Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
new shipment list.exe

Overview

General Information

Sample name:new shipment list.exe
Analysis ID:1538500
MD5:aa4257d0c7ddc10e899214aac906125a
SHA1:a195ff34e9629e7679644649d8f1a2d33e22b2b9
SHA256:a3a33b15c4ec3d4a358add6107f5294c394e8823a5bd622756c193fd1dd75b28
Tags:exeuser-lowmal3
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • new shipment list.exe (PID: 3304 cmdline: "C:\Users\user\Desktop\new shipment list.exe" MD5: AA4257D0C7DDC10E899214AAC906125A)
    • InstallUtil.exe (PID: 5024 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
      • WerFault.exe (PID: 5656 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 1144 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000001.00000002.2397642371.0000000005BD0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      Process Memory Space: new shipment list.exe PID: 3304JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: new shipment list.exe PID: 3304JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          Process Memory Space: InstallUtil.exe PID: 5024JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            SourceRuleDescriptionAuthorStrings
            1.2.new shipment list.exe.5bd0000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Data Obfuscation

              barindex
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\new shipment list.exe, ProcessId: 3304, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: new shipment list.exeAvira: detected
              Source: C:\Users\user\AppData\Roaming\WrappedObject.exeAvira: detection malicious, Label: HEUR/AGEN.1358803
              Source: C:\Users\user\AppData\Roaming\WrappedObject.exeReversingLabs: Detection: 56%
              Source: new shipment list.exeReversingLabs: Detection: 56%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
              Source: C:\Users\user\AppData\Roaming\WrappedObject.exeJoe Sandbox ML: detected
              Source: new shipment list.exeJoe Sandbox ML: detected
              Source: new shipment list.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: new shipment list.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\mscorlib.pdbI source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: n.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: ((.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb_ source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdbP source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbp source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbl source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: n8C:\Windows\InstallUtil.pdbo source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb:x source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp, new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_010168181_2_01016818
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_01016EE01_2_01016EE0
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_010177F51_2_010177F5
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_010181401_2_01018140
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_010181E11_2_010181E1
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_010184681_2_01018468
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_01016F1A1_2_01016F1A
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_01016F911_2_01016F91
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_01016ED01_2_01016ED0
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_010178F51_2_010178F5
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_01015F881_2_01015F88
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_01015F981_2_01015F98
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_068F2E101_2_068F2E10
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_068FA2781_2_068FA278
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_068F2E031_2_068F2E03
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00D831403_2_00D83140
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00D875903_2_00D87590
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00D8313F3_2_00D8313F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00D849283_2_00D84928
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00D849273_2_00D84927
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05135D903_2_05135D90
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_051364D03_2_051364D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 1144
              Source: new shipment list.exe, 00000001.00000002.2369532405.0000000000D5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs new shipment list.exe
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs new shipment list.exe
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002D8D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDkduvkpozd.exe" vs new shipment list.exe
              Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs new shipment list.exe
              Source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs new shipment list.exe
