c5cf5751015a8d4e1
                                                                                      • Instruction Fuzzy Hash: 00F0F974A09658CFCF40DF64D898AAD7BF2BB09305F1950B9E009AB256C7799845CF09
                                                                                      Function 0504BB03 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed69e1b27c3c0699755d925150cf9330db8c776a6ceebd42d3d1591fe821fb5a
                                                                                      • Instruction ID: fe826ecbf9e74795c4661cfe8fbe6fc4bc1d2e1477bd33ddf2054e1051801750
                                                                                      • Opcode Fuzzy Hash: ed69e1b27c3c0699755d925150cf9330db8c776a6ceebd42d3d1591fe821fb5a
                                                                                      • Instruction Fuzzy Hash: 2EF0F2B9D04208EFCB84DFA8D840BADBBF4FB48300F10C1AA981893350D6759E51DF80
                                                                                      Function 0513F7F0 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5d5585632f56d86514a3174abd5e75f06fa075964d0ca2f766b4572c95acc664
                                                                                      • Instruction ID: 73ac53a746b2b7276337f52b1f3df077728ba37236d20a4f9169dfd108012cf7
                                                                                      • Opcode Fuzzy Hash: 5d5585632f56d86514a3174abd5e75f06fa075964d0ca2f766b4572c95acc664
                                                                                      • Instruction Fuzzy Hash: 95F0F478A01118CFCB24DF64C945BECBBF2EB48300F1081AAA809A7381C7B49E82CF40
                                                                                      Function 0513E392 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 96c1e973dbf5eb98dfab2ce2f874aa39c9617d2829828062c601f910a1f3223c
                                                                                      • Instruction ID: 4d1a13abe4c3c93717d2b1412de1d1f086e1dccde924768f92cff1707e394bba
                                                                                      • Opcode Fuzzy Hash: 96c1e973dbf5eb98dfab2ce2f874aa39c9617d2829828062c601f910a1f3223c
                                                                                      • Instruction Fuzzy Hash: 5CF06D74909288EFCB05CF94CA517ACBBB1FB4A200F5582D6C82A873A2C7318F02DF40
                                                                                      Function 0513CB90 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 75214122047351db42abba7cfcdf6f64379e3f630142e7d3cfae480980b6bd1b
                                                                                      • Instruction ID: 30bb0cc16161d23741f7b8502e2a7d04aab5011216bac92251fb9906138148c9
                                                                                      • Opcode Fuzzy Hash: 75214122047351db42abba7cfcdf6f64379e3f630142e7d3cfae480980b6bd1b
                                                                                      • Instruction Fuzzy Hash: 4DF08C70C092889FC701CBA4C4912ACBFB0BB4A204F1582EAC84593392C3355E01DB80
                                                                                      Function 0515879E Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1b5ae243c3722d83e604f0d0ea95a5d6cd33f74f0b8211763a673daf4eac970
                                                                                      • Instruction ID: b5cb4130bb045001c95829e6328867448d481c1682e984b619cb01f5c03b9d29
                                                                                      • Opcode Fuzzy Hash: b1b5ae243c3722d83e604f0d0ea95a5d6cd33f74f0b8211763a673daf4eac970
                                                                                      • Instruction Fuzzy Hash: 4FF04434910258DFDB10DF68E498BACBBF2FB49305F2005A9E41AA3385DB78AD84CF05
                                                                                      Function 05159184 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f336132db2f8c69bfd87485a8746de4d91c2900df9f9cfd347e668efcc2eb694
                                                                                      • Instruction ID: 065f2045717de40daac5560f77e6ebc6324cb15c61ed5343285aa985b5edfee7
                                                                                      • Opcode Fuzzy Hash: f336132db2f8c69bfd87485a8746de4d91c2900df9f9cfd347e668efcc2eb694
                                                                                      • Instruction Fuzzy Hash: A8F0E774905258DFDB14DF68E4A479DB7B2FB44305F500195E41AA3384CB796D84CF06
                                                                                      Function 05157C70 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cdb5d2e7f597277bd941128e9ba8a65629516f45ac5e853eb7978f1f738fa045
                                                                                      • Instruction ID: 014b360f32bac8ff8326e3a7cfd13b865716d4bc224f2acc9ed835ae386028f6
                                                                                      • Opcode Fuzzy Hash: cdb5d2e7f597277bd941128e9ba8a65629516f45ac5e853eb7978f1f738fa045
                                                                                      • Instruction Fuzzy Hash: 21F0F874D05208EFCB84EFA8D5417ACB7F5FB88210F1086AA982993341E7356E41DB41
                                                                                      Function 05158981 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72574dbcd77f4577665489d9eacc0d1bfed336975f04bea71ee3611a7abcbbb7
                                                                                      • Instruction ID: 0e52661b4322288f7be27564d9e684f719a56959a51a40970425742e5447ac0a
                                                                                      • Opcode Fuzzy Hash: 72574dbcd77f4577665489d9eacc0d1bfed336975f04bea71ee3611a7abcbbb7
                                                                                      • Instruction Fuzzy Hash: B7F0C474910158DFDB11DF68E494BA8B7B2FB49311F6040EAE849A3345CBB9AEC4CF05
                                                                                      Function 05158B08 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 59fcefb79c0f6a84709cba63701ef1437aac3d04c3166fa80c8eb206d40b38f3
                                                                                      • Instruction ID: 5edec78248ee17f2f65df9eaaa507dd5c4cfa04a85e37e5bfc2b821b4157b1c3
                                                                                      • Opcode Fuzzy Hash: 59fcefb79c0f6a84709cba63701ef1437aac3d04c3166fa80c8eb206d40b38f3
                                                                                      • Instruction Fuzzy Hash: 05F06D34A05118DFDB10DF58E894B9DBBB2FB44311F1000A9E819A3388CB396E88CF01
                                                                                      Function 05159AA8 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 35e2f4d83b758332d23a3c4aeaa227dde133926a96c253513a9c2136e1b8f254
                                                                                      • Instruction ID: 57a8649b301a062d06714503664f2cc2a840d964f13e91d06d901764761d7c44
                                                                                      • Opcode Fuzzy Hash: 35e2f4d83b758332d23a3c4aeaa227dde133926a96c253513a9c2136e1b8f254
                                                                                      • Instruction Fuzzy Hash: 75F0F275E04208DFCB94DFA8D485BADBBF0FB4A210F1881AAC819A3715D3359A12DB41
                                                                                      Function 04F76141 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3908d6d577d30660e249923bc5114d2c48afce6f1c6b23ca095bf32b364fbcb1
                                                                                      • Instruction ID: 6fe454b9fb6aa89878a66e162d949dec4c1afc0fb639b6a06d05728e9eac137b
                                                                                      • Opcode Fuzzy Hash: 3908d6d577d30660e249923bc5114d2c48afce6f1c6b23ca095bf32b364fbcb1
                                                                                      • Instruction Fuzzy Hash: CFF08CB8D08208AFC704CF94C4446ADBBB0AB48300F1081AAD80453242D635AA52EB80
                                                                                      Function 05048DB9 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 83b1db8b88db20599aba9e47b745cf992b8363bd1be23883ca8175afc2658ddc
                                                                                      • Instruction ID: dc18868afb393a43ac8c837064894d6e30b28e7bf2311b11409344700a671305
                                                                                      • Opcode Fuzzy Hash: 83b1db8b88db20599aba9e47b745cf992b8363bd1be23883ca8175afc2658ddc
                                                                                      • Instruction Fuzzy Hash: D9F03939908108EFCB00DF94E850BADBFB1FB59311F24C2A9EC0856220C3329A62EB50
                                                                                      Function 0504545A Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad2a8e4ffcb891c07fdbd28c17af6c0e245b55501098cddf73e29b90fb0968e8
                                                                                      • Instruction ID: 15d7113f4e48342908df2a15fa8aced97a55076faf76e34ae174b5906965575e
                                                                                      • Opcode Fuzzy Hash: ad2a8e4ffcb891c07fdbd28c17af6c0e245b55501098cddf73e29b90fb0968e8
                                                                                      • Instruction Fuzzy Hash: 14F0F4B4904628EFDB40EF98F888BAD77B2FB45715F145169E008A7388CB78B8458F50
                                                                                      Function 0504FF78 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ba940a6ec0da1390fcffc40fa50e70f8aab63e3781e874cce399156f5e77dd7
                                                                                      • Instruction ID: 7778d08a5e36df01a0cb28482f96002a1d8356285c32dc4cf0e045c3038ecaac
                                                                                      • Opcode Fuzzy Hash: 3ba940a6ec0da1390fcffc40fa50e70f8aab63e3781e874cce399156f5e77dd7
                                                                                      • Instruction Fuzzy Hash: 9FE012313002169BC7149A1AE885C4FFF9ADFC0365710953DA10A87525DEB4AD4686D0
                                                                                      Function 05048669 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9105d7bf3b97b159bf651078dcb36ee17c921a0f1619ed160fd86227fe8f91d3
                                                                                      • Instruction ID: d7972e281fe703dba4d20751caeb90d075d18dee3106cf0cf72a9f3bbf8c03e2
                                                                                      • Opcode Fuzzy Hash: 9105d7bf3b97b159bf651078dcb36ee17c921a0f1619ed160fd86227fe8f91d3
                                                                                      • Instruction Fuzzy Hash: 93E092B8808214EFC740CFA4E881BBDBBB5FB45314F10C6A9D91957391D7318E42DB80
                                                                                      Function 05042A28 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60110aa7e8fcc1b0604de2df55ba584e437f4ac8bebfcb91774494d93314b75d
                                                                                      • Instruction ID: 6d411156dbf7e5e58f1652959e1e15e9c2817f505e5e508cd3f4bb77b81434fe
                                                                                      • Opcode Fuzzy Hash: 60110aa7e8fcc1b0604de2df55ba584e437f4ac8bebfcb91774494d93314b75d
                                                                                      • Instruction Fuzzy Hash: B9E06D79A05208EBD750DFA4E8417ADBBB4FB55314F1081A9EC0463311D7319E92EB40
                                                                                      Function 0513E060 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7cc03da101cb1bf086b4b88be43455b98ec704e9d3b43dd7d85deefeb56ce38
                                                                                      • Instruction ID: 557200d35243b5c66d53dc3195a941b73af5b34fcc99ebd4d2b23d675469edd4
                                                                                      • Opcode Fuzzy Hash: d7cc03da101cb1bf086b4b88be43455b98ec704e9d3b43dd7d85deefeb56ce38
                                                                                      • Instruction Fuzzy Hash: 4AF03974908248EFCB44CFA8C851BADBBF9BB49200F14C29AEC5893341C7319A51EF50
                                                                                      Function 0513C8A8 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 56fed4d99f81ce0ed18920dae48df3e113de72d44440f74f5f9a6347a24bee43
                                                                                      • Instruction ID: 473e7c375842c82c282e506db3c19d75f49d2c20e251ca3da7a6940902d22598
                                                                                      • Opcode Fuzzy Hash: 56fed4d99f81ce0ed18920dae48df3e113de72d44440f74f5f9a6347a24bee43
                                                                                      • Instruction Fuzzy Hash: DEE06D7580E2489FC705DBA0E9566A9BF75BF46204F1941DAC80477392C731AF06D791
                                                                                      Function 05159420 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7872921c2c59007465d91e21da86dcd7c053774753dbb4d095e948a95dc8dddd
                                                                                      • Instruction ID: 65f9ad05af1b8c6f9cef60767e178837ac0ecce073d0a050ae66a6ff5f0c21f3
                                                                                      • Opcode Fuzzy Hash: 7872921c2c59007465d91e21da86dcd7c053774753dbb4d095e948a95dc8dddd
                                                                                      • Instruction Fuzzy Hash: 99E06D75904208EFC740DFA8D9817A8B7F4FB08201F148198CC08C7300E7719E41DB41
                                                                                      Function 04F75F69 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ecc0612b3083f9ce6333f7873e90d47a8fe6b8e9ab3a92c53d682513a117f954
                                                                                      • Instruction ID: 12d8b78bc007196fafbd93f5d1efeb5bb1bca2d83443fa7d3105cadff42d93cb
                                                                                      • Opcode Fuzzy Hash: ecc0612b3083f9ce6333f7873e90d47a8fe6b8e9ab3a92c53d682513a117f954
                                                                                      • Instruction Fuzzy Hash: C5F015B4A19688DFC740DF78C45979C7FB0BB0A201F5105D6DA05C7662D2349A84CB01
                                                                                      Function 05046531 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a765c0e89699a2fcb6c3ecb8e40c5c4b71d525d77908fc4568051955f2edcba
                                                                                      • Instruction ID: 5b168bb4e9b0751c27e4a2774ec22266c8e03c1df4993dca4a90f1a7d7be26ff
                                                                                      • Opcode Fuzzy Hash: 1a765c0e89699a2fcb6c3ecb8e40c5c4b71d525d77908fc4568051955f2edcba
                                                                                      • Instruction Fuzzy Hash: 4CF0A0B4A04285AFCB45CFA8D44066CBFB1FB46310F508699C85A97292D7729A42DF45
                                                                                      Function 05043C28 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd7a0282a190d2d50c162057532f9bd1865d23b37d476dc09123b3c050e3ac90
                                                                                      • Instruction ID: 4958ee95955a3f71697f07b404bf38be8b8eac985132e3263d95aa3874bad953
                                                                                      • Opcode Fuzzy Hash: fd7a0282a190d2d50c162057532f9bd1865d23b37d476dc09123b3c050e3ac90
                                                                                      • Instruction Fuzzy Hash: 1AF03974D08258AFCB40CFA4E4503ACBBF4FB45210F1482AAD84993341D7356E41DF40
                                                                                      Function 0504B938 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f218dd0029ab65dd19958217edfdf848bff0efb69f63ba7bba5b1716105cfed9
                                                                                      • Instruction ID: 36c088670c8c37a198c2a4612005a0570fc59f7a8d3a32c372122a04e35c4cdd
                                                                                      • Opcode Fuzzy Hash: f218dd0029ab65dd19958217edfdf848bff0efb69f63ba7bba5b1716105cfed9
                                                                                      • Instruction Fuzzy Hash: 1BF09279904208AFCB95DFA8D840AADBBB5FB48300F10C1AA9C1993351D6359A51EF40
                                                                                      Function 05042258 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 972e41c6a12e703444d96313ce8c551e4ffe4c5d2b4ac4c681e1eec6981c3056
                                                                                      • Instruction ID: 0dbe307369634fcff31fdf33a910beded8aeb8304e4c0d0ccc9ed731fbca2302
                                                                                      • Opcode Fuzzy Hash: 972e41c6a12e703444d96313ce8c551e4ffe4c5d2b4ac4c681e1eec6981c3056
                                                                                      • Instruction Fuzzy Hash: 43E02278608286AFC305CB10E58566C7F31FB56314F0087A8C8454B293CA328E03DA40
                                                                                      Function 0513DC20 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5185897010e224beee146d43345682b8552b9434acc2516207f64c44ac89cb8f
                                                                                      • Instruction ID: ff70bbfa2daa06dae49ab16eb1e2059769dfed6e32d76f29f4b191e3840503e7
                                                                                      • Opcode Fuzzy Hash: 5185897010e224beee146d43345682b8552b9434acc2516207f64c44ac89cb8f
                                                                                      • Instruction Fuzzy Hash: 7CF0397560C2808FC766D7A8D8926A87FF0AB46124B1947CAC8A59B2E3D7758E43D702
                                                                                      Function 05156325 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e8024f9d0b4a55944fc344ff0a58f4e5aa44b92de531a1cb82083845e6c9c3dc
                                                                                      • Instruction ID: 574aeb359df9d9273ae7a8b515b7d53fd80402c6d2ec217ed34be6c0ecb6235d
                                                                                      • Opcode Fuzzy Hash: e8024f9d0b4a55944fc344ff0a58f4e5aa44b92de531a1cb82083845e6c9c3dc
                                                                                      • Instruction Fuzzy Hash: 7CF0F474E10218CFDB64CF68D884B9CB7B2FB09311F5041A9E418A3355CB34AD85CF40
                                                                                      Function 05156D51 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 66ef30828407b628a13e5d00074df3b9c9fcff9691581faa11d58e9bf60e13e7
                                                                                      • Instruction ID: 784e797d7f6e9029660a22817b8796e639a2ce0fedb9d44b7be1bb66fbc617cf
                                                                                      • Opcode Fuzzy Hash: 66ef30828407b628a13e5d00074df3b9c9fcff9691581faa11d58e9bf60e13e7
                                                                                      • Instruction Fuzzy Hash: 6CF0BE38A04284EFCB15CF54C840A9CFFB1FB46320F50828ADCA48B291C3318E42DB41
                                                                                      Function 05156D60 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 86cb4f4dbfd3ff1c39b1b870ab0e2761c15676d85afeee784bcc318768a859c5
                                                                                      • Instruction ID: 87696fea20d1372f28ac6da442510f0e903eae2241a7e460b6f6a0c38af1ecc7
                                                                                      • Opcode Fuzzy Hash: 86cb4f4dbfd3ff1c39b1b870ab0e2761c15676d85afeee784bcc318768a859c5
                                                                                      • Instruction Fuzzy Hash: B0F01538D04208EFCB94DFA8C840AACFBB5FB48310F50C1AA9C5893310D7319A51DF80
                                                                                      Function 05154A31 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e117f29f6924f1dead9780997d8ef961ccc38b786e64e6dc7fc412f8fc67b2f
                                                                                      • Instruction ID: 4bf5788a97dcdeb73fcc0ca620255f887dcc8e6711ba4106ca8dbc5c5fcd1212
                                                                                      • Opcode Fuzzy Hash: 6e117f29f6924f1dead9780997d8ef961ccc38b786e64e6dc7fc412f8fc67b2f
                                                                                      • Instruction Fuzzy Hash: 75F0AE74E04208EFCB84DFA8D9417A8B7B4FB49214F10C2AA982997351E7719E46DB84
                                                                                      Function 05046540 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e87bd57ed32640225e8917ae3baa9e9f3ab270e83c184fe53ef789b416d73ff
                                                                                      • Instruction ID: 02703f0de69fb3e8de25e754b699cc607128ff3202700837ad08847c5f8a4494
                                                                                      • Opcode Fuzzy Hash: 9e87bd57ed32640225e8917ae3baa9e9f3ab270e83c184fe53ef789b416d73ff
                                                                                      • Instruction Fuzzy Hash: AEE0C9B4D04248EFCB84DFA8D4446ADBBF5FB49300F50C1A9981993355D7329E51DF40
                                                                                      Function 05042408 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb6c7bc3b8a3a334c41964ad06d50185f1b61d8332fea101851cfdd136a1ad37
                                                                                      • Instruction ID: 97f3abdbdc3d6f547485ee7a6711f97f0747f89dc416a0d241f2ad48eedf01f8
                                                                                      • Opcode Fuzzy Hash: cb6c7bc3b8a3a334c41964ad06d50185f1b61d8332fea101851cfdd136a1ad37
                                                                                      • Instruction Fuzzy Hash: 28E0227834A285AFC705CB10D4806AC7F32FB56304F488698DC4947292CA324D03CA44
                                                                                      Function 05041C57 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81471981c3e46452d019c133c8d8204b254bf488b27168c9fddb53f45dd870a5
                                                                                      • Instruction ID: f9d2a6e6ae45ec05e577b1076d403db4a288d303fcc7eb261273932e21a63ff6
                                                                                      • Opcode Fuzzy Hash: 81471981c3e46452d019c133c8d8204b254bf488b27168c9fddb53f45dd870a5
                                                                                      • Instruction Fuzzy Hash: 1FF0ACB4A156188FCB44DFA8D595AAEB7F1EF89300F215129D50AEB388D770AD82CF50
                                                                                      Function 0504261F Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6661957bbc47785161bd3278dd3ff536aa5951313df69a321cf672556a3b6abc