              Source: new shipment list.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: new shipment list.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: WrappedObject.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XZK5yx8LN7TTJ1Dp60.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XZK5yx8LN7TTJ1Dp60.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, uFKBcNAqFE8o3QNxCa.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: classification engineClassification label: mal100.expl.evad.winEXE@4/3@0/0
              Source: C:\Users\user\Desktop\new shipment list.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5656:64:WilError_03
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\0f0d9b01-aae7-45bd-8075-ba8d313136d8Jump to behavior
              Source: new shipment list.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: new shipment list.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\new shipment list.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: new shipment list.exeReversingLabs: Detection: 56%
              Source: C:\Users\user\Desktop\new shipment list.exeFile read: C:\Users\user\Desktop\new shipment list.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\new shipment list.exe "C:\Users\user\Desktop\new shipment list.exe"
              Source: C:\Users\user\Desktop\new shipment list.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 1144
              Source: C:\Users\user\Desktop\new shipment list.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: new shipment list.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: new shipment list.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: new shipment list.exeStatic file information: File size 1388544 > 1048576
              Source: new shipment list.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x152600
              Source: new shipment list.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\mscorlib.pdbI source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: n.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: ((.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb_ source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdbP source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbp source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbl source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: n8C:\Windows\InstallUtil.pdbo source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb:x source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: new shipment list.exe, o.cs.Net Code: _0003 System.AppDomain.Load(byte[])
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, uFKBcNAqFE8o3QNxCa.cs.Net Code: seb2p4v4aY3XclLtOim System.AppDomain.Load(byte[])
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Source: 1.2.new shipment list.exe.41b0030.2.raw.unpack, o.cs.Net Code: _0003 System.AppDomain.Load(byte[])
              Source: Yara matchFile source: 1.2.new shipment list.exe.5bd0000.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000001.00000002.2397642371.0000000005BD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: new shipment list.exe PID: 3304, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5024, type: MEMORYSTR
              Source: C:\Users\user\Desktop\new shipment list.exeCode function: 1_2_068F6D5D push edi; ret 1_2_068F6D6E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05133156 push cs; iretd 3_2_05133162
              Source: new shipment list.exeStatic PE information: section name: .text entropy: 7.998207701183529
              Source: WrappedObject.exe.1.drStatic PE information: section name: .text entropy: 7.998207701183529
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, -Module--46569939-59e1-4dca-a112-bebc1acbcd69-.csHigh entropy of concatenated method names: 'n8cb3a09809ef4a48824065fe2f417f8d', 'ExcludeDescriptor', 'ChangeDescriptor', 'SetDescriptor', 'fybXBvIQI9804WjifYP', 'RE1KanI6b2croBhGanF', 'xPWbvxI9QZyvXZRTjFX', 'N1vPMcIDRtF01LDPqNW', 'MUcpusIwnb9DX3pfaHG', 'DV2FxqIe9QcTpK9XLGP'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, eQT3w42nJl1uf60i7dU.csHigh entropy of concatenated method names: 'cbkkbbJe8n', 'e9Zm98IjtDpOOnaJmuL', 'FVGwyWIpbJJGMYEN9Xi', 'eHPax9IgBNVabNpd9up', 'CvihfeIKLfEAo8A74UT', 'o7L4sEIMCtCqo0Ou0WR', 'XmZpQaIm3QDxKB7pyXO', 'InmbCUIPOy9esnM6gpF', 'FUwsnAIsNSOhwudxDnO', 'Ks3tqbI0hF9Ss2f0x3q'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, Qn9mWF4ugM8WP5SwEKG.csHigh entropy of concatenated method names: 'C1Nb4C6QJT', 'iHdbbL4Uit', 'T94bvWE4Tg', 'oivbND50WN', 'X1dbBLcEHS', 'wribIL5wvQ', 'Ogibr30TFe', 'qACbkrEHpX', 'G3fbyR9tQX', 's9abAl99fx'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XZK5yx8LN7TTJ1Dp60.csHigh entropy of concatenated method names: 'SVW2TNwteI', 'hjl2aXEXnc', 'fRY0oHBQMSaOwrywmKq', 'CddsWSBDuc4Nus2WSeQ', 'bHdIHXBRveufMrHKBsm', 'VUf34eB63FOwhhuTbvq', 'i4829iSo6t', 'aWS2QbJbTg', 'yrE2D8X9LI', 'l3asCWB8xy9Ied5C0Ro'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, uFKBcNAqFE8o3QNxCa.csHigh entropy of concatenated method names: 'csa5DiUJl', 'WaD1QRQQj', 'c1vG7hBBU', 'jjsXrKEIW', 'EOSJToEAL', 'TrfVNJWDD', 'UpDt3C3eh', 'UbRhcfocC', 'FSOEGRgUS', 'jQPd2o6Mn'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.csHigh entropy of concatenated method names: 'UldPq1ICj8GrdC6G6yH', 'plY08cIUlbXBB5iOMPr', 'bG64QwHbrs', 'A7VDA0IWDIwp7WaZ0yc', 'OyOc4JI735jKkUo8jd9', 'S899jqIZr9nbmanPIYA', 'mKBy60IiywExmwojFRZ', 'aufA0pIzB9Z9vZQE9Yl', 'dLol7WrOkCaOY2giR1L', 'WTqqibrHMCcwh32DJM1'
              Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, SvR1fLRqDuTPL6wDIw.csHigh entropy of concatenated method names: 'N6B9QdnhF', 'sFkQvXjiT', 'dSYDsaWsS', 'W5JBUDvgHwjRHl9FoMv', 'TC8iXXvKRTDj0JsZbPQ', 'xw2GtOvMb59sbSOcsfM', 'iAOI6KvspRx4dVipYAD', 'lX8vUBv0qy8GEhPGFkf', 'WR1Q3avj1DWMGBngLHW', 'q3cYHIvp8DqNVcCKEFY'
              Source: C:\Users\user\Desktop\new shipment list.exeFile created: C:\Users\user\AppData\Roaming\WrappedObject.exeJump to dropped file

              Boot Survival

              barindex
              Source: C:\Users\user\Desktop\new shipment list.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to dropped file
              Source: C:\Users\user\Desktop\new shipment list.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: Yara matchFile source: Process Memory Space: new shipment list.exe PID: 3304, type: MEMORYSTR
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORERJSBIEDLL.DLLKCUCKOOMON.DLLLWIN32_PROCESS.HANDLE='{0}'MPARENTPROCESSIDNCMDOSELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILUREPVERSIONQSERIALNUMBERSVMWARE|VIRTUAL|A M I|XENTSELECT * FROM WIN32_COMPUTERSYSTEMUMANUFACTURERVMODELWMICROSOFT|VMWARE|VIRTUALXJOHNYANNAZXXXXXXXX
              Source: C:\Users\user\Desktop\new shipment list.exeMemory allocated: 1010000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeMemory allocated: 2B40000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeMemory allocated: 1180000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: D80000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A00000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2770000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
              Source: C:\Users\user\Desktop\new shipment list.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual@)
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: crosoft|VMWare|Virtual
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $cq 1:en-CH:Microsoft|VMWare|Virtual
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware|VIRTUAL|A M I|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft|VMWare|VirtualXjohnYannaZxxxxxxxx
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWareLRcq
              Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $cq 1:en-CH:VMware|VIRTUAL|A M I|Xen
              Source: C:\Users\user\Desktop\new shipment list.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeQueries volume information: C:\Users\user\Desktop\new shipment list.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\new shipment list.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting
              Valid Accounts2
              Windows Management Instrumentation
              1
              Scripting
              11
              Process Injection
              1
              Masquerading
              OS Credential Dumping221
              Security Software Discovery
              Remote Services11
              Archive Collected Data
              1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Scheduled Task/Job
              1
              Scheduled Task/Job
              1
              Scheduled Task/Job
              3
              Virtualization/Sandbox Evasion
              LSASS Memory3
              Virtualization/Sandbox Evasion
              Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt2
              Registry Run Keys / Startup Folder
              2
              Registry Run Keys / Startup Folder
              1
              Disable or Modify Tools
              Security Account Manager1
              Process Discovery
              SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron1
              DLL Side-Loading
              1
              DLL Side-Loading
              11
              Process Injection
              NTDS32
              System Information Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information
              LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Obfuscated Files or Information
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
              Software Packing
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              DLL Side-Loading
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              new shipment list.exe57%ReversingLabsWin32.Trojan.Generic
              new shipment list.exe100%AviraHEUR/AGEN.1358803
              new shipment list.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\WrappedObject.exe100%AviraHEUR/AGEN.1358803
              C:\Users\user\AppData\Roaming\WrappedObject.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\WrappedObject.exe57%ReversingLabsWin32.Trojan.Generic
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
              https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              https://github.com/mgravell/protobuf-netnew shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpfalse
                unknown
                https://github.com/mgravell/protobuf-netinew shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpfalse
                  unknown