                                                                                      • Instruction ID: 9a78a8fb9bf34d310075b68649c865a2c2e79ca7e8930c1f596035b85bef3f7c
                                                                                      • Opcode Fuzzy Hash: 6661957bbc47785161bd3278dd3ff536aa5951313df69a321cf672556a3b6abc
                                                                                      • Instruction Fuzzy Hash: 30F0ED79904208EFCB44DF94D840AACBBB1FB49310F10C1A9EC1997351C7329E52EF40
                                                                                      Function 05041E93 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7257b6d6862d62545f1db9f27643423442d3dfb9d61919533cc94af103d8058
                                                                                      • Instruction ID: b58ee26ba566ac9ce21b71097d0d6a33237d4f4a38d4ce32eb0b7f16631333ef
                                                                                      • Opcode Fuzzy Hash: d7257b6d6862d62545f1db9f27643423442d3dfb9d61919533cc94af103d8058
                                                                                      • Instruction Fuzzy Hash: 0FF01CB4A15608CFCB44DFA8D191AAEB7F1EF48300F20002AD50AE7388D770AD82CF40
                                                                                      Function 05041E9F Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da6c210a420ffb0f69eec60481df2494824db8d5c7a1034fd9d2af41a1e3b353
                                                                                      • Instruction ID: b58ee26ba566ac9ce21b71097d0d6a33237d4f4a38d4ce32eb0b7f16631333ef
                                                                                      • Opcode Fuzzy Hash: da6c210a420ffb0f69eec60481df2494824db8d5c7a1034fd9d2af41a1e3b353
                                                                                      • Instruction Fuzzy Hash: 0FF01CB4A15608CFCB44DFA8D191AAEB7F1EF48300F20002AD50AE7388D770AD82CF40
                                                                                      Function 05041E99 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e51009989ecdbf18e3c8dbd1b8efa9f0713ab8dd52aefd7496a1b0b8e84b9ca
                                                                                      • Instruction ID: b58ee26ba566ac9ce21b71097d0d6a33237d4f4a38d4ce32eb0b7f16631333ef
                                                                                      • Opcode Fuzzy Hash: 9e51009989ecdbf18e3c8dbd1b8efa9f0713ab8dd52aefd7496a1b0b8e84b9ca
                                                                                      • Instruction Fuzzy Hash: 0FF01CB4A15608CFCB44DFA8D191AAEB7F1EF48300F20002AD50AE7388D770AD82CF40
                                                                                      Function 0504BB10 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e87bd57ed32640225e8917ae3baa9e9f3ab270e83c184fe53ef789b416d73ff
                                                                                      • Instruction ID: 5124470c75f0a798b864095345e5dd62a2bb7e69ffea1d61f5c83a72009bc4bb
                                                                                      • Opcode Fuzzy Hash: 9e87bd57ed32640225e8917ae3baa9e9f3ab270e83c184fe53ef789b416d73ff
                                                                                      • Instruction Fuzzy Hash: 32E0AEB8E04208AFCB84DFA8D844AADBBF5BB48300F10C1AA9819A3351D6719A51DF80
                                                                                      Function 0504AB70 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e87bd57ed32640225e8917ae3baa9e9f3ab270e83c184fe53ef789b416d73ff
                                                                                      • Instruction ID: 94f72c74de72a3e399f751e1fe34d32704a14e48ebe2f9f8df278318a856a512
                                                                                      • Opcode Fuzzy Hash: 9e87bd57ed32640225e8917ae3baa9e9f3ab270e83c184fe53ef789b416d73ff
                                                                                      • Instruction Fuzzy Hash: 5DE0C9B8E04208EFCB84DFA8D440AADBBF6FB48310F10C1A9981993351D7359E51DF80
                                                                                      Function 05041A04 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 40c35c33025ad77dd26f6121ccf7f35a581b784a47d291bc57431a0fbe8c4874
                                                                                      • Instruction ID: f9d2a6e6ae45ec05e577b1076d403db4a288d303fcc7eb261273932e21a63ff6
                                                                                      • Opcode Fuzzy Hash: 40c35c33025ad77dd26f6121ccf7f35a581b784a47d291bc57431a0fbe8c4874
                                                                                      • Instruction Fuzzy Hash: 1FF0ACB4A156188FCB44DFA8D595AAEB7F1EF89300F215129D50AEB388D770AD82CF50
                                                                                      Function 0532D9D8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction ID: 94f9bae012b74112463841b89ad734b72efde1b30dd090cc67646b497a799585
                                                                                      • Opcode Fuzzy Hash: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction Fuzzy Hash: EEE0C974D04208EFCB44DFA8D4406ADBBF5FB48300F10C6A99C0A97351D7719A52DF40
                                                                                      Function 053120E2 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc3c1e7309ec8a6e27e0301cf3790d2317ee5413d6da1f6cd7e7a9ca4fede1a1
                                                                                      • Instruction ID: 2798f5236c2fa7aa26b19ddf84e533e34bce000016b5ecb84a20627935b1fbcf
                                                                                      • Opcode Fuzzy Hash: fc3c1e7309ec8a6e27e0301cf3790d2317ee5413d6da1f6cd7e7a9ca4fede1a1
                                                                                      • Instruction Fuzzy Hash: 4FF03A74601228CFCB24EF58DC94A8AB7B6FB48301F0191E6E51DA3348CB346E818F50
                                                                                      Function 0532DCE8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction ID: bc7483a507ed03317e32ed3ed8f1c656a3214a9357c564e013a39fa9062f1b39
                                                                                      • Opcode Fuzzy Hash: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction Fuzzy Hash: CCE0C974D04608EFCB44DFA8D4406ADBBF5FB88301F10C5A9980993351D7719A52DF40
                                                                                      Function 0532BF88 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction ID: ff2bfb4a1995c24ec333d224131e2c6c191fd58bb0fb08349691a607ca4dd9d9
                                                                                      • Opcode Fuzzy Hash: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction Fuzzy Hash: EEE0C278E08208EFCB44DFA8D850AADFBF5FB48300F10C1AA9819A3351D7719A51DF90
                                                                                      Function 05325EB8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction ID: 5ba87e8d14c58605e76a221a82872581600976caaf5e215ed26180e4ebfb1915
                                                                                      • Opcode Fuzzy Hash: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction Fuzzy Hash: 8AE0C278E05208EFCB54DFA8D941AADBBF9FB48300F20C1AA9809A7351D7719B51DF80
                                                                                      Function 0532AAA0 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction ID: 2035e0305ef270a1322fcfdd407a9cc1b9bce0c49044649200165d6cafd09a2d
                                                                                      • Opcode Fuzzy Hash: 9172a0f1068296a1e3ea98073c4619f935d0d96078aa4cdd1c4f283980d7c2b2
                                                                                      • Instruction Fuzzy Hash: 73E0AE78E04208AFCB84DFA8D940AADBBF5BB48300F14C1AA9819A3351E6719E51DB80
                                                                                      Function 0515FBA8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23f646ce4aa1e9cd75368011b59717a2db1bf3a7c6f778607bcbd058ef358fdf
                                                                                      • Instruction ID: 2380a5c9f726bece617ce2673d6bf1461bf2fa8fb564d509428ac40310bef81f
                                                                                      • Opcode Fuzzy Hash: 23f646ce4aa1e9cd75368011b59717a2db1bf3a7c6f778607bcbd058ef358fdf
                                                                                      • Instruction Fuzzy Hash: 1EE07D30708318CFC7206D7088607663299EB446B4F100865EF15DF2C0CF71EC038392
                                                                                      Function 05157A98 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3374707e9c46f9e20c77c84be43aab1de562ac08b123ba370f0a025e5e0b0842
                                                                                      • Instruction ID: 1716f916a5828c2a53407564492f4adaae6749b2f04cc0b20f5f82388b08272e
                                                                                      • Opcode Fuzzy Hash: 3374707e9c46f9e20c77c84be43aab1de562ac08b123ba370f0a025e5e0b0842
                                                                                      • Instruction Fuzzy Hash: DAE06D35908204EBCB04DBA4D8847ACBBB5FB55320F149369E824533A0E7319E42DA40
                                                                                      Function 05048DC8 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d6d9019bbeb6526d928a3156a2239b8df7a3f625fc8ffb14a91f15eb3054dfa
                                                                                      • Instruction ID: c582c43b92f8241547226106f16c2c064f431422ac51c0be69753bfc2a7cfe0e
                                                                                      • Opcode Fuzzy Hash: 4d6d9019bbeb6526d928a3156a2239b8df7a3f625fc8ffb14a91f15eb3054dfa
                                                                                      • Instruction Fuzzy Hash: 64E01A79909608EBCB04DF94E840AADBBB5FF59300F10C5A9EC0517351C7329E61EB80
                                                                                      Function 050426B8 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d6d9019bbeb6526d928a3156a2239b8df7a3f625fc8ffb14a91f15eb3054dfa
                                                                                      • Instruction ID: 74d96f039e5bfa5c633f43de5cd5a8bc5b1a604910c5268dcbca4e44db6b32cd
                                                                                      • Opcode Fuzzy Hash: 4d6d9019bbeb6526d928a3156a2239b8df7a3f625fc8ffb14a91f15eb3054dfa
                                                                                      • Instruction Fuzzy Hash: CAE0127960410CEBCB04DF94D840AADBB75FB49310F108159EC0517351C7329E61EF40
                                                                                      Function 05042908 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 15080d8d68f175ae386def42560b29641ef7c80434b19629dd0f482e947df1a5
                                                                                      • Instruction ID: 7edadfba06623f0b5190015033f1a5762fc862a1c098e074e91829787a1eae2c
                                                                                      • Opcode Fuzzy Hash: 15080d8d68f175ae386def42560b29641ef7c80434b19629dd0f482e947df1a5
                                                                                      • Instruction Fuzzy Hash: 7DE0C278E04208EFCB84DFA8E4407ACBBF4FB48200F5085E99809A3341D6319E42DF40
                                                                                      Function 05041948 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: abcbfe0e8d479699a17975275c78ce6f3571f982acc598ad32cbe097ab4b7719
                                                                                      • Instruction ID: dc5234ad2fc6f249557b3ce24d5ef92ec2cc9b115a0dc740171fb20e7bf78956
                                                                                      • Opcode Fuzzy Hash: abcbfe0e8d479699a17975275c78ce6f3571f982acc598ad32cbe097ab4b7719
                                                                                      • Instruction Fuzzy Hash: 0DE0E5B4D08208AFCB84DFA8D4407ACBBF4FB49200F10C1AAD859A3341D6359E41DF50
                                                                                      Function 0513FF90 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ea6f841d88528fa49c73bdfc73fcf3ff263d990f60e2fc04be29d8730cb07410
                                                                                      • Instruction ID: 36c22bfd09b6d1c355fe0e0feef23638894f6c9d80c539bf6d6725a9be48dc8d
                                                                                      • Opcode Fuzzy Hash: ea6f841d88528fa49c73bdfc73fcf3ff263d990f60e2fc04be29d8730cb07410
                                                                                      • Instruction Fuzzy Hash: 6CE06D369082859FC750CBA8D8857A8BBE0FB06314F2442C9CC188B292D7395E53C741
                                                                                      Function 0513B298 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0d41c0543c16d49bf8fe6e66588daa890ab4fc5812d093d30d47244e54bc348d
                                                                                      • Instruction ID: fd9115132a2a96fb6b761950555a7fba280e58f88892ebe031e34ffb86059099
                                                                                      • Opcode Fuzzy Hash: 0d41c0543c16d49bf8fe6e66588daa890ab4fc5812d093d30d47244e54bc348d
                                                                                      • Instruction Fuzzy Hash: 6FE0E574E08208EFCB44DFA8D4516ACBBF5FB49200F10C2A9880993351EB31AE42DF80
                                                                                      Function 05156700 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fe8c23ab9d275ec1d1a504a5775cbbd56fc633ada248a244dba1504fd1a2949
                                                                                      • Instruction ID: 32106f0501806fe28fbca9bc9e5e091ba7f561334134995892e4c25ebb0157cb
                                                                                      • Opcode Fuzzy Hash: 7fe8c23ab9d275ec1d1a504a5775cbbd56fc633ada248a244dba1504fd1a2949
                                                                                      • Instruction Fuzzy Hash: BCE0E578E04208EFCB94EFA8D4406ACBBF5FB48210F5081AA8C2993351D7359E41DF80
                                                                                      Function 051566F0 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 80058f96cd655071b8a873d72b35f21b7f5d1f0ad6008af0c5f473c3197efce5
                                                                                      • Instruction ID: 7842ba90c574cbbda4d2feb0fba49b4fc88121828ce9aabfacbc706f3e24d7d3
                                                                                      • Opcode Fuzzy Hash: 80058f96cd655071b8a873d72b35f21b7f5d1f0ad6008af0c5f473c3197efce5
                                                                                      • Instruction Fuzzy Hash: DFF0E574A08284DFCB24CFA4D49066CBFB1BB46320F2082DACC75CB2A2C7354E06CB45
                                                                                      Function 0515B389 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7afd794825f1b2805551f6d5504bde2eb1d1e5096369dc2a0377d232cd8810e2
                                                                                      • Instruction ID: 164b591cc71bf85242a33b792fe846542c63a535e46afecafd589034c75e81bf
                                                                                      • Opcode Fuzzy Hash: 7afd794825f1b2805551f6d5504bde2eb1d1e5096369dc2a0377d232cd8810e2
                                                                                      • Instruction Fuzzy Hash: 2FE04F71A00209EFDB14DFA4E95679DBBF9E784310F208299E908D3704DE396F029BA1
                                                                                      Function 0515A830 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fe8c23ab9d275ec1d1a504a5775cbbd56fc633ada248a244dba1504fd1a2949
                                                                                      • Instruction ID: 1c9f7617928eba7bb98bf19187c955a099f6d7500241dddb37465a21fcb2aa07
                                                                                      • Opcode Fuzzy Hash: 7fe8c23ab9d275ec1d1a504a5775cbbd56fc633ada248a244dba1504fd1a2949
                                                                                      • Instruction Fuzzy Hash: EFE0E574E04208EFCB84DFA8D4816ACBBF4FB48215F1082AD8C2993341E7319E42DF40
                                                                                      Function 05159AB8 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fe8c23ab9d275ec1d1a504a5775cbbd56fc633ada248a244dba1504fd1a2949
                                                                                      • Instruction ID: 1d6e6e14c5e418dda75bd1705e422a757a60d8b7b2c8fc88127d1e9f553c2ae2
                                                                                      • Opcode Fuzzy Hash: 7fe8c23ab9d275ec1d1a504a5775cbbd56fc633ada248a244dba1504fd1a2949
                                                                                      • Instruction Fuzzy Hash: 53E0E574E04208EFCB44DFA8D4406ACBBF4FB49210F14C1A98C19A3341D731AE42DF81
                                                                                      Function 04F7E8D0 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c27fc0b44626934617f870a6fe855dd21f780e1ebc85af561612371b3473ce72
                                                                                      • Instruction ID: e66e2d6fdfe6f59e79bb76cee2f35113b78b3dd9ec0faa147a9b2b5ef8110adf
                                                                                      • Opcode Fuzzy Hash: c27fc0b44626934617f870a6fe855dd21f780e1ebc85af561612371b3473ce72
                                                                                      • Instruction Fuzzy Hash: 1FE0E574E04208EFCB84DFA8D8406ACBBF4FB48300F5081EA981893341D739AE42DF40
                                                                                      Function 05048678 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 98f9b511f53d411d546dda1d801fcc6a94dfee8278c0dfabb06fcccf7e9fd110
                                                                                      • Instruction ID: 9993d47a593f6c5733268fd291d3d254a6459d39162f50462e63ca8e31d4cd38
                                                                                      • Opcode Fuzzy Hash: 98f9b511f53d411d546dda1d801fcc6a94dfee8278c0dfabb06fcccf7e9fd110
                                                                                      • Instruction Fuzzy Hash: 3CE04FB8908208ABC744DF94E940A6DBBB9BB45300F10C5A9D94557381C6319E41DB90
                                                                                      Function 0513ED9F Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 56ea9e994973619c926604b4348f8b6892028f0d27cc033dfd1447c735d929ac
                                                                                      • Instruction ID: 4210e8ac54759dfb77b9f31cc014483bd80fd0fdb481d27a240bc7395d4b5c7c
                                                                                      • Opcode Fuzzy Hash: 56ea9e994973619c926604b4348f8b6892028f0d27cc033dfd1447c735d929ac
                                                                                      • Instruction Fuzzy Hash: 90E0DF76800244ABD701EBB4BC1039E3BA5BB02200F8002918881572A1EF705E01E7A1
                                                                                      Function 05159129 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7f63adb47565210c5ca1ddf3c417eff9db4cbafefaded504a97038b3e5cd37d1
                                                                                      • Instruction ID: ec0f65abf34c09af81f57522ed8c567bfd8d4980280f65faad64181a366c7739
                                                                                      • Opcode Fuzzy Hash: 7f63adb47565210c5ca1ddf3c417eff9db4cbafefaded504a97038b3e5cd37d1
                                                                                      • Instruction Fuzzy Hash: 61F05E74908208EFCB50DF68D098B9CBBB1FF09310F6001A5E428A7345CB745888CF02
                                                                                      Function 051593D9 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f57271c84e2ce7e4bfe8795e9b0a1e1b6a30660b8c8f95450310e3fbe14b1be
                                                                                      • Instruction ID: 2733e0afc135e627e817ef474a5bd0fd681f7b2373e78a865932901746eec1b4
                                                                                      • Opcode Fuzzy Hash: 6f57271c84e2ce7e4bfe8795e9b0a1e1b6a30660b8c8f95450310e3fbe14b1be
                                                                                      • Instruction Fuzzy Hash: 5EE08C76900244EFE740EFB4E940BAE3BF8FB45305F8016A6CD41A3360EB309A44EB52
                                                                                      Function 0515B3CF Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52214a789f0fc9e41b9060531457e2213b948dad2a264b699a8d8c31b465042f
                                                                                      • Instruction ID: 880e3a572d85a03ac141442d4264a1d73c26c85d21d0089bb9aed70c662b7c50
                                                                                      • Opcode Fuzzy Hash: 52214a789f0fc9e41b9060531457e2213b948dad2a264b699a8d8c31b465042f
                                                                                      • Instruction Fuzzy Hash: 9FE09A34A00208DFC744DBB8EA927AE7BF0EB84300FA04599D0489BA40EA341A0A9B80
                                                                                      Function 04F76150 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c0603c6e75730543f954a9ea42507e8b37cd10be48ec02cbec2e50a384298f9b
                                                                                      • Instruction ID: 08417433d4f3e3dae95730786ad84c3afbca0404e4b4b5a9fd7bb4c0b35ce996
                                                                                      • Opcode Fuzzy Hash: c0603c6e75730543f954a9ea42507e8b37cd10be48ec02cbec2e50a384298f9b
                                                                                      • Instruction Fuzzy Hash: 77E0E578D04208AFCB04DF94D444AADBBB5AB49310F1081AA9C4493352DA75AA52EB80
                                                                                      Function 04F707F0 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d3d887e9368d66b68a5b15d858149b3a65243cdf66d640ccb93bbb580839800
                                                                                      • Instruction ID: b3a45278d7ebb6c27931492d5ea92a3b3e3b065291269a811b37d5c3ab23b4db
                                                                                      • Opcode Fuzzy Hash: 2d3d887e9368d66b68a5b15d858149b3a65243cdf66d640ccb93bbb580839800
                                                                                      • Instruction Fuzzy Hash: 8EE08679908208EFC704DFA4D840B7DBBB8BF45300F10819ADC4457381CB35AE42EB94
                                                                                      Function 05042418 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c02aa89d5ac7a29790cba5039e0a360734164aff9293dccbc5feff6e497996c