                  https://stackoverflow.com/q/14436606/23354new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp, new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  https://github.com/mgravell/protobuf-netJnew shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpfalse
                    unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namenew shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://stackoverflow.com/q/11564914/23354;new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://stackoverflow.com/q/2152978/23354new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    No contacted IP infos
                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1538500
                    Start date and time:2024-10-21 13:08:27 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 39s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:new shipment list.exe
                    Detection:MAL
                    Classification:mal100.expl.evad.winEXE@4/3@0/0
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 176
                    • Number of non-executed functions: 6
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 20.190.160.22, 40.126.32.133, 40.126.32.76, 40.126.32.138, 20.190.160.17, 40.126.32.68, 40.126.32.72, 40.126.32.140
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                    • Execution Graph export aborted for target InstallUtil.exe, PID 5024 because it is empty
                    • Execution Graph export aborted for target new shipment list.exe, PID 3304 because it is empty
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • VT rate limit hit for: new shipment list.exe
                    TimeTypeDescription
                    13:10:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs
                    No context
                    No context
                    No context
                    No context
                    No context
                    Process:C:\Users\user\Desktop\new shipment list.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):89
                    Entropy (8bit):4.760649622523302
                    Encrypted:false
                    SSDEEP:3:FER/n0eFHHoUkh4EaKC5t/kqjnn:FER/lFHI9aZ5t8i
                    MD5:61D980902523BC5CA1FC51EA64BBA5A7
                    SHA1:985A85DB4335447006EAB92042D7A6AB36ED7BC8
                    SHA-256:055D091CF265141CE21113AA4493B562DFB4AA87329C0DFD7F74F709FB859CFE
                    SHA-512:0AF4BA1DE929C4702553184C33BBB19AA767C2148A2112432F64607C8D12A4E8F90E154B3709BC4321A986FFA966244CFEDDF4F8E0EDBFFADBBD54F062DAF1F8
                    Malicious:true
                    Reputation:low
                    Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\WrappedObject.exe"""
                    Process:C:\Users\user\Desktop\new shipment list.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):1388544
                    Entropy (8bit):7.9971893207439
                    Encrypted:true
                    SSDEEP:24576:65Jhlo22lwjGGOhFUbGBCfhTnfHx5sJgLQrINtnNbIsOsYmdczV3Gcn0NLR04+1t:uJhlo22SGRvKHfR5ZU0NtNcjsY/3f0t6
                    MD5:AA4257D0C7DDC10E899214AAC906125A
                    SHA1:A195FF34E9629E7679644649D8F1A2D33E22B2B9
                    SHA-256:A3A33B15C4EC3D4A358ADD6107F5294C394E8823A5BD622756C193FD1DD75B28
                    SHA-512:486E5F02EDE407C950507D615BB9455227EFE419C5C24261EFDB80D79959F8D291A64AE18D8905B0046E87D9012CCE41589F13F414B11250FE5F47CE2651830D
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 57%
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..g.................&...........E... ...`....@.. ....................................`..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........ ...#......)...H?...............................................s.........*.0..........(.........(....o....3.(....-..j*~....%..(....~....o.......j@8...(......s.......o........&..o....s..........o......,...i-....,...o.....( .....o!...o"...o.........(....(......(..........c.o#.......o#........c.o#.......c.o#.......o#........c.o#........c.o#........c.o#....o$......j....+)....o%...nX.....bX.....da.....o&......X......3....bX.....da.....bX....!...3..a.~.....o...........(
                    Process:C:\Users\user\Desktop\new shipment list.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0
                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.9971893207439
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:new shipment list.exe
                    File size:1'388'544 bytes
                    MD5:aa4257d0c7ddc10e899214aac906125a
                    SHA1:a195ff34e9629e7679644649d8f1a2d33e22b2b9
                    SHA256:a3a33b15c4ec3d4a358add6107f5294c394e8823a5bd622756c193fd1dd75b28
                    SHA512:486e5f02ede407c950507d615bb9455227efe419c5c24261efdb80d79959f8d291a64ae18d8905b0046e87d9012cce41589f13f414b11250fe5f47ce2651830d
                    SSDEEP:24576:65Jhlo22lwjGGOhFUbGBCfhTnfHx5sJgLQrINtnNbIsOsYmdczV3Gcn0NLR04+1t:uJhlo22SGRvKHfR5ZU0NtNcjsY/3f0t6
                    TLSH:E3553389F43CA51FC8D845F2F977222E8716CA069D0EE5AACCB84D459D930EC6C532ED
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..g.................&...........E... ...`....@.. ....................................`................................
                    Icon Hash:00928e8e8686b000
                    Entrypoint:0x554502
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x6711DE6A [Fri Oct 18 04:04:58 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1544a80x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1560000x5b0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1580000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x1525080x152600f4bb9f22c136f6a38611e36bbe9b907bFalse0.9951233203269302data7.998207701183529IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x1560000x5b00x600d0a5680018f4576eeba005b3d8a0b094False0.4173177083333333data4.3382946781208345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x1580000xc0x200f29a54f023ccca51286eed928b2e9a3fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0x1560a00x35cdata0.4046511627906977
                    RT_MANIFEST0x1563fc0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385
                    DLLImport
                    mscoree.dll_CorExeMain
                    No network behavior found

                    Click to jump to process

                    Click to jump to process

                    Click to dive into process behavior distribution

                    Click to jump to process

                    Target ID:1
                    Start time:07:09:57
                    Start date:21/10/2024
                    Path:C:\Users\user\Desktop\new shipment list.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\new shipment list.exe"
                    Imagebase:0x6a0000
                    File size:1'388'544 bytes
                    MD5 hash:AA4257D0C7DDC10E899214AAC906125A
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2397642371.0000000005BD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    Target ID:3
                    Start time:07:09:59
                    Start date:21/10/2024
                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Imagebase:0x530000
                    File size:42'064 bytes
                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:moderate
                    Has exited:false

                    Target ID:6
                    Start time:07:10:00
                    Start date:21/10/2024
                    Path:C:\Windows\SysWOW64\WerFault.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 1144
                    Imagebase:0xf30000
                    File size:483'680 bytes
                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Reset < >
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRcq$\scq
                      • API String ID: 0-963841539
                      • Opcode ID: c05f7f6d0749a39ef95f3cb7a2da6465bc95473012ab19bcd687e7050b7d14a8
                      • Instruction ID: 5f7d25b12ca873cae812d0634d5077fa41814d512d07077d993066d4413cca7d
                      • Opcode Fuzzy Hash: c05f7f6d0749a39ef95f3cb7a2da6465bc95473012ab19bcd687e7050b7d14a8
                      • Instruction Fuzzy Hash: A7327C74A0022A8FDB24DF79D884AADB7F2FF88304F15C569E449EB254DB34A941CF90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRcq$\scq
                      • API String ID: 0-963841539
                      • Opcode ID: 1cf3341e8c0664493ac5d56142f7c619e20341f541e58f2ccf1b52ccfd089b09
                      • Instruction ID: aa2dd6285a45a3ac17dc7c5c09515c35a9661ce3aebb65a1c5ec466b8231f35c
                      • Opcode Fuzzy Hash: 1cf3341e8c0664493ac5d56142f7c619e20341f541e58f2ccf1b52ccfd089b09
                      • Instruction Fuzzy Hash: C4E1B075E001299BDB24DF79D845AADB7F2BFC8304F158569E409EB354DB34A902CF90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRcq$\scq
                      • API String ID: 0-963841539
                      • Opcode ID: 34baf247e93cd064d995e4a991008bf05371e3c55ea71d92f3f9e5158793dd74
                      • Instruction ID: 0bfba71453da9a7d86db14659b777e60567297c02129a74d41d306cf39d2e08b
                      • Opcode Fuzzy Hash: 34baf247e93cd064d995e4a991008bf05371e3c55ea71d92f3f9e5158793dd74
                      • Instruction Fuzzy Hash: BED18E75A0012A9BDB24DF79D844AADB7F2BFC8304F158569E409EB354DB34A942CF90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRcq$\scq