                                                                                      • Instruction ID: badbd01a809018875bd95e4b3307af03153125e492fd0ad5eb66870269680fca
                                                                                      • Opcode Fuzzy Hash: 0c02aa89d5ac7a29790cba5039e0a360734164aff9293dccbc5feff6e497996c
                                                                                      • Instruction Fuzzy Hash: C0E08678A08208EBC704DF94E840A6DBBB5FB99300F50C1A9DC0513351C7319E51DB80
                                                                                      Function 050427E0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3d7bf8cbe0f1c17158e19c2ab3fc0f4e0a59ac053b903c8fe82daa739cab7a7
                                                                                      • Instruction ID: 8336549d9cc4fc0c4fd8551799fb6f7ca35b108099f6adf434cbf1f9e5870cfc
                                                                                      • Opcode Fuzzy Hash: d3d7bf8cbe0f1c17158e19c2ab3fc0f4e0a59ac053b903c8fe82daa739cab7a7
                                                                                      • Instruction Fuzzy Hash: 5DE09A78E08208EFC744DF98D6416ADB7B5FB49304F1081A9D81997351D7719E41DF41
                                                                                      Function 05042A38 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c02aa89d5ac7a29790cba5039e0a360734164aff9293dccbc5feff6e497996c
                                                                                      • Instruction ID: 063df17ee4dd7521154ac8922b521a8ee6b25158c8f9ed2fb03f21af726e1b9e
                                                                                      • Opcode Fuzzy Hash: 0c02aa89d5ac7a29790cba5039e0a360734164aff9293dccbc5feff6e497996c
                                                                                      • Instruction Fuzzy Hash: 00E08678A08208EBCB04DF94E840A6DBBB9FB45300F1091A9DC0513351D7319E92EB80
                                                                                      Function 05042268 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c02aa89d5ac7a29790cba5039e0a360734164aff9293dccbc5feff6e497996c
                                                                                      • Instruction ID: 0f342fc392840604be18cbd20fede2eed6512ad61487c4478de1bb58c74ed9e4
                                                                                      • Opcode Fuzzy Hash: 0c02aa89d5ac7a29790cba5039e0a360734164aff9293dccbc5feff6e497996c
                                                                                      • Instruction Fuzzy Hash: 5AE08678908209FBC744DF94E944A6DBBB5FB45300F1083A9DC0513351C7319E51DB80
                                                                                      Function 0513FC48 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee27f5d660a86709f7729c8f2108c23849071ebe7ebca011d6082b98c5bbb5da
                                                                                      • Instruction ID: 8d70fe4f9eac448f5442c3fd6846a3de68b9a3306c58d724beefc2f7f72a2f07
                                                                                      • Opcode Fuzzy Hash: ee27f5d660a86709f7729c8f2108c23849071ebe7ebca011d6082b98c5bbb5da
                                                                                      • Instruction Fuzzy Hash: 70E08634D18208DFC744DFA8C481BACBBF4FB08214F1445A98C09D3351D731AE42CB41
                                                                                      Function 0513FFA0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee27f5d660a86709f7729c8f2108c23849071ebe7ebca011d6082b98c5bbb5da
                                                                                      • Instruction ID: a10f5896a0de61014c5bc83756ffc2d0147ae6a34af9659d4db97b350c8d05c2
                                                                                      • Opcode Fuzzy Hash: ee27f5d660a86709f7729c8f2108c23849071ebe7ebca011d6082b98c5bbb5da
                                                                                      • Instruction Fuzzy Hash: 17E01235904248AFC784EBA8C8817ACBBF8AB09200F2081A98C0993341E7359E42CB80
                                                                                      Function 0513B7C8 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee27f5d660a86709f7729c8f2108c23849071ebe7ebca011d6082b98c5bbb5da
                                                                                      • Instruction ID: c9817b29b2822d3d0ede7efcb1d21f1f6009f4370975e90e8e1388d340cc080d
                                                                                      • Opcode Fuzzy Hash: ee27f5d660a86709f7729c8f2108c23849071ebe7ebca011d6082b98c5bbb5da
                                                                                      • Instruction Fuzzy Hash: 51E0B678908248EFC784EFA8D9957ACBBF4FB49204F6081A9880D93391E7719E41DB41
                                                                                      Function 0513B9F0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc655722f66f2eab27e6a8ecea3d4425595f98e4c46a5f92d959f6ca84ab3483
                                                                                      • Instruction ID: a18d8a35e8240e35ef28278444f95c512f8eb3a89b95ceb32c80138f5233e6ea
                                                                                      • Opcode Fuzzy Hash: fc655722f66f2eab27e6a8ecea3d4425595f98e4c46a5f92d959f6ca84ab3483
                                                                                      • Instruction Fuzzy Hash: 2DE01238D08248AFCB04DBA8D8516ACBBB4BB89200F1082AACC5953341D7319E42DB80
                                                                                      Function 0513D3C0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9f95528f9be7948ba112c0ab56e9a7a5af8365bdc99767f21ef175f61e752c73
                                                                                      • Instruction ID: 1a8c5c5a1ef59d3e13f92ddeed12ec5e7c234bc06375563839b187e3c10f0c67
                                                                                      • Opcode Fuzzy Hash: 9f95528f9be7948ba112c0ab56e9a7a5af8365bdc99767f21ef175f61e752c73
                                                                                      • Instruction Fuzzy Hash: 48E09A386092809FC31ACB60E4A06A97B35AB42218B1495C8C88D8B2A2CA765D03CB01
                                                                                      Function 05328B50 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 92f8d3fb3a2cd9a4ee9342a8323fbf369b9fd02ae6a809c1816fb017fe9a291b
                                                                                      • Instruction ID: bb973d7ea74e3c0696c0673f33a0c4375726265f29c316739a4fcca4e66e7134
                                                                                      • Opcode Fuzzy Hash: 92f8d3fb3a2cd9a4ee9342a8323fbf369b9fd02ae6a809c1816fb017fe9a291b
                                                                                      • Instruction Fuzzy Hash: 07E01A74D08218EFCB04DF94D4406ACFBB4BB49200F1481A9881993341C6719E42DB44
                                                                                      Function 05159430 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b216ef1d8a4ccf8c335ae46f04f318dd69377bd6f484c80b1f3be4b07541c7c
                                                                                      • Instruction ID: a9f1228d4b48c74ae8ffbd8a8faeebb19e627097bfbad7ec3c2049738630f380
                                                                                      • Opcode Fuzzy Hash: 5b216ef1d8a4ccf8c335ae46f04f318dd69377bd6f484c80b1f3be4b07541c7c
                                                                                      • Instruction Fuzzy Hash: ACE04634904208EFCB84EFA8C9817ACBBF4BB08210F2081A98C0D93341E7319E41CB42
                                                                                      Function 05158DED Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: beec3d8524858b89bd13b6b65f5041e45326d6a48911c1bafc13cf9309cf5fd2
                                                                                      • Instruction ID: 9d2462cbcd3624ecbc6f8e07e5b911b53a2b3043b6af3b4f0999444dca544f5f
                                                                                      • Opcode Fuzzy Hash: beec3d8524858b89bd13b6b65f5041e45326d6a48911c1bafc13cf9309cf5fd2
                                                                                      • Instruction Fuzzy Hash: A0E0ED74E14648DFDB04DF59E09056CB7F3FB89321F618065E429A7358DB356885CF05
                                                                                      Function 051589FB Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2dc19c35e3e47541ec6e2cdd073228c748951d61ea76a36ac5a774673e6b08d9
                                                                                      • Instruction ID: 8511a18badb5a45bbcbca83dd44a1b4cd73560aec300ed4b7bbc0499540188e9
                                                                                      • Opcode Fuzzy Hash: 2dc19c35e3e47541ec6e2cdd073228c748951d61ea76a36ac5a774673e6b08d9
                                                                                      • Instruction Fuzzy Hash: E1F07F74A062288FCB24EFA8D99579DB7B2BB88300F1141DAA50DB3348D7346E81CF50
                                                                                      Function 05154A40 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c95e9c340145aeefd7669be4727aa6abd790de3cf59d8e61ec2616b3f5b8fca4
                                                                                      • Instruction ID: 7bea48088b013c23740ef36718e5e26f1e45689b569eacdf0a590943580ca985
                                                                                      • Opcode Fuzzy Hash: c95e9c340145aeefd7669be4727aa6abd790de3cf59d8e61ec2616b3f5b8fca4
                                                                                      • Instruction Fuzzy Hash: 76E09A74D04208EFCB44DF98D5416ACB7B5FB49314F1081A99C2957351D7719E41DB85
                                                                                      Function 04F79E01 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f64c9f60d0fcb0bdda0b9fde527f64329756d18b7b7e51d77f37b23fbf085c53
                                                                                      • Instruction ID: b9162dc50fab120ba15e7cb5ead6356466ecab633e3fe862fc5317d85838aa31
                                                                                      • Opcode Fuzzy Hash: f64c9f60d0fcb0bdda0b9fde527f64329756d18b7b7e51d77f37b23fbf085c53
                                                                                      • Instruction Fuzzy Hash: 16F0AA74A00228DFCBA09F24D88479ABBB0FB05305F1055EAD00DA2250EBB86AC58F05
                                                                                      Function 04F75F78 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7bf2e9a9f68ecc5f1cc0cb351e7fef12ada328ed30ae098aef4c8a69a04f78b9
                                                                                      • Instruction ID: 62a8d4b7d4649ac74eba1887acf7b5e3fee0f73b1700b39f066ecd8fc1aa1da4
                                                                                      • Opcode Fuzzy Hash: 7bf2e9a9f68ecc5f1cc0cb351e7fef12ada328ed30ae098aef4c8a69a04f78b9
                                                                                      • Instruction Fuzzy Hash: 4EE04678E14208EFC740EFA8C488BACBBF8BB09200F5001E9D808D7721E730AE40DB41
                                                                                      Function 04F73F20 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1bdfe0d88f29ebfd8ec1786613795303244284ec00a049db5a74fcb0e28f3f6
                                                                                      • Instruction ID: 6c2c46536ed2a603c3899893fcd13d9c3184c02304f28738f6e2f6b698362d1a
                                                                                      • Opcode Fuzzy Hash: c1bdfe0d88f29ebfd8ec1786613795303244284ec00a049db5a74fcb0e28f3f6
                                                                                      • Instruction Fuzzy Hash: 15E01278D09248AFCB08DBA8D4406ACBBB4AB89204F1082AA9C5857341D635AE42EB80
                                                                                      Function 050422F8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9421eff3c88199cbfd17e3a41e726a19924e7820d4c16941faf14e35ff6f5de
                                                                                      • Instruction ID: 6f07f33040db0cd95d5142557a63df73d77fdac119b2e660a32ebf8c45c631db
                                                                                      • Opcode Fuzzy Hash: d9421eff3c88199cbfd17e3a41e726a19924e7820d4c16941faf14e35ff6f5de
                                                                                      • Instruction Fuzzy Hash: 75E01278A08208DBCB14DF94E94167DBBB9FB45305F5082ADDC0917351CB719E52DB81
                                                                                      Function 0513EDB0 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1182ea17649e8866ca3e1015e1309dbc349758983e377a7d7dd2fa55f8e8160c
                                                                                      • Instruction ID: 5dbfd68b90d1d577bc1d5efe7255dc504b87bdb43b33af3b639b4b12b857bbd7
                                                                                      • Opcode Fuzzy Hash: 1182ea17649e8866ca3e1015e1309dbc349758983e377a7d7dd2fa55f8e8160c
                                                                                      • Instruction Fuzzy Hash: 99E0C275400208EBC700FFB4E40075E77B8FB05200F8006A5894193250EF705E00A761
                                                                                      Function 0513C8B8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f78baa9694ee8fe2ba8ae8371076679d566e24636d5eca1a63019339463bef1
                                                                                      • Instruction ID: b25de51ed9d9e6f3122450e3ff1bd6b33159199d736fa31895e4875dbb0618eb
                                                                                      • Opcode Fuzzy Hash: 2f78baa9694ee8fe2ba8ae8371076679d566e24636d5eca1a63019339463bef1
                                                                                      • Instruction Fuzzy Hash: 08E08C38908208EBC704DF94D84566CBBB8BB45304F1082D9880923341CB31AE42DB80
                                                                                      Function 0513D3D0 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f78baa9694ee8fe2ba8ae8371076679d566e24636d5eca1a63019339463bef1
                                                                                      • Instruction ID: 4bf54cee01cbafec3c540ca49f338f9cc58642cc5fe7f3e799469c821a5f9507
                                                                                      • Opcode Fuzzy Hash: 2f78baa9694ee8fe2ba8ae8371076679d566e24636d5eca1a63019339463bef1
                                                                                      • Instruction Fuzzy Hash: 19E01279908208DBC704DF94E991A7DBBB5FB45304F508299DC0917391C7719E42DB81
                                                                                      Function 0531518F Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a51033ca1ab9c95c9ac73a377909de77072098a4402fce3c4087168558c1abd
                                                                                      • Instruction ID: 53d6949ea6fe99729af03605851507bd4a99269acfd45dd5a520270ecb5295a1
                                                                                      • Opcode Fuzzy Hash: 2a51033ca1ab9c95c9ac73a377909de77072098a4402fce3c4087168558c1abd
                                                                                      • Instruction Fuzzy Hash: BDF01574A01119CFCB64DF28C884AA9B7B5FB48300F0180E5E809A7754CB30AE829F50
                                                                                      Function 0532E4F8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7cc42dcec22c83a06c2ee819871fbbd1b794ce68b1eefcfcee32de37eab5d47a
                                                                                      • Instruction ID: 76aa34eebabbbf1d44dbfe975f58f21c0622ae1a1c42c4bd7d2889e3f44335de
                                                                                      • Opcode Fuzzy Hash: 7cc42dcec22c83a06c2ee819871fbbd1b794ce68b1eefcfcee32de37eab5d47a
                                                                                      • Instruction Fuzzy Hash: DEE0EC78908208DBCB04DF94D94167DBBB9BB45304F6082AD880917351DB719E42EB81
                                                                                      Function 0515F721 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 61e36747a92455baa79393c2c82376eaa23d4bea05badf10070a89c7546fd368
                                                                                      • Instruction ID: 71653cbc3b651cdcef295cc906bb85478fe9057b00632c879d0468a1e16f4af2
                                                                                      • Opcode Fuzzy Hash: 61e36747a92455baa79393c2c82376eaa23d4bea05badf10070a89c7546fd368
                                                                                      • Instruction Fuzzy Hash: 0BD012F28092C05EE70357229A366193F28DF6334574A44DF94C08A067D2288902DB25
                                                                                      Function 051593E8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41dca25d2f584c400076cbe782fc4852d7b5f0e445a8077ea44428a3a6e72337
                                                                                      • Instruction ID: 814ebc7209a7a141787b553b8fb9a5d4e9c56f3e3836cd565276ead210bf7551
                                                                                      • Opcode Fuzzy Hash: 41dca25d2f584c400076cbe782fc4852d7b5f0e445a8077ea44428a3a6e72337
                                                                                      • Instruction Fuzzy Hash: 61E0C231900208EBD700EFF4D40075E77B8FB05300F8006A5894193350EF705A00E752
                                                                                      Function 04F7D1E8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8bf1bdac38997423427f92e75b934a5fe058dac2b00d4c8758de025893f86b62
                                                                                      • Instruction ID: c8f1a0b162a18626a06519b9c7878db9b9924f0da39a9fe8f9d4f3c9f5e65d49
                                                                                      • Opcode Fuzzy Hash: 8bf1bdac38997423427f92e75b934a5fe058dac2b00d4c8758de025893f86b62
                                                                                      • Instruction Fuzzy Hash: C1E0EC74D0524CEFD740EFA8D9457ADBBF4EB05301F5041A9890993350E7749E85DB41
                                                                                      Function 051314D0 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef369b8f4e87d5bdd0a36d7dcc82bd2baa1b20e230563ec53d391ddcdacda7cb
                                                                                      • Instruction ID: 4654e58770176b116c2cf3f6d47477ee62bdf42a7e0f9f52145feaba291186b1
                                                                                      • Opcode Fuzzy Hash: ef369b8f4e87d5bdd0a36d7dcc82bd2baa1b20e230563ec53d391ddcdacda7cb
                                                                                      • Instruction Fuzzy Hash: FCD05E327105228BDB34CF1EF852B9E37E6AB98700B159229E405D3714EF68ED078B80
                                                                                      Function 05137A5F Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8641901fb6c24749b5ae776074f3bfa020d3bd9f012bea5d1d5078878a4190ac
                                                                                      • Instruction ID: abd5a36876dffa12c96053ab165148893919e0f67e4078ac7b03cb4ba15feaa7
                                                                                      • Opcode Fuzzy Hash: 8641901fb6c24749b5ae776074f3bfa020d3bd9f012bea5d1d5078878a4190ac
                                                                                      • Instruction Fuzzy Hash: 6BE0EC3502D3C4AED3030BB8BC9878A7F649B1B351F1E80D2D5884A063D6695D16CBA2
                                                                                      Function 0515B3E0 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aeb888bd60fcd253c2a1d46c60aafe249fb0d24e3403e2386c9ce352db670f99
                                                                                      • Instruction ID: 2523aa7c7f1bc189a6379ee209ed538c43965896ab697141dc625acf3c66dff5
                                                                                      • Opcode Fuzzy Hash: aeb888bd60fcd253c2a1d46c60aafe249fb0d24e3403e2386c9ce352db670f99
                                                                                      • Instruction Fuzzy Hash: 84E01230A0130DEBDB44EFB4E95676FBBF9DB84200F508599E5089B640ED755F009BD0
                                                                                      Function 0513CC68 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b103efadedc097488458beb07141c441b9ec57f2861d7286384653317c5d4349
                                                                                      • Instruction ID: d5ad5969dd97f24640343db7b15dfb1d30885b6913b8be6f691cd14e6168d766
                                                                                      • Opcode Fuzzy Hash: b103efadedc097488458beb07141c441b9ec57f2861d7286384653317c5d4349
                                                                                      • Instruction Fuzzy Hash: FCD05E34509208DFC704CB94D851B6AB7A8FB46218F104598880A53361CB729E01D6C0
                                                                                      Function 0515B398 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d664e439accce70710cddfcf8a45df81d469c8a11eefb81cde4459867538cede
                                                                                      • Instruction ID: 64df3d94cacac07918e0cee1731b8123ffdb7fda663db9b971cb8f4b47a3e8eb
                                                                                      • Opcode Fuzzy Hash: d664e439accce70710cddfcf8a45df81d469c8a11eefb81cde4459867538cede
                                                                                      • Instruction Fuzzy Hash: B2E0C230A0020DEFCB00DFA8E40565DBBF9EB44300F104199D80CD3300DE311F009790
                                                                                      Function 05130FF8 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 340529f35c82afe323eba161cda37b54b6a5e7f8c2561a1d4fb218755eedc980
                                                                                      • Instruction ID: 7bdd795e1cf27bf53b88f1d311c5335eb6a8203aeee2d7d549c7ba02422e8fb9
                                                                                      • Opcode Fuzzy Hash: 340529f35c82afe323eba161cda37b54b6a5e7f8c2561a1d4fb218755eedc980
                                                                                      • Instruction Fuzzy Hash: 0AD01731104603DBDB29DB1CE884D8BBFA2EFC0300B04DE2EE15A5B524DFB4AD468B84
                                                                                      Function 051591F9 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 18270f6843c92656703ffa2659a7b7a5b781f315faf349cabfa99f7a7a28eb5e
                                                                                      • Instruction ID: 506686bbd5bb0b83a4900cae4b9614f71cc96bc35ca225d29dff4d9818c03be1
                                                                                      • Opcode Fuzzy Hash: 18270f6843c92656703ffa2659a7b7a5b781f315faf349cabfa99f7a7a28eb5e