                      • API String ID: 0-963841539
                      • Opcode ID: 9b0f6c0457396321b60123829f40adbc0c8b839345d51277ca4f3634b0e4ba1f
                      • Instruction ID: 35f23db89bd9fd476a22b52f2d9c4b8ffed0988a931ce385b8fa104f1df89741
                      • Opcode Fuzzy Hash: 9b0f6c0457396321b60123829f40adbc0c8b839345d51277ca4f3634b0e4ba1f
                      • Instruction Fuzzy Hash: 74D19D75E0012A9BDB24DF79DC54AADB7F2BFC8304F15865AE406EB354DB34A9028F90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRcq
                      • API String ID: 0-4134321033
                      • Opcode ID: 59ee2cd7185de229d716bbe9360381277d40802b5fd8a2a647dd531bbfdf229b
                      • Instruction ID: 1701ccf858c0c8278e8fca935319f9516af074e270eebb3f5857aea376d5cafc
                      • Opcode Fuzzy Hash: 59ee2cd7185de229d716bbe9360381277d40802b5fd8a2a647dd531bbfdf229b
                      • Instruction Fuzzy Hash: 63F18E71E041698FDB15CF68C994BADBBF2BF84304F29C5A9D049AB286D7389D81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRcq
                      • API String ID: 0-4134321033
                      • Opcode ID: 849d09ddb482b8f4540aaf4b014e223f9525b26bfe7cd39bc640da8f2e1bc0c1
                      • Instruction ID: b0e8130fd5dddd9128785e889376a78818f2613ce79a9f45785a13eda1f24a5c
                      • Opcode Fuzzy Hash: 849d09ddb482b8f4540aaf4b014e223f9525b26bfe7cd39bc640da8f2e1bc0c1
                      • Instruction Fuzzy Hash: B9918475E001198FDB19CF68D990BEDBBB2BF84304F29C599D045AB689D738AE81CF44
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: \scq
                      • API String ID: 0-2684010689
                      • Opcode ID: c0bc3c46ff41d87ff74209d4480ad18a955738041ae11551bc20e61207afeaf0
                      • Instruction ID: b7b4115d6b3771ebce1e090b3f9ab6c1521f7718a3db3170332d7c343e0bf3d3
                      • Opcode Fuzzy Hash: c0bc3c46ff41d87ff74209d4480ad18a955738041ae11551bc20e61207afeaf0
                      • Instruction Fuzzy Hash: 7E71F6B9D4010A9FDF14CFAAD985AEEBBF1BF48300F10A659D402EB255DB35AA41CF50
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1505864c5e3f56efdae43733a8fb3ec5a75376b7925eda8d647546b110c94d4d
                      • Instruction ID: 56e74f7eed1900d8e7c6285bee6be0705ffafa15d9b8f7d8cd871b27d3f44fc1
                      • Opcode Fuzzy Hash: 1505864c5e3f56efdae43733a8fb3ec5a75376b7925eda8d647546b110c94d4d
                      • Instruction Fuzzy Hash: 0CC1E370E11208CFEB94CFA9D495BADBBF2EF88304F10806AE509B7255DB749A85CF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04a35541a1f654f2434e676ea01260f01a5713be7de1bcdb0afc1062f03b415f
                      • Instruction ID: 585ad8d50cf1b6c30b08069cf40b417a692be7bd37138c167d4f3e530d929286
                      • Opcode Fuzzy Hash: 04a35541a1f654f2434e676ea01260f01a5713be7de1bcdb0afc1062f03b415f
                      • Instruction Fuzzy Hash: 10C1E274E11208CFEB94CFA9D885B9DBBF2EF88304F10806AE509B7255DB749A85CF41
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: '\z$<$Tecq$Tecq
                      • API String ID: 0-3781735176
                      • Opcode ID: b07e81f5eb73c3408b9517bf9cd2e4fb44f18d13ea6933387efe3ec65451f7ac
                      • Instruction ID: 3be143619ee80169c6a4eec67a4038c9ac5fa11a6d0d12029ce45164848625c2
                      • Opcode Fuzzy Hash: b07e81f5eb73c3408b9517bf9cd2e4fb44f18d13ea6933387efe3ec65451f7ac
                      • Instruction Fuzzy Hash: 66518274B001099FCB04EFA9D854AAEBBE6FFC8710F108469E906EB395CB759D01DB91
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: (gq$(gq$(gq
                      • API String ID: 0-3964246382
                      • Opcode ID: abb84272f7a041a21369406ff9749ba0bbb54536af13a74bfc8f344d0a7ec6f4
                      • Instruction ID: f35b794eb6e1ad7804e1d8a068a3cc646f9d1df0f8c9dcff72c4e0dfb16a7288
                      • Opcode Fuzzy Hash: abb84272f7a041a21369406ff9749ba0bbb54536af13a74bfc8f344d0a7ec6f4
                      • Instruction Fuzzy Hash: 92D1DE71E00249CFDB04DFA9C9546AEBBF2FF88310F148569E445AB395DB38AD41CB91
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: '\z$Tecq
                      • API String ID: 0-3251338542
                      • Opcode ID: 6a61dd53071e1b20db51752d9ad27afc5180dda36c9550d4eeef7c84034e807a
                      • Instruction ID: c17655e3eb694be5adb9882b657800e6aa2457da19f32a24b7c1e1c2119adee4
                      • Opcode Fuzzy Hash: 6a61dd53071e1b20db51752d9ad27afc5180dda36c9550d4eeef7c84034e807a
                      • Instruction Fuzzy Hash: 73117F74B001199FCB44DFB9D498BADBAE2AF88700F254459E802EB3A5CFB99D41DB50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: )$,
                      • API String ID: 0-200091960
                      • Opcode ID: e0c396921d2ffad53869eebe00770ab2dff59e82e004dfef1b685655ecc225a4
                      • Instruction ID: 359095889374babbb0b4afb9729a5734e21535b512a7382cb61c184de1fe2ea0
                      • Opcode Fuzzy Hash: e0c396921d2ffad53869eebe00770ab2dff59e82e004dfef1b685655ecc225a4
                      • Instruction Fuzzy Hash: 4D116D74A012288FDBA0DF64C984BD9BBB1EF49304F1081D9E50DB7250DB39AE85CF40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: <$Tecq
                      • API String ID: 0-2509899585
                      • Opcode ID: 5c2c35f7f8fb11d4b8276d585328cfc7a2ea89b3faaec45c8fd590619e17a684
                      • Instruction ID: b2162486d331ae060bde2fc6499a2626fa236d826f98499b3e1292d61a971452
                      • Opcode Fuzzy Hash: 5c2c35f7f8fb11d4b8276d585328cfc7a2ea89b3faaec45c8fd590619e17a684
                      • Instruction Fuzzy Hash: 07F0F6716041449FCB119B7D9C54AAEBFF1FF89360F00819EF8858B3A6C6714905CB91
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: <dzq
                      • API String ID: 0-649407279
                      • Opcode ID: 95eda1ccd65245cf5345998b0c7a1c66421a3404e5858bb0fb1821c58c489899
                      • Instruction ID: 76be2e815aa7eab82ed664a30826529c6bebedbfc78a5c6e3aea108a91362c88
                      • Opcode Fuzzy Hash: 95eda1ccd65245cf5345998b0c7a1c66421a3404e5858bb0fb1821c58c489899
                      • Instruction Fuzzy Hash: EE519D357102118FCB41EF6DC89496EBBF2FF88214B6584AAE559CB366DB34ED01CB90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: \scq
                      • API String ID: 0-2684010689
                      • Opcode ID: ad0750d5b821914905afcf208137219153e4765c3f5afde3073590e6bd797448
                      • Instruction ID: d5652e875b5cbbefa7b12b1a29285340cdbc61583206aa55e8fd5c81107d8cdd
                      • Opcode Fuzzy Hash: ad0750d5b821914905afcf208137219153e4765c3f5afde3073590e6bd797448
                      • Instruction Fuzzy Hash: 485119B9D0020A9FDF04DFA9D981AEEBBF2BF88310F106659D411EB255DB356A41CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: <dzq
                      • API String ID: 0-649407279
                      • Opcode ID: 57cee2714da6c189f918db99b8406122a69aa17ee3a6726d2b384ddcfd2dd0fc
                      • Instruction ID: c41f8df8e14d2cc30a662f90ba80f52c80b4d039462d55e7f41a5906881d9922
                      • Opcode Fuzzy Hash: 57cee2714da6c189f918db99b8406122a69aa17ee3a6726d2b384ddcfd2dd0fc
                      • Instruction Fuzzy Hash: C9518E357102018FC742EB3DC89495EBBF2FF8961476584AAE549DB366EF34EC018B90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: ac13f5d1e26745353ad6c1981797765cff409d0c180d2af6988960c69fc3e1d4
                      • Instruction ID: d82aab7b8cab4f1bf03f1e78176dea2cf1772ab5748a78fc3489dad3f9a319dc
                      • Opcode Fuzzy Hash: ac13f5d1e26745353ad6c1981797765cff409d0c180d2af6988960c69fc3e1d4
                      • Instruction Fuzzy Hash: 1641BC71F0010A8BCB51DFAED8806AEFBB2FB84211B14C57AE654D7709D339ED528B91
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: (gq
                      • API String ID: 0-1972435379
                      • Opcode ID: 33df66361300e9db64f11d726d359576f5cc3406f5e4cc8cb7ab4ba15f986d8e
                      • Instruction ID: 231d6055ecb632b2850bc99d1aa4adfeb218345b57f18a975e185d068c73ab74
                      • Opcode Fuzzy Hash: 33df66361300e9db64f11d726d359576f5cc3406f5e4cc8cb7ab4ba15f986d8e
                      • Instruction Fuzzy Hash: 292138316093988FC719DB38E8654793BF0EF9630072884AED945CF6A6DB39DC06C751