                                                                                      • Instruction Fuzzy Hash: 39E0E534A062688FEB24EF24E869BADB6B2FB49301F5001E9950A63384CA346D80CF10
                                                                                      Function 05159278 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dddaec1fe2b8227beab334cb23411d5fda331cc4fb3b7937a3a4464e33a0e351
                                                                                      • Instruction ID: 5442670ae3e8b71fd707adc752f72d8c71f6d36b686f980f8fc5baccc4e6d855
                                                                                      • Opcode Fuzzy Hash: dddaec1fe2b8227beab334cb23411d5fda331cc4fb3b7937a3a4464e33a0e351
                                                                                      • Instruction Fuzzy Hash: DEE0E5309041248BCB54EB64D85479DB7B2EB49301F5085D9E41E63344CA356D89CF40
                                                                                      Function 05158D97 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a19353f97001138a7be737001eb26e9e8f1463be475a1c995591a29770dd7cc3
                                                                                      • Instruction ID: 0563e570b8aeba98aa576caaa96f98c044856d373b8578722f4dfb7fe0064691
                                                                                      • Opcode Fuzzy Hash: a19353f97001138a7be737001eb26e9e8f1463be475a1c995591a29770dd7cc3
                                                                                      • Instruction Fuzzy Hash: 69E01AB0900528CBDB24EF14D8987DDB7F2EB89302F1040E9950977384CB746DC48F11
                                                                                      Function 05158C4B Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3aec3b261ad2e2fa09d9e75d10932cdacebca318fd1e55c3f0dfbcdc06e8d0d7
                                                                                      • Instruction ID: f9ca4a575e2c3e4e4d6a9fca9307e897a71d584dea7bb3cb231748e9745c8689
                                                                                      • Opcode Fuzzy Hash: 3aec3b261ad2e2fa09d9e75d10932cdacebca318fd1e55c3f0dfbcdc06e8d0d7
                                                                                      • Instruction Fuzzy Hash: 6FE01A74A0012ACFDB24EF24E955BED7BB2EB48301F2040E8A41D63744DB746D84CF50
                                                                                      Function 05158813 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4ae5baf78e9a195e6e191e989e8ad2839e2cd9cdf1c163b0edc8b54db45bcc5
                                                                                      • Instruction ID: e83f94faa89711d6d571caa79b9514ce0377a6823361c85939e745fd980e67ab
                                                                                      • Opcode Fuzzy Hash: b4ae5baf78e9a195e6e191e989e8ad2839e2cd9cdf1c163b0edc8b54db45bcc5
                                                                                      • Instruction Fuzzy Hash: AEE09A74A012288BDB94EF54D89879DB7B2EB49321F6140DA944E73344CF346DC58F55
                                                                                      Function 05158BF5 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 76fb8e4d5ed1e9de9cb7440574a0fbc1e1be67dfcef9cc379b5f68e94b742415
                                                                                      • Instruction ID: 1a9783db166cd1f20bd53a94f75bb4694ab215b4500f1e633aab6a2fada05a2c
                                                                                      • Opcode Fuzzy Hash: 76fb8e4d5ed1e9de9cb7440574a0fbc1e1be67dfcef9cc379b5f68e94b742415
                                                                                      • Instruction Fuzzy Hash: 21E0E5349011288FCB28EB14D5557D9B7B2EB85702F1100D9950E633C4CA346E80CF22
                                                                                      Function 05158AB2 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9dd26011fab589217425c25a33815a307543f92cbc57fc0702ce57ac88f2565c
                                                                                      • Instruction ID: 1b56617a096924e06b5e505469cd4b80b805b4e62527ffc7d8e27da80cd9914b
                                                                                      • Opcode Fuzzy Hash: 9dd26011fab589217425c25a33815a307543f92cbc57fc0702ce57ac88f2565c
                                                                                      • Instruction Fuzzy Hash: 9AE01A34A002288BCB98EF24D8957DDB7B2EB49305F1081D9A50A63384CF346EC5CF94
                                                                                      Function 05135898 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4ebc0f617d7d301c0f20a403f4ec7e146fcdbc192a49e6a3e5777149e4cd5ed
                                                                                      • Instruction ID: a1d5a5be81eaf7e1cc47d25c8cf69e7229b8370bfc665d07b15bfacb36679e68
                                                                                      • Opcode Fuzzy Hash: b4ebc0f617d7d301c0f20a403f4ec7e146fcdbc192a49e6a3e5777149e4cd5ed
                                                                                      • Instruction Fuzzy Hash: 49D012F74641444FD742DF74D554E647B24FB36B2171605D2E280CB122D230C818CF21
                                                                                      Function 05133981 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 924ba064deae34405d4077048cd6802a04c8a4170aff72ae4b6de414da08cdfd
                                                                                      • Instruction ID: b7d7889a1e91930872447b06ae5c99e6d74cd5de48476d530795a6cbdd7a5220
                                                                                      • Opcode Fuzzy Hash: 924ba064deae34405d4077048cd6802a04c8a4170aff72ae4b6de414da08cdfd
                                                                                      • Instruction Fuzzy Hash: 84C0127A2441808FC3018728E959DA97B609B5632270654E2E1848F132C2208815CF24
                                                                                      Function 0515711D Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62b7f38e71fb731ae1378628c08d81b6c997223412f79a9d9abbe891855859e5
                                                                                      • Instruction ID: 58f5a78b40c39c1a32d85e7c67b4fde9182cc58d43e04c140704a0500c93049d
                                                                                      • Opcode Fuzzy Hash: 62b7f38e71fb731ae1378628c08d81b6c997223412f79a9d9abbe891855859e5
                                                                                      • Instruction Fuzzy Hash: 44C0027AF2015D9B8B00EBD9F4408DDF775FB94321F508036E624A7348D6306966CF51
                                                                                      Function 05133990 Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                      Function 0515924F Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4803ddfa20dfc617c45067f4428538179b241346687cb4532c1f58291b2981e2
                                                                                      • Instruction ID: 1cf3cf6c2ecdc6587b3ffa46397ae11778dd02a70a57625516edd2140ce6ec37
                                                                                      • Opcode Fuzzy Hash: 4803ddfa20dfc617c45067f4428538179b241346687cb4532c1f58291b2981e2
                                                                                      • Instruction Fuzzy Hash: 1EC02B70209004DBCB04BF24F06429D3773E786711F22005460261338CCFF82C89CF06
                                                                                      Function 05137A88 Relevance: .0, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f5242f26439bad51b75a89378c3cc73b9a08b6bfe1e4db46b0007b9bb2291ab8
                                                                                      • Instruction ID: de7051b23d3f55bc01ad4b245e8b5ac3acaf5674116f4b13c13c11f1811dda3e
                                                                                      • Opcode Fuzzy Hash: f5242f26439bad51b75a89378c3cc73b9a08b6bfe1e4db46b0007b9bb2291ab8
                                                                                      • Instruction Fuzzy Hash: 09B09236000208AB87019BD4E80895ABB69AB58701B148025A6094A2228B32A862DA95
                                                                                      Function 051314B0 Relevance: .0, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8fabc0cc2b0b34f4b19abf456676ef538a3eb4c8ea814d4fc01531e98b2cb087
                                                                                      • Instruction ID: 6a2df82eb6f518215d86886d1de480a8f9ba6c5cf14c9c4f8b0faac6751a44f9
                                                                                      • Opcode Fuzzy Hash: 8fabc0cc2b0b34f4b19abf456676ef538a3eb4c8ea814d4fc01531e98b2cb087
                                                                                      • Instruction Fuzzy Hash: 4BB012B62100004FD521F710EDC778C3B58F740104FC44430800083720C71C90024E41

                                                                                      Non-executed Functions

                                                                                      Function 04D22848 Relevance: 3.2, Strings: 1, Instructions: 1908COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337571655.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d20000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pVq
                                                                                      • API String ID: 0-1002762005
                                                                                      • Opcode ID: e3c8a01824cbe0bb4f3c171789626fa6a3268fcacc70400328cf24ef37dff636
                                                                                      • Instruction ID: 9d9fff9bea31f7d8112209f9356df5d3358b27af314d4ad981e1df0fb124d257
                                                                                      • Opcode Fuzzy Hash: e3c8a01824cbe0bb4f3c171789626fa6a3268fcacc70400328cf24ef37dff636
                                                                                      • Instruction Fuzzy Hash: 6EF2E174A09398DFDB16CFB4CD58BAE7F71BF06304F05419AE540AB2A2C7789845CB62
                                                                                      Function 05041538 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pqI
                                                                                      • API String ID: 0-1078129942
                                                                                      • Opcode ID: 5f2ea83b60d15d25f927e43bc8f26ab959cad8f0fd904a6733ed7968ee1e6ec7
                                                                                      • Instruction ID: be568aa840632e8d622a3db6c1eff5cdc27761eae02aa3dc8efb99c5de276df9
                                                                                      • Opcode Fuzzy Hash: 5f2ea83b60d15d25f927e43bc8f26ab959cad8f0fd904a6733ed7968ee1e6ec7
                                                                                      • Instruction Fuzzy Hash: 02415EB4E0550ADFCB40CFA9E5816AEBAF6AB49344F588535D416EB314E334CA82CF80
                                                                                      Function 0504152A Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pqI
                                                                                      • API String ID: 0-1078129942
                                                                                      • Opcode ID: d13ab23e8521ccaa38f5e5b6886783fc26e22d4b3b9e945b74ce6394efc5845e
                                                                                      • Instruction ID: f3fe89d130c1a60dff8cbf30267daef3f4cc1d4c2434acd9cc2acc79e34ed267
                                                                                      • Opcode Fuzzy Hash: d13ab23e8521ccaa38f5e5b6886783fc26e22d4b3b9e945b74ce6394efc5845e
                                                                                      • Instruction Fuzzy Hash: 3E41A3B4E05609DFCB40CFA9E5821AEBBB6AB49240F588575C406DB314E334CA82CF80
                                                                                      Function 04F70838 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /
                                                                                      • API String ID: 0-2043925204
                                                                                      • Opcode ID: 6dc8600a1361fe1fe4db349cc47abd224bfe2d5d1c0b6941f35385bf2397e48b
                                                                                      • Instruction ID: d6ca0ad335c38bda7f8fa539d0660dee96fde7e8800ecc83684ada1e5b3210c2
                                                                                      • Opcode Fuzzy Hash: 6dc8600a1361fe1fe4db349cc47abd224bfe2d5d1c0b6941f35385bf2397e48b
                                                                                      • Instruction Fuzzy Hash: 1D319CB1E056688BEB59CF2B8C4469EF6F7BFC8300F04C1EA990CA6254DB741A818F00
                                                                                      Function 05150040 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: `
                                                                                      • API String ID: 0-2679148245
                                                                                      • Opcode ID: 79d3030689fc8c23747b3a3bebd1eb9f84b49f2d08423a3502eac3962234e576
                                                                                      • Instruction ID: 1c66f36ab7b55974a86cdc38332f44a102620056f3e1b9d7d3225bfc62fff611
                                                                                      • Opcode Fuzzy Hash: 79d3030689fc8c23747b3a3bebd1eb9f84b49f2d08423a3502eac3962234e576
                                                                                      • Instruction Fuzzy Hash: 5121A9B1E046588BEB18CFAB8C0429EFBF7BFC9300F14C16A9919AB255EB7059458E04
                                                                                      Function 0504ABC0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338808916.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5040000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "
                                                                                      • API String ID: 0-123907689
                                                                                      • Opcode ID: 4cf665e1dead9bb737a7af2283c05330d18a64800883267193de05e5d85ed3f3
                                                                                      • Instruction ID: 3175d9849d71756bee6f70f06d76d0dc430e62544a071a743761d83228f1c206
                                                                                      • Opcode Fuzzy Hash: 4cf665e1dead9bb737a7af2283c05330d18a64800883267193de05e5d85ed3f3
                                                                                      • Instruction Fuzzy Hash: 95112EB5E042188BEB58CFABD8002EEBAF7BFC8300F14D1798409E7255DB7849468F40
                                                                                      Function 04F7DFB8 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: +
                                                                                      • API String ID: 0-2126386893
                                                                                      • Opcode ID: 4879748c9b2b568e9065cab4d2e90f9bc786e80655358ad428827894382a839d
                                                                                      • Instruction ID: 5595acfea0e9b5254e70f3d9881ca1e2a3f75693aa21e0dab773da8d62b88cfe
                                                                                      • Opcode Fuzzy Hash: 4879748c9b2b568e9065cab4d2e90f9bc786e80655358ad428827894382a839d
                                                                                      • Instruction Fuzzy Hash: C111F171E056188BEB18CF6788046DEFAF7AFC9300F14C17BC819A7214EB7419469F40
                                                                                      Function 04F76CB8 Relevance: .4, Instructions: 431COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1da164ed5b509be5da1da808f374339c3f22958ac00982c06f9d958272eda007
                                                                                      • Instruction ID: 4107f244fc2d8b6a2de0ee72f68b57ef28a3538ed11c8a8144f49bdb25d2a9c6
                                                                                      • Opcode Fuzzy Hash: 1da164ed5b509be5da1da808f374339c3f22958ac00982c06f9d958272eda007
                                                                                      • Instruction Fuzzy Hash: E212B671E006588FDB14CFAAC98069EFBF2BF88304F24C56AD459EB219D734A946CF50
                                                                                      Function 0515F2A8 Relevance: .3, Instructions: 342COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eca67d6f68f8bf4df26555cb2a2841227230c027d1547ac0ff3ee49a6ea1ef84
                                                                                      • Instruction ID: 533630776728d72b5e2d3c2149e17f21003acc6ac0592c211e4b87772c0810bf
                                                                                      • Opcode Fuzzy Hash: eca67d6f68f8bf4df26555cb2a2841227230c027d1547ac0ff3ee49a6ea1ef84
                                                                                      • Instruction Fuzzy Hash: 0DE11C74A00204CFDB14DF68C588A6EBBF2FF88320F658599E915AB365DB34EC46CB50
                                                                                      Function 0515A940 Relevance: .2, Instructions: 247COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48390b83a38d6d20135a1ff5b0a23c03051414a85224022d1284bda32ffb19d6
                                                                                      • Instruction ID: a9733f904358245797218bd81ec60eae89f186d708cbb3634e968a2be84f2cd6
                                                                                      • Opcode Fuzzy Hash: 48390b83a38d6d20135a1ff5b0a23c03051414a85224022d1284bda32ffb19d6
                                                                                      • Instruction Fuzzy Hash: F2B13674E45218CFDB24DF69D984BADBBF2BF88311F2081AAD819A7345DB346985CF00
                                                                                      Function 04D05210 Relevance: .2, Instructions: 245COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ebcf29948ddc6c9330957f5b4818670747451bb78f5e604d3dfd93b2bf6e3502
                                                                                      • Instruction ID: 611fdc79f48af01981cbe77ba62214e7b20db2eab7a6aebf9eca1123599c3c9d
                                                                                      • Opcode Fuzzy Hash: ebcf29948ddc6c9330957f5b4818670747451bb78f5e604d3dfd93b2bf6e3502
                                                                                      • Instruction Fuzzy Hash: AEC18475E016188FDB18DF6AD944ADDBBF2BF89300F14C1AAD909AB365DB305A81CF50
                                                                                      Function 05183F90 Relevance: .2, Instructions: 235COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ba5d7e70a8dd305d34ec47b87951e3a6e7aa66a5d55007c5cd6d8f803d3801d
                                                                                      • Instruction ID: d85dfb4da3d88496fc226be4aae9eca16a8fae5900598d7ec4b199798a2642e1
                                                                                      • Opcode Fuzzy Hash: 4ba5d7e70a8dd305d34ec47b87951e3a6e7aa66a5d55007c5cd6d8f803d3801d
                                                                                      • Instruction Fuzzy Hash: E4A13374E05218CFDB24EF68D445BEEBBF2BB89304F2190A9E409A7355DB74A985CF40
                                                                                      Function 05183FB8 Relevance: .2, Instructions: 223COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e8193c3f4b1d7ad4f4c0f5b8210789d94823a4696405780bb33ef6d6e1d869c1
                                                                                      • Instruction ID: beb79c5ff17d45b50a65a6a5ef8b3c37802319e1e39bf2fdb7885464da3bcd93
                                                                                      • Opcode Fuzzy Hash: e8193c3f4b1d7ad4f4c0f5b8210789d94823a4696405780bb33ef6d6e1d869c1
                                                                                      • Instruction Fuzzy Hash: F0914574E05619CFDB24EF68D444BAEBBF2BB89304F219069E409A7355DB74AD85CF00
                                                                                      Function 0518409D Relevance: .2, Instructions: 216COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c40dab558fe754d6247b7617bf537c1297bc618ba0236e852cd99477a38c4092
                                                                                      • Instruction ID: 5fa644aa06176c42621347486d9311a8eb17191655af40b11324603100e9330f
                                                                                      • Opcode Fuzzy Hash: c40dab558fe754d6247b7617bf537c1297bc618ba0236e852cd99477a38c4092
                                                                                      • Instruction Fuzzy Hash: C0914474E05619CFDB24EFA8D444BAEBBF2BB89304F219069D409A7359DB74AD85CF00
                                                                                      Function 0532E538 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6a1c56cc52302846a6a8662a69402e5f6fa22d3e7012ef0c4e3d25e1704aa976
                                                                                      • Instruction ID: 9d61710d0ce90f3256a3ca7b19bfe377a5c00ef9acbb783aa7e5a2c605b13266
                                                                                      • Opcode Fuzzy Hash: 6a1c56cc52302846a6a8662a69402e5f6fa22d3e7012ef0c4e3d25e1704aa976
                                                                                      • Instruction Fuzzy Hash: 23814770E05628CFEB24DFA9C845BADBBFAFF49304F2084A9D009A7640DB709985DF51
                                                                                      Function 0513C198 Relevance: .2, Instructions: 197COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27bcce8addce63929952f661afa4990b6072112a29fd1935141987d80599bf54
                                                                                      • Instruction ID: 551e07a6146a11df3b97f728937375cede0ab81bfa12a7c0ca7d21862514dd16
                                                                                      • Opcode Fuzzy Hash: 27bcce8addce63929952f661afa4990b6072112a29fd1935141987d80599bf54
                                                                                      • Instruction Fuzzy Hash: 86810174A05218CFDB14EFA8D8557ADBBB2BF89304F219169E409A7389DB346D86CF40
                                                                                      Function 0513C1A8 Relevance: .2, Instructions: 193COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339334574.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5130000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b0f50254070332878b30e77213dec990d1c7329cfe34d217d5d3a1a5b7f0d68c
                                                                                      • Instruction ID: 93c5c61c7dd5ffe77bb9adc782915c678366d01c98d6ab6d07f374d17a7eee04
                                                                                      • Opcode Fuzzy Hash: b0f50254070332878b30e77213dec990d1c7329cfe34d217d5d3a1a5b7f0d68c
                                                                                      • Instruction Fuzzy Hash: FC811074A05218CFDB14EFA8D8557ADBBF2BF89304F209169E409A7389DB346D86CF40
                                                                                      Function 04F76CA8 Relevance: .1, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fcbc5afdd6d4816aab95783c864d2ded8736d504692fb693287b90f1b317c80b
                                                                                      • Instruction ID: c6dff023a66127aed965cb9021f30dce986b6f7c9d3a93c90161a48bde704db3
                                                                                      • Opcode Fuzzy Hash: fcbc5afdd6d4816aab95783c864d2ded8736d504692fb693287b90f1b317c80b
                                                                                      • Instruction Fuzzy Hash: 4551ABB5E016599BEB08CFABC94069EFBF3BFC8300F14C16AD808EB254DB3459468B50
                                                                                      Function 04D005FC Relevance: .1, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 818f851a9a82e9e14d8357c9e6ebdead11a9c6f1fb7c896c7dc0ba99b29dfa91
                                                                                      • Instruction ID: c96925b4633b76dde6193dd257bd4ef2b885d8512483f858db0786a89781f24d
                                                                                      • Opcode Fuzzy Hash: 818f851a9a82e9e14d8357c9e6ebdead11a9c6f1fb7c896c7dc0ba99b29dfa91
                                                                                      • Instruction Fuzzy Hash: 3341F0B4D043489FDB15CFA9D984BAEBBF1BB89310F209129E414BB390D778A985CF45
                                                                                      Function 04D00608 Relevance: .1, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e964f930c654df01eb2088cf3174af2c27ad3981df5559b61ad474e0a6c2662
                                                                                      • Instruction ID: 94f09ae66a7ca5c8ad63e7d5a17c7531d9b84f78bea9f74f4680eefd453b88b7
                                                                                      • Opcode Fuzzy Hash: 1e964f930c654df01eb2088cf3174af2c27ad3981df5559b61ad474e0a6c2662
                                                                                      • Instruction Fuzzy Hash: 9841E0B4D003489FDB15CFA9D985BAEBBF1BB49310F209129E414BB390D778A985CF45
                                                                                      Function 04D0D5F8 Relevance: .1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c52adaf27997c64ef808ba26da7be34dfd1d72e1bd15494215de28ac42f8977e
                                                                                      • Instruction ID: 5702c1beaf18feb913d6d7e029afdf653fd0fbedc626ad00a84ddf82174ed1e6
                                                                                      • Opcode Fuzzy Hash: c52adaf27997c64ef808ba26da7be34dfd1d72e1bd15494215de28ac42f8977e
                                                                                      • Instruction Fuzzy Hash: 7941B4B0D05668CBDB28CFAAC9447DDFBF6AB89300F50C4AAD44DAB254D7745A84CF40
                                                                                      Function 04F7736F Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cc7ce2c49c4ec398349e05f4d20ff380ac874511f4f3f8701650dcd2dc1c8f65
                                                                                      • Instruction ID: 4c3647f8f23194b188dffbcfc6ce4fd11df7d1a3d31a6ce03b09a8599d49d0f0
                                                                                      • Opcode Fuzzy Hash: cc7ce2c49c4ec398349e05f4d20ff380ac874511f4f3f8701650dcd2dc1c8f65
                                                                                      • Instruction Fuzzy Hash: 1F3141B1E05A588BEB5CCF6B8C4169EFBF3AFC9200F14C0B9851CAA255EB3455468F14
                                                                                      Function 04F77380 Relevance: .1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6769515e635ebdfae7f0623a03a74beb6c66e39e901957cfa082b2bf4677ef7e
                                                                                      • Instruction ID: 0a4c5241e822a184aadd25443e93aad7165c6908fd13fe142ce5d9fd98fbd9e2
                                                                                      • Opcode Fuzzy Hash: 6769515e635ebdfae7f0623a03a74beb6c66e39e901957cfa082b2bf4677ef7e
                                                                                      • Instruction Fuzzy Hash: 933143B1E04658CBEB5CCF6B8C4069EFAF7AFC9300F14C0BA891CAA255EB3415468F15
                                                                                      Function 05310007 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28c99b55547dafedf5acff31e475eb40e8c06bfecb74845c79234ef679099b7d
                                                                                      • Instruction ID: 96febc1212857e6f6bb77c2d3370be15267825ac6a1533b2d501e45b6b595d8d
                                                                                      • Opcode Fuzzy Hash: 28c99b55547dafedf5acff31e475eb40e8c06bfecb74845c79234ef679099b7d
                                                                                      • Instruction Fuzzy Hash: 5E313A71D057548BEB29CF6ACC4479ABAF6BF85300F05C1FAD40CAA266EB7409C58F14
                                                                                      Function 04F70828 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2338385171.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4f70000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7a414803300ba5f01efd50d715691da09668a4b5afd551b80aa7daface0015c5
                                                                                      • Instruction ID: e43e8ec8348176f6cfb84863cb60fe3488ecebee71539b21ae9f7e6c3a73f6fa
                                                                                      • Opcode Fuzzy Hash: 7a414803300ba5f01efd50d715691da09668a4b5afd551b80aa7daface0015c5
                                                                                      • Instruction Fuzzy Hash: 9B318FB1D056589BEB1DCF279C4169AFBF7AFC9200F04C1BA981CA6255DB741B868F10
                                                                                      Function 05310040 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339915725.0000000005310000.00000040.00000800.00020000.00000000.sdmp, Offset: 05310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5310000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ef1dde543fd2b2c2115f0bfbaaa3e84566e1ab9e301f958504093b0f431aa77
                                                                                      • Instruction ID: db71447f3d8fb45916ffd1d9d1ffeff31749a50958057a74e6013fb3a6629f0e
                                                                                      • Opcode Fuzzy Hash: 8ef1dde543fd2b2c2115f0bfbaaa3e84566e1ab9e301f958504093b0f431aa77
                                                                                      • Instruction Fuzzy Hash: BB31CC75D05618CBEB68CF2BC84879AB6F7BB88300F04C1FAD80DA6255DB740AC58F44
                                                                                      Function 05150006 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339421881.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5150000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 635534c9b39be7a1c676a3da9b3e5319fe04346cfa769359eec4127c918962c3
                                                                                      • Instruction ID: 0bfa0aeb8e4f8697c2cedcef8f16d621b71189e207a2e144270e8f91f4dca75f
                                                                                      • Opcode Fuzzy Hash: 635534c9b39be7a1c676a3da9b3e5319fe04346cfa769359eec4127c918962c3
                                                                                      • Instruction Fuzzy Hash: EB211CB1D057948FD719CFA78C0028EBBB3ABCA300F49C1AAD458AB266E7740945CF01
                                                                                      Function 05172118 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 011543f59634a4b41e881ebbef0d75f19fd7abd7e7029a774518ab2e5104f7ed
                                                                                      • Instruction ID: 21fe623a57e784ab04a03822a7919e147a3d8f1c08712d67d9fa0dd7975757ec
                                                                                      • Opcode Fuzzy Hash: 011543f59634a4b41e881ebbef0d75f19fd7abd7e7029a774518ab2e5104f7ed
                                                                                      • Instruction Fuzzy Hash: 0121FEB5D04218DFDB14CFA9D981AEEBBF4FB49320F10902AE914B7240C735A941CFA4
                                                                                      Function 04D01A80 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a0fd543672724e5bb039221fbaa502087154cd28cdd4815c64823544141d2718
                                                                                      • Instruction ID: aa90cc8ec9a9269480b3faafe72f68c84be4877fc479d500fa60efbe4dd245dd
                                                                                      • Opcode Fuzzy Hash: a0fd543672724e5bb039221fbaa502087154cd28cdd4815c64823544141d2718
                                                                                      • Instruction Fuzzy Hash: C23189B1E046188BEB18CF6BC94478EFAF7AFC9304F14C1A9C44CA7255EB7559858F11
                                                                                      Function 04D01A71 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2337526011.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_4d00000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6eaf1b7567621669fde1e1990b0db010d7b91be61a6ece2e98cbd3f1c8b414c8
                                                                                      • Instruction ID: 8ebf027051701c9845188fa42e73974e23115be12b5b305c393b86dbf04a6ea1
                                                                                      • Opcode Fuzzy Hash: 6eaf1b7567621669fde1e1990b0db010d7b91be61a6ece2e98cbd3f1c8b414c8
                                                                                      • Instruction Fuzzy Hash: A3318BB1E056588BEB18CF6BC94479EFAF7AFC5304F14C1A9C448AA265DB7409858F01
                                                                                      Function 05172120 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339529000.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5170000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7d86c3cfbb986ab92e0eb0f7425e1ec3ebf02951577e8f045819048ebd3634f3
                                                                                      • Instruction ID: 7eff929df76c52940b66d1a8169439de4e7cec0faca295aa03650d379b5558fd
                                                                                      • Opcode Fuzzy Hash: 7d86c3cfbb986ab92e0eb0f7425e1ec3ebf02951577e8f045819048ebd3634f3
                                                                                      • Instruction Fuzzy Hash: 9F21EDB9D04218DFDB14CFA9D980AEEFBF4BB49320F10901AE915B7200C775A941CFA4
                                                                                      Function 051815F0 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2339559726.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5180000_Shipping Docs Waybill No 2009 xxxx 351.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5d00f5c8744f1ccb7da718b22f5bb9641037e7088a02113da778e73b7d6fe9ec
                                                                                      • Instruction ID: ac6eae76e42140100974c73fe42e57d4bd771cfb549f30a6807ca175f24e772d
                                                                                      • Opcode Fuzzy Hash: 5d00f5c8744f1ccb7da718b22f5bb9641037e7088a02113da778e73b7d6fe9ec
                                                                                      • Instruction Fuzzy Hash: 9621A4B2D056189BEB28CF9BD8547EDBBF7BB88300F14C16AD509AA254DB740946CF50

                                                                                      Execution Graph

                                                                                      Execution Coverage:13%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:188
                                                                                      Total number of Limit Nodes:20
                                                                                      execution_graph 40236 111d030 40237 111d048 40236->40237 40238 111d0a2 40237->40238 40245 6833440 40237->40245 40249 68334a3 40237->40249 40254 6837acb 40237->40254 40260 6831f14 40237->40260 40268 6837ae6 40237->40268 40276 6833450 40237->40276 40246 6833476 40245->40246 40247 6831f14 CallWindowProcW 40246->40247 40248 6833497 40247->40248 40248->40238 40250 6833474 40249->40250 40251 68334aa 40249->40251 40252 6831f14 CallWindowProcW 40250->40252 40253 6833497 40252->40253 40253->40238 40255 6837b3a 40254->40255 40256 6837acf 40254->40256 40257 6837b47 40255->40257 40280 6837c60 40255->40280 40284 6837c70 40255->40284 40256->40238 40263 6831f1f 40260->40263 40261 6837b49 40262 6836a94 CallWindowProcW 40261->40262 40265 6837b47 40262->40265 40263->40261 40264 6837b39 40263->40264 40266 6837c60 CallWindowProcW 40264->40266 40267 6837c70 CallWindowProcW 40264->40267 40266->40265 40267->40265 40271 6837b15 40268->40271 40269 6837b49 40270 6836a94 CallWindowProcW 40269->40270 40273 6837b47 40270->40273 40271->40269 40272 6837b39 40271->40272 40274 6837c60 CallWindowProcW 40272->40274 40275 6837c70 CallWindowProcW 40272->40275 40274->40273 40275->40273 40277 6833476 40276->40277 40278 6831f14 CallWindowProcW 40277->40278 40279 6833497 40278->40279 40279->40238 40281 6837c70 40280->40281 40283 6837d56 40281->40283 40288 6836a94 40281->40288 40283->40257 40286 6837c7e 40284->40286 40285 6836a94 CallWindowProcW 40285->40286 40286->40285 40287 6837d56 40286->40287 40287->40257 40289 6836a9f 40288->40289 40290 6837e0a CallWindowProcW 40289->40290 40291 6837db9 40289->40291 40290->40291 40291->40281 40331 11c09cd 40333 11c084e 40331->40333 40332 11c091b 40333->40332 40336 11c147f 40333->40336 40348 11c1352 40333->40348 40337 11c1455 40336->40337 40340 11c1487 40336->40340 40339 11c1366 40337->40339 40382 11c8829 40337->40382 40338 11c147a 40338->40333 40339->40338 40341 11c8829 2 API calls 40339->40341 40347 11c147f 5 API calls 40339->40347 40358 6830200 40339->40358 40366 6830210 40339->40366 40374 11c8128 40339->40374 40378 11c8119 40339->40378 40340->40333 40341->40339 40347->40339 40350 11c12b6 40348->40350 40351 11c135b 40348->40351 40349 11c147a 40349->40333 40350->40333 40351->40349 40352 11c8829 2 API calls 40351->40352 40353 11c8128 MoveFileA 40351->40353 40354 11c8119 MoveFileA 40351->40354 40355 6830200 2 API calls 40351->40355 40356 6830210 2 API calls 40351->40356 40357 11c147f 5 API calls 40351->40357 40352->40351 40353->40351 40354->40351 40355->40351 40356->40351 40357->40351 40359 6830210 40358->40359 40361 68302d3 40359->40361 40387 6830440 40359->40387 40392 6830450 40359->40392 40361->40339 40367 6830222 40366->40367 40369 68302d3 40367->40369 40370 6830440 GetModuleHandleW 40367->40370 40371 6830450 GetModuleHandleW 40367->40371 40368 6830299 40372 6838060 KiUserCallbackDispatcher 40368->40372 40373 6838070 KiUserCallbackDispatcher 40368->40373 40369->40339 40370->40368 40371->40368 40372->40369 40373->40369 40376 11c8147 40374->40376 40375 11c8202 40375->40339 40376->40375 40431 11c77a8 40376->40431 40380 11c8147 40378->40380 40379 11c8202 40379->40339 40380->40379 40381 11c77a8 MoveFileA 40380->40381 40381->40379 40384 11c8833 40382->40384 40383 11c88e9 40383->40339 40384->40383 40435 689f9b8 40384->40435 40440 689f9c8 40384->40440 40388 6830450 40387->40388 40405 68313d0 40388->40405 40414 68313bb 40388->40414 40393 683045d 40392->40393 40395 68313d0 GetModuleHandleW 40393->40395 40396 68313bb GetModuleHandleW 40393->40396 40394 6830299 40397 6838060 40394->40397 40401 6838070 40394->40401 40395->40394 40396->40394 40398 6838078 40397->40398 40400 683809b 40398->40400 40427 6836aec 40398->40427 40400->40361 40402 6838078 40401->40402 40403 6836aec KiUserCallbackDispatcher 40402->40403 40404 683809b 40402->40404 40403->40402 40404->40361 40406 68313fb 40405->40406 40407 68307c4 GetModuleHandleW 40406->40407 40408 6831462 40407->40408 40412 68307c4 GetModuleHandleW 40408->40412 40423 6831898 40408->40423 40409 683147e 40410 68307d4 GetModuleHandleW 40409->40410 40411 68314aa 40409->40411 40410->40411 40412->40409 40415 68313fb 40414->40415 40416 68307c4 GetModuleHandleW 40415->40416 40417 6831462 40416->40417 40421 68307c4 GetModuleHandleW 40417->40421 40422 6831898 GetModuleHandleW 40417->40422 40418 683147e 40419 68307d4 GetModuleHandleW 40418->40419 40420 68314aa 40418->40420 40419->40420 40421->40418 40422->40418 40425 68318a7 40423->40425 40424 68318b3 40424->40409 40425->40424 40426 6831acb GetModuleHandleW 40425->40426 40426->40424 40428 68380b0 KiUserCallbackDispatcher 40427->40428 40430 683811e 40428->40430 40430->40398 40432 11c8640 MoveFileA 40431->40432 40434 11c86df 40432->40434 40434->40375 40437 689f9c8 40435->40437 40436 689fbf2 40436->40383 40437->40436 40438 689fc09 GlobalMemoryStatusEx GlobalMemoryStatusEx 40437->40438 40439 689fe6c GlobalMemoryStatusEx GlobalMemoryStatusEx 40437->40439 40438->40437 40439->40437 40442 689f9dd 40440->40442 40441 689fbf2 40441->40383 40442->40441 40443 689fc09 GlobalMemoryStatusEx GlobalMemoryStatusEx 40442->40443 40444 689fe6c GlobalMemoryStatusEx GlobalMemoryStatusEx 40442->40444 40443->40442 40444->40442 40292 6838ac0 40293 6838b1a OleGetClipboard 40292->40293 40294 6838b5a 40293->40294 40295 6836ee0 DuplicateHandle 40296 6836f76 40295->40296 40445 11c8068 40446 11c80ae DeleteFileW 40445->40446 40448 11c80e7 40446->40448 40297 68335c8 40298 68335cb 40297->40298 40301 68335e9 40297->40301 40303 68307c4 40298->40303 40302 6833657 40301->40302 40307 68307d4 40301->40307 40304 68307cf 40303->40304 40305 68318b3 40304->40305 40311 6831acb 40304->40311 40305->40301 40308 6831df0 GetModuleHandleW 40307->40308 40310 6831e65 40308->40310 40310->40302 40312 68307d4 GetModuleHandleW 40311->40312 40313 6831ae9 40312->40313 40314 68307d4 GetModuleHandleW 40313->40314 40319 6831cb4 40313->40319 40315 6831c3a 40314->40315 40316 68307d4 GetModuleHandleW 40315->40316 40315->40319 40317 6831c88 40316->40317 40318 68307d4 GetModuleHandleW 40317->40318 40317->40319 40318->40319 40319->40305 40320 6831de8 40321 6831e32 40320->40321 40322 6831e38 GetModuleHandleW 40320->40322 40321->40322 40323 6831e65 40322->40323 40324 6838928 40325 6838933 40324->40325 40326 6838943 40325->40326 40328 6838398 40325->40328 40329 6838978 OleInitialize 40328->40329 40330 68389dc 40329->40330 40330->40326 40449 6833298 40450 6833300 CreateWindowExW 40449->40450 40452 68333bc 40450->40452 40452->40452 40453 6836c98 40454 6836c99 GetCurrentProcess 40453->40454 40456 6836d30 GetCurrentThread 40454->40456 40457 6836d29 40454->40457 40458 6836d66 40456->40458 40459 6836d6d GetCurrentProcess 40456->40459 40457->40456 40458->40459 40460 6836da3 40459->40460 40461 6836dcb GetCurrentThreadId 40460->40461 40462 6836dfc 40461->40462

                                                                                      Executed Functions

                                                                                      Function 068955E8 Relevance: 1.8, Strings: 1, Instructions: 594COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $
                                                                                      • API String ID: 0-3993045852
                                                                                      • Opcode ID: 09b9fb5de0da9a845a8e112e1dd5423fb8cb3b9f7b5b8178d70ac65ded2dd465
                                                                                      • Instruction ID: eecac15a7104d6c2ed4ab7d0f9d5bdd1c676427e197f218934868333d4ff4d84
                                                                                      • Opcode Fuzzy Hash: 09b9fb5de0da9a845a8e112e1dd5423fb8cb3b9f7b5b8178d70ac65ded2dd465
                                                                                      • Instruction Fuzzy Hash: 7922C231E102599FDF66CBA4D4806AEB7B2FF85310F288469D646EB384DB71DC41CBA1
                                                                                      Function 06896638 Relevance: .8, Instructions: 820COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d5d2a561df64b9240f9ae3f82f761795a2b171b260803bd58b6dd9ff91911cbb
                                                                                      • Instruction ID: 025e699c3e4ac16313415dcd8b23e520f17804fbe1698669ed0c83c7594a46cf
                                                                                      • Opcode Fuzzy Hash: d5d2a561df64b9240f9ae3f82f761795a2b171b260803bd58b6dd9ff91911cbb
                                                                                      • Instruction Fuzzy Hash: 7C628C34B102158FEF54DB68D584AADB7F2EF88314F188569E506EB394EB35EC81CB90
                                                                                      Function 0689C5D8 Relevance: .6, Instructions: 639COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ceb921c36e5fd0a8c72d2e61005fc9fd9ef1e2b69b2cf0071219b7783f1da4b
                                                                                      • Instruction ID: ddf80638a7d8c689e110c0dd5bd782307c5bddc30b7ddff183a52978158dfccb
                                                                                      • Opcode Fuzzy Hash: 8ceb921c36e5fd0a8c72d2e61005fc9fd9ef1e2b69b2cf0071219b7783f1da4b
                                                                                      • Instruction Fuzzy Hash: 90327D34B10219CFDF55DB69D880AAEBBB2FB88310F149529E606E7355DB35EC41CBA0
                                                                                      Function 0689B269 Relevance: .6, Instructions: 565COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3eeb2f34241a890cd9df71c26024e6e5cfa8b7114141aed7a93decee7dd28415
                                                                                      • Instruction ID: 52ba2a21839dda6552291778a36a5191d151c6d325ed8c7c969916985b6f5370
                                                                                      • Opcode Fuzzy Hash: 3eeb2f34241a890cd9df71c26024e6e5cfa8b7114141aed7a93decee7dd28415
                                                                                      • Instruction Fuzzy Hash: D4226530E111098FEF64DBA9E4807AFB7B2FB89310F288526E515EB395DA74DC41CB61
                                                                                      Function 068934A8 Relevance: .5, Instructions: 545COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bbbe4722aa65c6fcbeb3559cd133f7975940acb2ac223befdec9162f2518dad2
                                                                                      • Instruction ID: cec4e514042b4d7dd330d326ac0134c3b6e7be592a79c042d2ad32e5d41808b3
                                                                                      • Opcode Fuzzy Hash: bbbe4722aa65c6fcbeb3559cd133f7975940acb2ac223befdec9162f2518dad2
                                                                                      • Instruction Fuzzy Hash: AF324E30E1065ACFDB14EF75D8905ADB7B2BFC9300F15C6AAD40AA7214EF70A981CB91
                                                                                      Function 06897DC8 Relevance: .5, Instructions: 473COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8337fcd0583dc647de58df1efbb7d94db58df5f797dbf4007fc5bc3d1e4e768b
                                                                                      • Instruction ID: da0ad3175b61a3bd6dd916104680680b40954fbd988437d1d5f227e366988faa
                                                                                      • Opcode Fuzzy Hash: 8337fcd0583dc647de58df1efbb7d94db58df5f797dbf4007fc5bc3d1e4e768b
                                                                                      • Instruction Fuzzy Hash: D7029E30B112168FDF54DB64D890BAEB7A2FF85300F288969D506DB394DB75EC42CBA0
                                                                                      Function 06895D1B Relevance: .4, Instructions: 419COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ada76dc29eb2528c3dd58903b52c556a9270234b54fab81060077c0ba6f0269
                                                                                      • Instruction ID: c519f0f8b97b116cbbab871a9adb6878e86a2d1c7203d91bd1be97256c1d5905
                                                                                      • Opcode Fuzzy Hash: 2ada76dc29eb2528c3dd58903b52c556a9270234b54fab81060077c0ba6f0269
                                                                                      • Instruction Fuzzy Hash: 5AE1E131B101148FDF65DB68C484AAEBBF2FB89310F29846AE546DB391DB71DC41C7A1
                                                                                      Function 06836C89 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 06836D16
                                                                                      • GetCurrentThread.KERNEL32 ref: 06836D53
                                                                                      • GetCurrentProcess.KERNEL32 ref: 06836D90
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 06836DE9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: 02d2b9ecf3ed1c11867849ede9a9095d01f65cce123831d31cd620497e0d8d8e
                                                                                      • Instruction ID: 3ed8960d13e182888e4df66da50420b0cf901449133bbce85bd0173d0a192de8
                                                                                      • Opcode Fuzzy Hash: 02d2b9ecf3ed1c11867849ede9a9095d01f65cce123831d31cd620497e0d8d8e
                                                                                      • Instruction Fuzzy Hash: 2751A9B090134ADFDB54CFA9D948B9EBFF1EF88314F208459D109A7250DB759884CBA1
                                                                                      Function 06836C98 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 06836D16
                                                                                      • GetCurrentThread.KERNEL32 ref: 06836D53
                                                                                      • GetCurrentProcess.KERNEL32 ref: 06836D90
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 06836DE9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: 8699f61b1807b1a1a1c44a410a97eb1064973fbda17ac9177aa029150624fe71
                                                                                      • Instruction ID: 9d574b51dac5100d8760288cdd1795c12cb2268584b33a6f6cd874fb25df241d
                                                                                      • Opcode Fuzzy Hash: 8699f61b1807b1a1a1c44a410a97eb1064973fbda17ac9177aa029150624fe71
                                                                                      • Instruction Fuzzy Hash: 7C5177B090034ADFDB54DFAAD948B9EBBF1FF88314F208419D209A7260DB759984CF65
                                                                                      Function 0683328F Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 888 683328f-68332fe 890 6833300-6833306 888->890 891 6833309-6833310 888->891 890->891 892 6833312-6833318 891->892 893 683331b-6833353 891->893 892->893 894 683335b-68333ba CreateWindowExW 893->894 895 68333c3-68333fb 894->895 896 68333bc-68333c2 894->896 900 6833408 895->900 901 68333fd-6833400 895->901 896->895 902 6833409 900->902 901->900 902->902
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 068333AA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: 87ec08c0df4c0b1755d50cbbf55b7f7a9c67211e2725c324839d847da885bc93
                                                                                      • Instruction ID: 7b397360c3c1e0b6e7c6bbed40c5b766e1a2e911ae115ee7b9b788c8c11cd2ad
                                                                                      • Opcode Fuzzy Hash: 87ec08c0df4c0b1755d50cbbf55b7f7a9c67211e2725c324839d847da885bc93
                                                                                      • Instruction Fuzzy Hash: E751E1B1D003599FDB14CF99D880ADEFFB5BF48310F24822AE419AB210D7759845CF90
                                                                                      Function 06833221 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 873 6833221-68332fe 875 6833300-6833306 873->875 876 6833309-6833310 873->876 875->876 877 6833312-6833318 876->877 878 683331b-6833353 876->878 877->878 879 683335b-68333ba CreateWindowExW 878->879 880 68333c3-68333fb 879->880 881 68333bc-68333c2 879->881 885 6833408 880->885 886 68333fd-6833400 880->886 881->880 887 6833409 885->887 886->885 887->887
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 068333AA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: 22f9eb8d3505317e2239b03b2f116635b81f9e9abd8cb7f3a04d7c2903bfe2da
                                                                                      • Instruction ID: f2b4d6d9510028f71967ac1184c6c4c3ff4bbadca430571810d3699e41d7d530
                                                                                      • Opcode Fuzzy Hash: 22f9eb8d3505317e2239b03b2f116635b81f9e9abd8cb7f3a04d7c2903bfe2da
                                                                                      • Instruction Fuzzy Hash: F451DFB1D003999FDB14CFA9D884ADEFFB1BF48314F24812AE419AB250D7759845CF90
                                                                                      Function 06833298 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 903 6833298-68332fe 904 6833300-6833306 903->904 905 6833309-6833310 903->905 904->905 906 6833312-6833318 905->906 907 683331b-68333ba CreateWindowExW 905->907 906->907 909 68333c3-68333fb 907->909 910 68333bc-68333c2 907->910 914 6833408 909->914 915 68333fd-6833400 909->915 910->909 916 6833409 914->916 915->914 916->916
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 068333AA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: d91f5961947fc746173e3b329301b8e5201dafcf85beae7c1cbfc80bc9b8000f
                                                                                      • Instruction ID: 737a0366ed08bceb6ae5b57e1b4b2077aa9d91e9207b7eafc51025a31c16484a
                                                                                      • Opcode Fuzzy Hash: d91f5961947fc746173e3b329301b8e5201dafcf85beae7c1cbfc80bc9b8000f
                                                                                      • Instruction Fuzzy Hash: B841AEB1D003599FDB14CF9AD884ADEFFB5BF48314F24812AE919AB210DB75A845CF90
                                                                                      Function 06836A94 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 917 6836a94-6837dac 920 6837db2-6837db7 917->920 921 6837e5c-6837e7c call 6831f14 917->921 923 6837e0a-6837e42 CallWindowProcW 920->923 924 6837db9-6837df0 920->924 929 6837e7f-6837e8c 921->929 925 6837e44-6837e4a 923->925 926 6837e4b-6837e5a 923->926 930 6837df2-6837df8 924->930 931 6837df9-6837e08 924->931 925->926 926->929 930->931 931->929
                                                                                      APIs
                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 06837E31
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallProcWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2714655100-0
                                                                                      • Opcode ID: f06534fe154771a93cb5fd54327465e13f769241f2e41bb71d27ef4b52817f70
                                                                                      • Instruction ID: 4ce52d0b49050ca667dfd0b3f0ffd793d23b2f2cc7557cbdc5d3a9b1199b83d3
                                                                                      • Opcode Fuzzy Hash: f06534fe154771a93cb5fd54327465e13f769241f2e41bb71d27ef4b52817f70
                                                                                      • Instruction Fuzzy Hash: 5E4136B4900359CFDB54CF99C888AAEBBF5FB88714F248458D519AB321D774E841CBA4
                                                                                      Function 011CF3EB Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 934 11cf3eb-11cf3f0 935 11cf3b5-11cf3e9 934->935 936 11cf3f2-11cf411 934->936 941 11cf417-11cf4a4 GlobalMemoryStatusEx 936->941 942 11cf413-11cf416 936->942 948 11cf4ad-11cf4d5 941->948 949 11cf4a6-11cf4ac 941->949 949->948
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 011CF497
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4584119606.00000000011C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_11c0000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: e2da461481eb48204add843dbcda2c127d17c64c533bd11c1fd1dab8d0322f14
                                                                                      • Instruction ID: b0bb2c693be3a58d55a129134b4053f8a60072c0a2c2859dde6dea359b76f7aa
                                                                                      • Opcode Fuzzy Hash: e2da461481eb48204add843dbcda2c127d17c64c533bd11c1fd1dab8d0322f14
                                                                                      • Instruction Fuzzy Hash: 5731DC71D0839A8FCB04DFA9D80079EBFF5AF89210F1485AAD504E7241DB789946CBA1
                                                                                      Function 06838AB5 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 952 6838ab5-6838b10 953 6838b1a-6838b58 OleGetClipboard 952->953 954 6838b61-6838baf 953->954 955 6838b5a-6838b60 953->955 960 6838bb1-6838bb5 954->960 961 6838bbf 954->961 955->954 960->961 962 6838bb7 960->962 963 6838bc0 961->963 962->961 963->963
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: Clipboard
                                                                                      • String ID:
                                                                                      • API String ID: 220874293-0
                                                                                      • Opcode ID: 931185bee18028871196da190c08baa46bfec09bf1a13fdfc119d9428d303d0e
                                                                                      • Instruction ID: 740780c5602a3caa663c663d14c97dacb801d7be63229709371d85a7132d6cdd
                                                                                      • Opcode Fuzzy Hash: 931185bee18028871196da190c08baa46bfec09bf1a13fdfc119d9428d303d0e
                                                                                      • Instruction Fuzzy Hash: 0A3120B0D01349DFDB60CF99C984BCEBBF1AF48714F208059E504AB390DBB4A845CB90
                                                                                      Function 06838AC0 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 964 6838ac0-6838b58 OleGetClipboard 966 6838b61-6838baf 964->966 967 6838b5a-6838b60 964->967 972 6838bb1-6838bb5 966->972 973 6838bbf 966->973 967->966 972->973 974 6838bb7 972->974 975 6838bc0 973->975 974->973 975->975
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: Clipboard
                                                                                      • String ID:
                                                                                      • API String ID: 220874293-0
                                                                                      • Opcode ID: c27db81ba10056d1465df839297211691c6028d974ab441b32c82a7a7abac816
                                                                                      • Instruction ID: 2cbfb29cd3c65d76a0bf069f12f1232a0920b7e9f08f20b5133b8fcc3cf77342
                                                                                      • Opcode Fuzzy Hash: c27db81ba10056d1465df839297211691c6028d974ab441b32c82a7a7abac816
                                                                                      • Instruction Fuzzy Hash: 5A311FB0D01219DFDB50CF9AC985B8EBBF1AF48714F208059E504AB390DBB4A845CBA5
                                                                                      Function 011C77A8 Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 976 11c77a8-11c8692 979 11c869d-11c86a1 976->979 980 11c8694-11c869a 976->980 981 11c86a9-11c86dd MoveFileA 979->981 982 11c86a3-11c86a6 979->982 980->979 983 11c86df-11c86e5 981->983 984 11c86e6-11c86fa 981->984 982->981 983->984
                                                                                      APIs
                                                                                      • MoveFileA.KERNEL32(?,00000000,?,?), ref: 011C86D0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4584119606.00000000011C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_11c0000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileMove
                                                                                      • String ID:
                                                                                      • API String ID: 3562171763-0
                                                                                      • Opcode ID: 5a76b7995fa8ffaf689cbab14e60dabaa5ecc6d69644736edfcf75a29d810516
                                                                                      • Instruction ID: 1c90214719b823928068bf59c04da50d1e226d0b87015711e4b9b2d9060626b8
                                                                                      • Opcode Fuzzy Hash: 5a76b7995fa8ffaf689cbab14e60dabaa5ecc6d69644736edfcf75a29d810516
                                                                                      • Instruction Fuzzy Hash: B12126B6C012199FCB54CF99D984ADEFBF1FB88710F24805AE918AB200C775A940CBA4
                                                                                      Function 011C863A Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 986 11c863a-11c8692 988 11c869d-11c86a1 986->988 989 11c8694-11c869a 986->989 990 11c86a9-11c86dd MoveFileA 988->990 991 11c86a3-11c86a6 988->991 989->988 992 11c86df-11c86e5 990->992 993 11c86e6-11c86fa 990->993 991->990 992->993
                                                                                      APIs
                                                                                      • MoveFileA.KERNEL32(?,00000000,?,?), ref: 011C86D0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4584119606.00000000011C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_11c0000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileMove
                                                                                      • String ID:
                                                                                      • API String ID: 3562171763-0
                                                                                      • Opcode ID: 978def782202bf0a80669d21db12a3f7599e8bebcd6bd4569a2f2da745588787
                                                                                      • Instruction ID: 927a98857800a3cc2300a3c0172270ed2afbfb818f281c23e6b208c03a021413
                                                                                      • Opcode Fuzzy Hash: 978def782202bf0a80669d21db12a3f7599e8bebcd6bd4569a2f2da745588787
                                                                                      • Instruction Fuzzy Hash: 6C2127B6C012599FCB14CF99D584ADEFFF1FF88710F24805AE918AB204C7755940CBA0
                                                                                      Function 06836EE0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 995 6836ee0-6836f74 DuplicateHandle 996 6836f76-6836f7c 995->996 997 6836f7d-6836f9a 995->997 996->997
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06836F67
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: 194ec8ae6e3e887946668fce167fadb25b6b4d3aa09f10709bd329d1f2b8211f
                                                                                      • Instruction ID: ff60d53562e43c05f762e188939db227a2996ef6f8595a35a0efc6bedb22d337
                                                                                      • Opcode Fuzzy Hash: 194ec8ae6e3e887946668fce167fadb25b6b4d3aa09f10709bd329d1f2b8211f
                                                                                      • Instruction Fuzzy Hash: B321E3B5900249AFDB10CFAAD984ADEFBF4EB48320F14801AE914A3310D378A954CFA4
                                                                                      Function 011C8060 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1000 11c8060-11c80b2 1003 11c80ba-11c80e5 DeleteFileW 1000->1003 1004 11c80b4-11c80b7 1000->1004 1005 11c80ee-11c8116 1003->1005 1006 11c80e7-11c80ed 1003->1006 1004->1003 1006->1005
                                                                                      APIs
                                                                                      • DeleteFileW.KERNEL32(00000000), ref: 011C80D8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4584119606.00000000011C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_11c0000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: 78e32aeea768b84c41c7304a20385299d1eaee4f9c14ed9bbb47053cc2953f5c
                                                                                      • Instruction ID: b3eccf28d15bdc1a0a0271275f756cccb8e1b168a682a600f50652ec736dc6fd
                                                                                      • Opcode Fuzzy Hash: 78e32aeea768b84c41c7304a20385299d1eaee4f9c14ed9bbb47053cc2953f5c
                                                                                      • Instruction Fuzzy Hash: 892149B1C0065A9BCB14CF9AC941BDEFBB4BF48720F148129D918A7240D774A951CFA1
                                                                                      Function 06836ED8 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06836F67
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: 11b9a6a6e5e153e9a247fe14c21256d86dcd74b55a7407c1cfb64e7072b9188d
                                                                                      • Instruction ID: 025b8f9be01d4adc1d29f8de518f677cbae967342544079516efdbe705fa9f04
                                                                                      • Opcode Fuzzy Hash: 11b9a6a6e5e153e9a247fe14c21256d86dcd74b55a7407c1cfb64e7072b9188d
                                                                                      • Instruction Fuzzy Hash: 3521E3B5900259EFDB10CFA9D984ADEFBF4FB48324F24841AE958A3210D378A954CF64
                                                                                      Function 011C8068 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DeleteFileW.KERNEL32(00000000), ref: 011C80D8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4584119606.00000000011C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_11c0000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: a69ece478f74be3996b5a8448f87cc75b1f9b8d315068b77498672cb3d08f4a7
                                                                                      • Instruction ID: f3a090f373b7fb011424307d030917af19ad5d2996d854a0e558ee738dd4829b
                                                                                      • Opcode Fuzzy Hash: a69ece478f74be3996b5a8448f87cc75b1f9b8d315068b77498672cb3d08f4a7
                                                                                      • Instruction Fuzzy Hash: D91133B2C0065A9BDB14CF9AC545BAEFBB4FF48720F14812AD918A7240D778A950CFA5
                                                                                      Function 011CF430 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 011CF497
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4584119606.00000000011C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_11c0000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: 9c78c44faa9f09f89a84cfa7b8b050206fd150106d8f224727dc9d12059f367a
                                                                                      • Instruction ID: 5104d5b945059c24370fea2c712dbd6809627646ed91cd02ce1f171d4459d19c
                                                                                      • Opcode Fuzzy Hash: 9c78c44faa9f09f89a84cfa7b8b050206fd150106d8f224727dc9d12059f367a
                                                                                      • Instruction Fuzzy Hash: A61142B1C0025A9FCB10CF9AC444B9EFBF4AF48720F10812AE918A3240D378A900CFA1
                                                                                      Function 068307D4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 06831E56
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 5f0fd045b5538156fc01dcfbc3c775a4659cd4f8c19bc51189eeb18b2269854c
                                                                                      • Instruction ID: 7ef96728f1403106ab419b521048afdcb92312dd561c5897834881ad88b58371
                                                                                      • Opcode Fuzzy Hash: 5f0fd045b5538156fc01dcfbc3c775a4659cd4f8c19bc51189eeb18b2269854c
                                                                                      • Instruction Fuzzy Hash: A81132B6C003598FDB10CF9AC448B9EFBF4EB88624F10842AD569B7600C379A545CFA0
                                                                                      Function 06831DE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 06831E56
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: d41904fbad0103873bbb2bcdf5818eb0f8d9a4bcc3a64becceb32f6ca7e1ab36
                                                                                      • Instruction ID: 198ec948695834470cdbb05f43d75d50f37880eb77e8228d74d692356e88f603
                                                                                      • Opcode Fuzzy Hash: d41904fbad0103873bbb2bcdf5818eb0f8d9a4bcc3a64becceb32f6ca7e1ab36
                                                                                      • Instruction Fuzzy Hash: CD1132B6C007498FDB10CF9AC444BDEFBF4AF48724F20841AC969A3600D379A545CFA1
                                                                                      Function 06838398 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OleInitialize.OLE32(00000000), ref: 068389CD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID:
                                                                                      • API String ID: 2538663250-0
                                                                                      • Opcode ID: ea1cb8dd3c26eece8b05bad017cc1c45cf62f8c9c35b6afda6bd097c348fe10e
                                                                                      • Instruction ID: 407ae141bac9404b79347fdbcf9d08fee34d7e370173fc433aa660d7b28905a5
                                                                                      • Opcode Fuzzy Hash: ea1cb8dd3c26eece8b05bad017cc1c45cf62f8c9c35b6afda6bd097c348fe10e
                                                                                      • Instruction Fuzzy Hash: 471103B18043498FDB50DF9AD445B9EFBF4EB48324F208559E618A7200D375A944CFA5
                                                                                      Function 06836AEC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06838085), ref: 0683810F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 26d7b0963bac8ce86759618a9cf8fe9f091e7098ea3eb4eef8b49281cd3f3893
                                                                                      • Instruction ID: 64590856dfee42e0d294cbfe35ac293ed65c32d57edd5c099f3ab4388adf03eb
                                                                                      • Opcode Fuzzy Hash: 26d7b0963bac8ce86759618a9cf8fe9f091e7098ea3eb4eef8b49281cd3f3893
                                                                                      • Instruction Fuzzy Hash: 8D1133B1800359CFCB60DF9AC844BDEFBF4EB48324F208419E618A3200D7B8A944CFA5
                                                                                      Function 068380A9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06838085), ref: 0683810F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: d4358b783854e99135579529c72359a31e18568f9742003abf52cf41a2f5a7c1
                                                                                      • Instruction ID: dcba274a14fe6d23e66fc1c16781db220d26b3eb1bf8d2d8fdb9cf88e0b753b8
                                                                                      • Opcode Fuzzy Hash: d4358b783854e99135579529c72359a31e18568f9742003abf52cf41a2f5a7c1
                                                                                      • Instruction Fuzzy Hash: F91133B18003498FCB10CF9AC844BDEFBF4EF88324F20841AE918A3240D778A544CFA5
                                                                                      Function 06838971 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OleInitialize.OLE32(00000000), ref: 068389CD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591626924.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6830000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID:
                                                                                      • API String ID: 2538663250-0
                                                                                      • Opcode ID: b182c53c29f62e923d72925e69ec7a3d9e080366e1d045fce7c031a9593b0af8
                                                                                      • Instruction ID: 026bff7a94ec682add26addbe87b0e4f5b96b3e4b1f9339b0e435658ff50642e
                                                                                      • Opcode Fuzzy Hash: b182c53c29f62e923d72925e69ec7a3d9e080366e1d045fce7c031a9593b0af8
                                                                                      • Instruction Fuzzy Hash: B31115B58003498FDB20DF9AD845BDEFFF4EB48324F248459E558A3200C779A544CFA5
                                                                                      Function 06892779 Relevance: 1.0, Instructions: 1017COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9cf10536c7c34659f231ee9a844806d9e5b3d14bc5a71b11d450af25b30feba1
                                                                                      • Instruction ID: 0f8f260033e86acdaf2d1692c244f2b50a0b1bcdcf41dd40489afd7b1d7915ea
                                                                                      • Opcode Fuzzy Hash: 9cf10536c7c34659f231ee9a844806d9e5b3d14bc5a71b11d450af25b30feba1
                                                                                      • Instruction Fuzzy Hash: 73926530E10204CFDBA4DF68C494A9DBBF2EB85314F5984AAD509EB351DB75ED81CBA0
                                                                                      Function 0689D3A0 Relevance: .8, Instructions: 799COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf45276fd529014ec5b6d8731740ed2c4676ba9a5dceac4ffbd0dbbd03f7b472
                                                                                      • Instruction ID: 0427abae0e9fe6eaec1a248136c88880550f36499963360f39dbf862cd2d12bf
                                                                                      • Opcode Fuzzy Hash: cf45276fd529014ec5b6d8731740ed2c4676ba9a5dceac4ffbd0dbbd03f7b472
                                                                                      • Instruction Fuzzy Hash: A8626A30A0061ACFDF59EB69D580A5DB7B2FF84304F249A28D105DB359DBB5EC46CB90
                                                                                      Function 0689AD10 Relevance: .4, Instructions: 392COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 968e1662722e37551ce6e85b2d5f0e418b320252684dc463284b71a4e3d85b49
                                                                                      • Instruction ID: e8de8d8658fee0a6a19beb23855db34e4d84747308f8b9d39ecdf2e7c3294406
                                                                                      • Opcode Fuzzy Hash: 968e1662722e37551ce6e85b2d5f0e418b320252684dc463284b71a4e3d85b49
                                                                                      • Instruction Fuzzy Hash: A5E15F30E1020ACFDF59DB69D4506AEB7B2FF89304F248529D915EB344DB74D846CB91
                                                                                      Function 0689B698 Relevance: .3, Instructions: 304COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aabc5079db6d76cd354d2fd57f4587808295e59761325d87aa4f89567a34c031
                                                                                      • Instruction ID: 3d29ba412fb8d2961e6778f42bc12aeaabc377d19dffc79e7358ac0bfa4e5d2b
                                                                                      • Opcode Fuzzy Hash: aabc5079db6d76cd354d2fd57f4587808295e59761325d87aa4f89567a34c031
                                                                                      • Instruction Fuzzy Hash: C0B19030E1120ACFDFA5CF68E480BAEB7B1EB49310F18856AE555EB351DA74DC81CB61
                                                                                      Function 06899198 Relevance: .2, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 88ed97fe387412c1ad61ace7dd7fd08a1dfd9fd9aba83662a1ec07e4c1ef449e
                                                                                      • Instruction ID: ec132da2ab1a51a5959d36d34874d8b40f9285714276130c0296c0726513ae73
                                                                                      • Opcode Fuzzy Hash: 88ed97fe387412c1ad61ace7dd7fd08a1dfd9fd9aba83662a1ec07e4c1ef449e
                                                                                      • Instruction Fuzzy Hash: EB914E30F1121A8FDF54DB69D890BAE73F6BFC9200F188569C50AEB348EB749D418B90
                                                                                      Function 06896230 Relevance: .2, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 20e204a260bca67064943516cd8a3c239bb69c75e34b235a48f88575be2153d5
                                                                                      • Instruction ID: 7bf7168ec856c4fcda5cf7fa41c7ac7a99789a4749ee1e229801e823ee036eb2
                                                                                      • Opcode Fuzzy Hash: 20e204a260bca67064943516cd8a3c239bb69c75e34b235a48f88575be2153d5
                                                                                      • Instruction Fuzzy Hash: 3F61E471F001624BDF549BADC84055FBAD7AFC4210B18407AE90EDB364EEB5EC4287D1
                                                                                      Function 068942E0 Relevance: .2, Instructions: 224COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 375bd7fa066b3a5ba9f824a63738df47dac7018f56303023ba1cc58d5f23e877
                                                                                      • Instruction ID: b471d624bbbe321af0819b1f2e184f55815cf659b2e6ca85cc5948ccf7075509
                                                                                      • Opcode Fuzzy Hash: 375bd7fa066b3a5ba9f824a63738df47dac7018f56303023ba1cc58d5f23e877
                                                                                      • Instruction Fuzzy Hash: D4812B30B0125A8FDF54DFB9D4946AEB7F2AF89300F148529D50ADB394EB74DC828B91
                                                                                      Function 06894600 Relevance: .2, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82e9d0223b33281235192f0cbfa8f18a40c46ecefd472ccc6e8b69e673bc307d
                                                                                      • Instruction ID: 747fb399f1102b9d3b15d3f651213e6659543aaba0d7682c81aee768cee69559
                                                                                      • Opcode Fuzzy Hash: 82e9d0223b33281235192f0cbfa8f18a40c46ecefd472ccc6e8b69e673bc307d
                                                                                      • Instruction Fuzzy Hash: E7913C30E102598FDF65DF68C840B9DB7B1FF89314F208599D549FB281DB70AA86CB90
                                                                                      Function 06894618 Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c9f32eda96a541b56cc4d78f3e68d1b8c8629e8c3a8b0a79d6bb0c29dc461550
                                                                                      • Instruction ID: 97c5668c0014767126ab3d62b1337cb044be2876d00a9bc8c0f76b05cff2897b
                                                                                      • Opcode Fuzzy Hash: c9f32eda96a541b56cc4d78f3e68d1b8c8629e8c3a8b0a79d6bb0c29dc461550
                                                                                      • Instruction Fuzzy Hash: E6912C70E1061A8BDF64DF68C840B9DB7B1FF89314F208599D549FB285DB70AA86CF90
                                                                                      Function 0689EF73 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b0047e1400c4d05e33514b82b2b16e2ead228ed791e187a33a9bc3aa7490b5a6
                                                                                      • Instruction ID: ba6c4feebbc04160e9a7c106dfef2245191372e793adfaaa91ab2fa3508d74d4
                                                                                      • Opcode Fuzzy Hash: b0047e1400c4d05e33514b82b2b16e2ead228ed791e187a33a9bc3aa7490b5a6
                                                                                      • Instruction Fuzzy Hash: 12713C70E002099FDB59DBA9D980AADBBF6FF84304F288529E115EB355DB70EC46CB50
                                                                                      Function 0689EF80 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ac7aaee01ec7fc2e5c357545e7f77d08422d3ac5b50e083fa0db866c215d9f3
                                                                                      • Instruction ID: 358768fdf571298d93b1384c6bf51ad45e51c62fa27cf6dd3b062753f17a2b7e
                                                                                      • Opcode Fuzzy Hash: 7ac7aaee01ec7fc2e5c357545e7f77d08422d3ac5b50e083fa0db866c215d9f3
                                                                                      • Instruction Fuzzy Hash: 44714C70E002099FDB59DBA9D880AADBBF6FF84304F288529E115EB355DB70EC46CB50
                                                                                      Function 06894BB0 Relevance: .2, Instructions: 186COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac8de385040f4cc006db2b68861d1e5f485bb3277d294ae538d004b70873c00d
                                                                                      • Instruction ID: 5632d004adb468968825a2d388ed2567feea1db4f451fd25a81878b13982ab79
                                                                                      • Opcode Fuzzy Hash: ac8de385040f4cc006db2b68861d1e5f485bb3277d294ae538d004b70873c00d
                                                                                      • Instruction Fuzzy Hash: C3616A70E102199FEB55DFA5C8147AEBBF6EB88300F24842AE10AEB395DB754C458B94
                                                                                      Function 0689FC09 Relevance: .2, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 447c3bcf6578171deb51042d3cf6e73dc23b7ed5faa29c8b495a8d8840c92a5d
                                                                                      • Instruction ID: c36bef4169840a21c1404d3d7bfe104d3b46442cd390cf62e659df9858da4046
                                                                                      • Opcode Fuzzy Hash: 447c3bcf6578171deb51042d3cf6e73dc23b7ed5faa29c8b495a8d8840c92a5d
                                                                                      • Instruction Fuzzy Hash: 2151FF31E0110ADFDF68EF78E8446ADB7B2EF88215F148839E606DB350DB358955CBA0
                                                                                      Function 0689F9B8 Relevance: .2, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c732332d06bf12f27a266b659d65d9618b2bf154669113f85dff62d198c9640c
                                                                                      • Instruction ID: c57b3f961b6404a7c071d4cea8577493620a0848c04621ff3b6604550ebf7e43
                                                                                      • Opcode Fuzzy Hash: c732332d06bf12f27a266b659d65d9618b2bf154669113f85dff62d198c9640c
                                                                                      • Instruction Fuzzy Hash: BB51C730F101189BFF685AEDD85472F7A97E7C8350F24552AE30AD7386CE68CC5187A2
                                                                                      Function 0689F9C8 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 30894b002ff394342b35645c2c899efe5566c6ee70f93c90a367ec424cb21fce
                                                                                      • Instruction ID: 85ed5bbbe5638057fc8e06bf73db192489e8acef0e8dc2720d58e995c3ca3abe
                                                                                      • Opcode Fuzzy Hash: 30894b002ff394342b35645c2c899efe5566c6ee70f93c90a367ec424cb21fce
                                                                                      • Instruction Fuzzy Hash: DE51B730F101189BFF685AEDD85472F3997E7C9340F245526E30AD3396CE68CC5187A2
                                                                                      Function 06899189 Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff8fe6a0dc431149b288e6b96cf1d603e9c8b4ea164f478c93c85ecc12158e5b
                                                                                      • Instruction ID: 0c26fd53433f24529665032fb347a50d8cfdd008e7c64f2f91f4661dc96e32b7
                                                                                      • Opcode Fuzzy Hash: ff8fe6a0dc431149b288e6b96cf1d603e9c8b4ea164f478c93c85ecc12158e5b
                                                                                      • Instruction Fuzzy Hash: E0512130F112568FDF54DB79D891B6E73F6BF89210F188569C51ADB388EB349C418B90
                                                                                      Function 068955D7 Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2325164348f7a11fa94d94778a4667b22fb369d6beba48bcf2fad0837761c8da
                                                                                      • Instruction ID: d697fb644fa8b41c219d1e4db5cf395470669856e77f2444651b256d35235dba
                                                                                      • Opcode Fuzzy Hash: 2325164348f7a11fa94d94778a4667b22fb369d6beba48bcf2fad0837761c8da
                                                                                      • Instruction Fuzzy Hash: BE518574E102059FDF72CF69C49077EBBB2EB85314F28882AD659DB281C635D941CBA2
                                                                                      Function 06894BA0 Relevance: .1, Instructions: 142COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2947f311a2c843865011866178ba231a8d49b9a61d51eb93dfbfa5f8d2cedbc9
                                                                                      • Instruction ID: 0e907462bfcf3bd0605ef6469cb9d32a6184c3e499a5a98da830d63e9c86e9b6
                                                                                      • Opcode Fuzzy Hash: 2947f311a2c843865011866178ba231a8d49b9a61d51eb93dfbfa5f8d2cedbc9
                                                                                      • Instruction Fuzzy Hash: EF517F70E102199FEB55DFA5C8547AEBBF7EF88300F208529E106EB395DB758C418B90
                                                                                      Function 06895458 Relevance: .1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d27b736453dac6fb8f123238e75f0bbd02243a1cb79b4714b4617b4a0553e0a7
                                                                                      • Instruction ID: 4b47ac31026360132438b41222cef227c460d8614b240f4725dc2118508e1fed
                                                                                      • Opcode Fuzzy Hash: d27b736453dac6fb8f123238e75f0bbd02243a1cb79b4714b4617b4a0553e0a7
                                                                                      • Instruction Fuzzy Hash: 6C416271E006099FDF71CEA9D880AAFFBB2FB84310F14492AD216D7651D330E9558BA2
                                                                                      Function 0689DF15 Relevance: .1, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7c5887b43682f4bf339217370a5928382261c5aa39482acc9a28a310b724964
                                                                                      • Instruction ID: 7a8a812367fd4c48074aab2237884a445c270fd399d402c81e5bcf03502d1a86
                                                                                      • Opcode Fuzzy Hash: d7c5887b43682f4bf339217370a5928382261c5aa39482acc9a28a310b724964
                                                                                      • Instruction Fuzzy Hash: 8741BE30E0020ADFDF64DF65C44469EBBB2BF85340F244529E511EB244EF749882CBA0
                                                                                      Function 068921ED Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6249f2d44f1b1b84212f4d68a30540b7f1da05428d213f2f975ed694c8fa3741
                                                                                      • Instruction ID: 40dba2cdc42059a3dd12e987e977e186cdac58ba7c41d6433c23b9cfeea0c8fb
                                                                                      • Opcode Fuzzy Hash: 6249f2d44f1b1b84212f4d68a30540b7f1da05428d213f2f975ed694c8fa3741
                                                                                      • Instruction Fuzzy Hash: 6D310130B202069FDF69ABB4D46066E7BA2BF89210F28457CC406DB395DF35CE46C7A4
                                                                                      Function 06892200 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7d988ba27d1aed249d68170880751de4d695b742fd4e826c53401ff9283706f5
                                                                                      • Instruction ID: e34996c2e32287a38405bdaaddeb6363f48664d42131833aec671f46809fa18f
                                                                                      • Opcode Fuzzy Hash: 7d988ba27d1aed249d68170880751de4d695b742fd4e826c53401ff9283706f5
                                                                                      • Instruction Fuzzy Hash: 9031F030B202069FDF59ABB5D42466E7BA3BB89200F28453CC506DB398EE75CD46C7E0
                                                                                      Function 068920B1 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 24f9b66310d429328de155c0be23fa6874340cc64630df74c201a0afa86f29a1
                                                                                      • Instruction ID: 8619a14bac8a0ab50e1390f3a2de061389e69461f9d2bc30bc3b57eb5c6d2a44
                                                                                      • Opcode Fuzzy Hash: 24f9b66310d429328de155c0be23fa6874340cc64630df74c201a0afa86f29a1
                                                                                      • Instruction Fuzzy Hash: 6D318D30E202059BCB55CF64D85469EBBB7FF8A300F548529E906E7754DB71A982CB50
                                                                                      Function 068920C0 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 05a4881d0f3576f7eaa13f46a3cc786d59e5a5db97830bccad1ec06d80eeccbb
                                                                                      • Instruction ID: 4a156e854ef2945b82c35d3d0d5562c6b81341a8f7624bb2bfb5572fea756a59
                                                                                      • Opcode Fuzzy Hash: 05a4881d0f3576f7eaa13f46a3cc786d59e5a5db97830bccad1ec06d80eeccbb
                                                                                      • Instruction Fuzzy Hash: 98317C30E20219DBCF59CF64D85469EB7F6FF8A300F148529E906E7344DB71A982CB50
                                                                                      Function 06893EE9 Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 30b9e219e150e8819e24f12106ffe0495ab7cd98146b9eec89d058c9a1863bfd
                                                                                      • Instruction ID: 8f7c688944b938d50438375b332c4dc3e6d78ea38a7000a6f7abdf3268b32a03
                                                                                      • Opcode Fuzzy Hash: 30b9e219e150e8819e24f12106ffe0495ab7cd98146b9eec89d058c9a1863bfd
                                                                                      • Instruction Fuzzy Hash: 5F219C71F012159FDB50DFA9E841AAEBBF5EB88310F048126FA09E7340E770D841CBA0
                                                                                      Function 06893EF8 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c9ac08f2678166039c5fd0bf2a696aa7c56be17f73869a6502f606dd077201b
                                                                                      • Instruction ID: a544e90c22c82ab60e394426843fe22826f48b8bf6ba5abbc6bf5db0fcb06836
                                                                                      • Opcode Fuzzy Hash: 6c9ac08f2678166039c5fd0bf2a696aa7c56be17f73869a6502f606dd077201b
                                                                                      • Instruction Fuzzy Hash: 57219C75F012159FDF50DFA9E841AAEB7F1EB88310F148126EA05E7340E770D801CBA0
                                                                                      Function 0110D3EC Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4583539291.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_110d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1e78acfff056b99eb1ddf0a9b9db42e721791adbaa264bfff5f1879b3091ccb
                                                                                      • Instruction ID: 14ca8eb74382e3d1aaa405d7716531fdd4e02d694f1791499ed1f41a770653eb
                                                                                      • Opcode Fuzzy Hash: f1e78acfff056b99eb1ddf0a9b9db42e721791adbaa264bfff5f1879b3091ccb
                                                                                      • Instruction Fuzzy Hash: 46213B71900204DFDF0ADF94E5C0B66BF61FB84310F21C568E9094B696C376E415C6A2
                                                                                      Function 0111D030 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4583669104.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_111d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7115ef368444120d8a00f59710ac28e4979521e9532899974bed095d8f8fd566
                                                                                      • Instruction ID: b3b258474d0e8e6067a4a962b88244bcc3e87d45a6cdea77082ae1eff824ccf0
                                                                                      • Opcode Fuzzy Hash: 7115ef368444120d8a00f59710ac28e4979521e9532899974bed095d8f8fd566
                                                                                      • Instruction Fuzzy Hash: 93212575504204DFDF19DF58E9C4B26FB61FB84314F20C57DD9090B25AC376D446CA62
                                                                                      Function 06896D60 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 83af1d8982968d8b194d8cbdf39d4540f39e6434b83c2aa5f594a69df8f783c7
                                                                                      • Instruction ID: 6694c889256cd0d39247db2d19eccffbe462ced62aef2e9a4b13d5467f4e5c8a
                                                                                      • Opcode Fuzzy Hash: 83af1d8982968d8b194d8cbdf39d4540f39e6434b83c2aa5f594a69df8f783c7
                                                                                      • Instruction Fuzzy Hash: 2E21B430F211199FDF94EB69E95069EB7B7EF84310F288529D505D7384EB32ED418B90
                                                                                      Function 06894008 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82c5d387c5188eb466200aa17cde473faa74547ed1674046fc570556d51079d1
                                                                                      • Instruction ID: babac21b68be7136a088cd994961ebcac5f9964f69b4f1a5463acd0a5db50d85
                                                                                      • Opcode Fuzzy Hash: 82c5d387c5188eb466200aa17cde473faa74547ed1674046fc570556d51079d1
                                                                                      • Instruction Fuzzy Hash: 7311C431B101298FDF94A679D810AAE73EBEBC8311F054539C506E7344EE65DC038BE1
                                                                                      Function 0110D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4583539291.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_110d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                      • Instruction ID: 96c68e44827b33e81d9294b6781a1520eadf33ed2d8ce3471da8fb85bf0361c3
                                                                                      • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                      • Instruction Fuzzy Hash: 0111DF76804284DFCF06CF84D9C0B56BF62FB84324F24C5A9D8094B656C37AE45ACBA2
                                                                                      Function 0689423F Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52be76a93f44ce45b3ca98a74c7008a4d13c67cb1451be2f928c0807e2bc8178
                                                                                      • Instruction ID: ca9e58be1c08fc79ccfd1da684a58d23040e30cb770c10bdfae159e98a0bf232
                                                                                      • Opcode Fuzzy Hash: 52be76a93f44ce45b3ca98a74c7008a4d13c67cb1451be2f928c0807e2bc8178
                                                                                      • Instruction Fuzzy Hash: E301B130B100114BDB699AE9946076EABDBEBC9710F14882EE60AC7381D975DC434390
                                                                                      Function 0689A350 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f054cd632768ce5d4b359b4241c8073a3cbe7311c886269bb4aa766090f6260a
                                                                                      • Instruction ID: 979b3b1aaf0831abb352c33ddf7dad452a253d581097e9b1c24c25cea0cdbdbc
                                                                                      • Opcode Fuzzy Hash: f054cd632768ce5d4b359b4241c8073a3cbe7311c886269bb4aa766090f6260a
                                                                                      • Instruction Fuzzy Hash: 0801F130B102155FDB699E79E850B1FB7E6EB86300F24882DE24AC7380EA25DC818390
                                                                                      Function 06893CC0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01e6121333ada7bcca7e0cde23763c934aba4be4309ae9fbfebbbd3f6c710efa
                                                                                      • Instruction ID: 4de6f1d9cb77f068c99b195b5823be7ecbc5032bb2692b81fc6bb485cd0d0df8
                                                                                      • Opcode Fuzzy Hash: 01e6121333ada7bcca7e0cde23763c934aba4be4309ae9fbfebbbd3f6c710efa
                                                                                      • Instruction Fuzzy Hash: BE21C4B1D01259AFDB00DF9AD984ADEFFB4FB48724F10822AE518A7350C3746554CFA5
                                                                                      Function 0111D02B Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4583669104.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_111d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                      • Instruction ID: e97f05f36a34f82f483f83095fb6a24f300aa8081b4dfe532648f6cdfb17ed14
                                                                                      • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                      • Instruction Fuzzy Hash: F211BE75504284CFCB16CF54D5C4B19FB61FB84314F24C6AAD8494B656C33AD44ACB62
                                                                                      Function 06893FF9 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 913af5c25e544ce89adaf48aff272ecbfdcc908dbfff45def78a50d902c8da25
                                                                                      • Instruction ID: 776755f0e4dd5611a28bdd0b92d7258809cdd9766b9cfe350a373d7351bf74e2
                                                                                      • Opcode Fuzzy Hash: 913af5c25e544ce89adaf48aff272ecbfdcc908dbfff45def78a50d902c8da25
                                                                                      • Instruction Fuzzy Hash: 2B01D431B101268BDF98AAB8D810AAFB6EBAFC8211F15453AD506E7384EF65CC4247D1
                                                                                      Function 06893CC8 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c55f29ae38f8c9a56c79fd554378c8fca505865388c31308483f289880bfcb2d
                                                                                      • Instruction ID: e4a955ab306de9ebd5327655c663dd82011795df1a8373ca7ae29c2668632fb5
                                                                                      • Opcode Fuzzy Hash: c55f29ae38f8c9a56c79fd554378c8fca505865388c31308483f289880bfcb2d
                                                                                      • Instruction Fuzzy Hash: A511D3B1D01259AFCB00CF9AD884ADEFBB4FB48724F10812AE518A7340C3746554CFA5
                                                                                      Function 0689F1F1 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 117f3c84da7dec4edadd7ff17a21f6b1da8dd6b1d751f0ef1c9abe114c338d01
                                                                                      • Instruction ID: f6ce59a7f9869f8abffaf7d3a5c0e04701b3f21397bbc64f82fd9fd1b8c75eea
                                                                                      • Opcode Fuzzy Hash: 117f3c84da7dec4edadd7ff17a21f6b1da8dd6b1d751f0ef1c9abe114c338d01
                                                                                      • Instruction Fuzzy Hash: 1A01D435B001518BDF699AB8985072E77DBEBC9714F18882DE60AC7381DE21DC424351
                                                                                      Function 06894250 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec46bd3b81f88ab4bd0f52cb7a7314e9da78aa44f4ecf4555edfc7007e17144f
                                                                                      • Instruction ID: 3280dcc5abb1d995c79c27f51703c171b8c066b6ce65394b6d230a59c63c2f49
                                                                                      • Opcode Fuzzy Hash: ec46bd3b81f88ab4bd0f52cb7a7314e9da78aa44f4ecf4555edfc7007e17144f
                                                                                      • Instruction Fuzzy Hash: 5E016D31B100114BDB6996ED986072FA6DBEBC9710F149839E60AC7384EDB5DC4243A5
                                                                                      Function 0689F200 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a16659eb22629d05119681e8bf69b0aeaeb4360120e5a014b4bec004fd8d834f
                                                                                      • Instruction ID: c801348838213e092a099197dfec84a882523bf2a3736206c077a9276f7bce5f
                                                                                      • Opcode Fuzzy Hash: a16659eb22629d05119681e8bf69b0aeaeb4360120e5a014b4bec004fd8d834f
                                                                                      • Instruction Fuzzy Hash: 0F018C35B101114BDF699AACA89072EB3DBEBC9720F189829E70AC7384DE35EC424391
                                                                                      Function 0689A360 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c79b14bc84bc0d969278155fc5a02673114a7d950fc74e58c84546e25708392f
                                                                                      • Instruction ID: eaf0abb26d5bca065dcf4ea2b6f3e0c6c554392128bf5ee9ff3c8591473cb648
                                                                                      • Opcode Fuzzy Hash: c79b14bc84bc0d969278155fc5a02673114a7d950fc74e58c84546e25708392f
                                                                                      • Instruction Fuzzy Hash: 57014430F101155FDB69DA7DE850B2EB3D7E789754F149939E20AC7344EA25EC418790
                                                                                      Function 0689CC30 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5bbb55e0af79012dda15fbd1d9909c04a896c95d672ed217c781e44530ca3e7d
                                                                                      • Instruction ID: 5ae7397265118c088087c7bbb839d302f4176c3a1ad8b8a8c8957993e0fad707
                                                                                      • Opcode Fuzzy Hash: 5bbb55e0af79012dda15fbd1d9909c04a896c95d672ed217c781e44530ca3e7d
                                                                                      • Instruction Fuzzy Hash: 79F0A032F202289BDF249976E801A9FB73AE784658F004529EA02E7244DB32A910C7E0
                                                                                      Function 068964B9 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.4591978499.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_6890000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9a19d065aca4574310528a06d9b6749c735f07af9c5ed977e6328aaa81bd5c1
                                                                                      • Instruction ID: eb8bec321fb6e551c9df73f582740fcc0911a388764516ad1f07aab093c7f2e1
                                                                                      • Opcode Fuzzy Hash: e9a19d065aca4574310528a06d9b6749c735f07af9c5ed977e6328aaa81bd5c1
                                                                                      • Instruction Fuzzy Hash: DDE0D870E1410C5BEF70CFF0C95536E77A8DB42208F3449A5D508CB141F136CA818B91

                                                                                      Executed Functions

                                                                                      Function 009004EC Relevance: .4, Instructions: 449COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461252853.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_900000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f76e7e7b99b38c09d52e2de6d6f48854e240970243b8fd1d4e67e27ecac871ec
                                                                                      • Instruction ID: a27b243a78a969f7f08d0eb945702f57233d73dd224cfde06cfa1947bfa7e315
                                                                                      • Opcode Fuzzy Hash: f76e7e7b99b38c09d52e2de6d6f48854e240970243b8fd1d4e67e27ecac871ec
                                                                                      • Instruction Fuzzy Hash: 65F0823154E3C59FCB03DBB8995198D7FB5DE8720071449DEC485EB267C5745E04CB51
                                                                                      Function 00900888 Relevance: .1, Instructions: 136COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461252853.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_900000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b42a6ff51e893a98727b6b33a3d934e86989e55c2d661013fc0d3f06f8048e9
                                                                                      • Instruction ID: 13c8ec0ab9f9404d1141afcb55bb3695a6effa7f7f53cee1020715c5639fa144
                                                                                      • Opcode Fuzzy Hash: 3b42a6ff51e893a98727b6b33a3d934e86989e55c2d661013fc0d3f06f8048e9
                                                                                      • Instruction Fuzzy Hash: B34109357012108FC749AB78C45892E7BE2AF8A71176518B8E906CB3B6DE76DC42CB90
                                                                                      Function 00900898 Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461252853.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_900000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 11875529d1acbc9d3eb3848a22434432870bd57343d94ac935983c1a95d1b807
                                                                                      • Instruction ID: c0f05a30e01d9feb1cf8c539084cc782b7be20f0e87bf86df583bcccb1759596
                                                                                      • Opcode Fuzzy Hash: 11875529d1acbc9d3eb3848a22434432870bd57343d94ac935983c1a95d1b807
                                                                                      • Instruction Fuzzy Hash: CC410734701210CFC748AB78C85892D7BE2BF8971172158B8E906CB3B6DE76DC42CB80
                                                                                      Function 00900A40 Relevance: .1, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461252853.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_900000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ffd0d0c45c7789a8e7dbfa564d4902ed144a3b0a723e591a822daf447791647
                                                                                      • Instruction ID: 32ffdb4048e1d5d0c437d53a4b86b27aea51cc65d1b0d12574b28c2531cffbe6
                                                                                      • Opcode Fuzzy Hash: 0ffd0d0c45c7789a8e7dbfa564d4902ed144a3b0a723e591a822daf447791647
                                                                                      • Instruction Fuzzy Hash: 9C219F327043129FD7148ABDE894B6B77A9FFC5724F14407AD10AC7291DA71DC028790
                                                                                      Function 0085D508 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461020672.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_85d000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 695c7c9fa4e6cf44c8602d4ed38b3555374358baa8489e0801b4fce856ad3974
                                                                                      • Instruction ID: 07305af36582cbe7221c42ce3510835d02931e1ff9fe42503322b88a9bf52292
                                                                                      • Opcode Fuzzy Hash: 695c7c9fa4e6cf44c8602d4ed38b3555374358baa8489e0801b4fce856ad3974
                                                                                      • Instruction Fuzzy Hash: 4A214872504304DFDB25DF04D9C0B26BF66FB98319F20856CED0A8B256D336D85ACAA1
                                                                                      Function 0085D503 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461020672.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_85d000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                      • Instruction ID: cc9a1f9f3e763ffa702d091f89115aadb471fc06d6910d8136a9196576cdf770
                                                                                      • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                      • Instruction Fuzzy Hash: CF11B176504384DFCB16CF10D5C4B16BF72FB94319F2485A9DC094B256C33AD85ACBA1
                                                                                      Function 00900848 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461252853.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_900000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 63932465235d021fe563c111089cbad49e4307ad1c9e5a50b6c6f30b7dccef8e
                                                                                      • Instruction ID: 891355a27abea43a6173ca9dab41d238b131033543b72023e2cef72fc9b9b3a3
                                                                                      • Opcode Fuzzy Hash: 63932465235d021fe563c111089cbad49e4307ad1c9e5a50b6c6f30b7dccef8e
                                                                                      • Instruction Fuzzy Hash: 49E08C70A0120DEBCB04EBB8E94194DB7AAEB85200B2095A99808E3248DA31AF008B90
                                                                                      Function 00900A10 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2461252853.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_900000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 46cafa8f6b8a232b599640e9486351dc282fc0b78f22274d5a0d13b00dbd46e1
                                                                                      • Instruction ID: d54e5d5fdabce1a7ac633e0a4ea1b0d7afd3d410cdb9676d027560bdb5234996
                                                                                      • Opcode Fuzzy Hash: 46cafa8f6b8a232b599640e9486351dc282fc0b78f22274d5a0d13b00dbd46e1
                                                                                      • Instruction Fuzzy Hash: 1DD0C775B44114CFCA04AB78D44455CB760EFC437571006A5E135C71E1DA61D8119A11

                                                                                      Executed Functions

                                                                                      Function 00D604EC Relevance: .4, Instructions: 447COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2541302468.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_d60000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e7913407bdf34f3626830b4ad513de7b82fc14926a27c8dff7e0cde68b638383
                                                                                      • Instruction ID: 594a039e869c41532b60d97c1f895fe47ea92544e79be7546c7a6aed37405e28
                                                                                      • Opcode Fuzzy Hash: e7913407bdf34f3626830b4ad513de7b82fc14926a27c8dff7e0cde68b638383
                                                                                      • Instruction Fuzzy Hash: BAF03075945245DFCB40EFF8E941ADD7BF5AB45314B1046EEC408E7261DAB85A428B10
                                                                                      Function 00D60888 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2541302468.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_d60000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23b5989441c2c920f4364b6d6c957500ccc8720e79f3d54f71c7307f549fe007
                                                                                      • Instruction ID: a9053e861cf54e513caa87b98d123d51e2470304be8de2384811fcd4784ac5ac
                                                                                      • Opcode Fuzzy Hash: 23b5989441c2c920f4364b6d6c957500ccc8720e79f3d54f71c7307f549fe007
                                                                                      • Instruction Fuzzy Hash: 36411735B01210CFCB48EB78D49892E7BE2AF8971572558B9E906CB372DE75DC42CB90
                                                                                      Function 00D60898 Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2541302468.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_d60000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b6a4412a8cfd32356b46b699a6f04dec56233f44519a4638b965e05023c1c12b
                                                                                      • Instruction ID: 97c06951c844b85998d39ae4a971f4b244dd6755d03ed9a728c5dd6e46613888
                                                                                      • Opcode Fuzzy Hash: b6a4412a8cfd32356b46b699a6f04dec56233f44519a4638b965e05023c1c12b
                                                                                      • Instruction Fuzzy Hash: C841F735701210CFCB48EB78D85892E7BE2AF8971572518B9E906CB372DE75DC42CB90
                                                                                      Function 00D60A40 Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2541302468.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_d60000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a7eec91a6241eafe863d40d492db7e393f6ff7be0db57673204c11c002aadd1
                                                                                      • Instruction ID: 6a776e15181eb7a08a423d469089ea4924cc6cbd719be58c8986329169960f27
                                                                                      • Opcode Fuzzy Hash: 5a7eec91a6241eafe863d40d492db7e393f6ff7be0db57673204c11c002aadd1
                                                                                      • Instruction Fuzzy Hash: AC21C3327043128FD7149BBDE890A7B7BE9FFC4794B28417AD509C7292DA71DC0287A0
                                                                                      Function 00A2D508 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2540690713.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_a2d000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7f7748cbcf7cc307c298af88cf3decce91ac6f339e21ee3cf5c719ec8d90acde
                                                                                      • Instruction ID: 68cfd40f4124eb549cacafba858fa1cd73ca1880296902a53fe4f1d7f6db3f9b
                                                                                      • Opcode Fuzzy Hash: 7f7748cbcf7cc307c298af88cf3decce91ac6f339e21ee3cf5c719ec8d90acde
                                                                                      • Instruction Fuzzy Hash: BC212572504244EFDB05DF18E9C0B26BF66FB98318F24857DE90A0B257C3B6D856CAA1
                                                                                      Function 00A2D503 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2540690713.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_a2d000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                      • Instruction ID: 2de21c4b0a5eb84e96bd4e8d651c59dcc61bd54f21bc6aa2595093fd666994ce
                                                                                      • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                      • Instruction Fuzzy Hash: 3811D376504284DFCB15CF14D5C4B16BF72FB94318F24C5A9D8094B257C37AD856CBA1
                                                                                      Function 00D60848 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2541302468.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_d60000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f2385c21b1311187611b91b91297ac356b35bf4693d6de230932ca33f305e4d
                                                                                      • Instruction ID: a1fe91bec4c688e505917dbc76db4751cca3ce4403c2bad04b85046ac166e609
                                                                                      • Opcode Fuzzy Hash: 8f2385c21b1311187611b91b91297ac356b35bf4693d6de230932ca33f305e4d
                                                                                      • Instruction Fuzzy Hash: E3E0C270A0120DEFCB44EFB8EA4194DB7BAEB84204B2045EDD408E3214DE70AF008B94
                                                                                      Function 00D60A10 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2541302468.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_d60000_adobe.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b0e7a5770b34aa778a16c348d91bdde52c2bb956d462d68ab2a6d616acfb9a31
                                                                                      • Instruction ID: 42ae0f506cb490626c0f56ebb5d8257cf816406f170ab60079adb2b245e52391
                                                                                      • Opcode Fuzzy Hash: b0e7a5770b34aa778a16c348d91bdde52c2bb956d462d68ab2a6d616acfb9a31
                                                                                      • Instruction Fuzzy Hash: A4D0C775B44114CFCA08ABB8D44445CB764EFC437531006A5D135C71A1DA61D8118A51