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: "
                      • API String ID: 0-123907689
                      • Opcode ID: d6f79b99f083483ba3af54f9453b33723bb4dfed5f5706809bc7c8814cb6cb55
                      • Instruction ID: a1301508c588f161a530fe7d3af316147666d765877b8b2e6333591edd775c54
                      • Opcode Fuzzy Hash: d6f79b99f083483ba3af54f9453b33723bb4dfed5f5706809bc7c8814cb6cb55
                      • Instruction Fuzzy Hash: 56313874D15228CFEB64DF26D854BEDB7B6FB89304F10C0AAD549E7242DB740A858F40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: \scq
                      • API String ID: 0-2684010689
                      • Opcode ID: 0392299aa1bb19d57683d9d659beac2787cc28a23859d3664faa937196ab7c6c
                      • Instruction ID: 4911752f840125bcb222054ef84dfb6e864b0c36a5497c8c4e8425fd7a0e1c80
                      • Opcode Fuzzy Hash: 0392299aa1bb19d57683d9d659beac2787cc28a23859d3664faa937196ab7c6c
                      • Instruction Fuzzy Hash: 9F11CE313404248FDBA5EBBDD850D2A77E9EF88A60311C5EAF50ECB376DA25DC008B90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: '
                      • API String ID: 0-1997036262
                      • Opcode ID: 2dcb02cb906f1a7f2e3e35b17015c6687f7707b0d74a9d173f083423dc6af5a0
                      • Instruction ID: bbfcb90eb8c0f0347814d8391c9d996ebe901de46595f34428d65dc4cc70ccfb
                      • Opcode Fuzzy Hash: 2dcb02cb906f1a7f2e3e35b17015c6687f7707b0d74a9d173f083423dc6af5a0
                      • Instruction Fuzzy Hash: 8B219D74E10228CFEBA0DF64D855B99BBB1FB4A304F1081E9D60DA7250DB799E85CF41
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: \scq
                      • API String ID: 0-2684010689
                      • Opcode ID: 6b83a7014f142bd8a80d7e1a241cfbdc8cd829163f271292ee98bd024b882b0a
                      • Instruction ID: 13282955b91bacea0bd0bb7d6c76a7f1f0362ee259a10aa9852e37eaada27e38
                      • Opcode Fuzzy Hash: 6b83a7014f142bd8a80d7e1a241cfbdc8cd829163f271292ee98bd024b882b0a
                      • Instruction Fuzzy Hash: 1701F7B17041158FD756DF79C850C2A7BF5EF89654711C4EEE44ACB376EA26CD008B90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8gq
                      • API String ID: 0-1984363304
                      • Opcode ID: b0daf9a5611e362d6cf8c3ab0a76e4b5bea64253ce51cb2faa4971e6475a8ee9
                      • Instruction ID: 0574d49cac9a1117151a5c666d6b5054db8666ab635000095cbc45b8168e52b3
                      • Opcode Fuzzy Hash: b0daf9a5611e362d6cf8c3ab0a76e4b5bea64253ce51cb2faa4971e6475a8ee9
                      • Instruction Fuzzy Hash: 04F024393001004FC702AB7CA864A9A3BFABFDA31474504B5E009CB7A6EB258C058B50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: 1c13ed52bce22eaace2297e1e96e7f46b99e0ffdba04297d0c8c0b1b844de513
                      • Instruction ID: b8ad16f4f35c35453a248bdf6089e43510fd7831488dbb8219b7af53bbf9da12
                      • Opcode Fuzzy Hash: 1c13ed52bce22eaace2297e1e96e7f46b99e0ffdba04297d0c8c0b1b844de513
                      • Instruction Fuzzy Hash: D901CE70E122688FDBA5DF64D858BECBBB1FF49304F1041A9D509A7290DB741E80CF40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: 3
                      • API String ID: 0-1842515611
                      • Opcode ID: aab34c106850ab914aac4e2e9eeae41cb8a25c57a0e80d8930386b30a4d6ba72
                      • Instruction ID: 19a3cb93d055e9eff8e2c90c34009b83c186a89832fb4145f7047c448b65d8b7
                      • Opcode Fuzzy Hash: aab34c106850ab914aac4e2e9eeae41cb8a25c57a0e80d8930386b30a4d6ba72
                      • Instruction Fuzzy Hash: 1E019CB8941228CFDBA4DF64C888BDDBBB1BB09308F1082D99519A3251D7755EC5CF90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8gq
                      • API String ID: 0-1984363304
                      • Opcode ID: 36a5f06834ec3468d0bb398f3399cfd80a14e99cc5549b4d6d1843e52638303b
                      • Instruction ID: d16ce2da1efca7549bb6167b93e97aac86d61cf38f9d1d4bf9ebccc2a0152051
                      • Opcode Fuzzy Hash: 36a5f06834ec3468d0bb398f3399cfd80a14e99cc5549b4d6d1843e52638303b
                      • Instruction Fuzzy Hash: ADF0A0393001009FC701F76DE818A1977EAFFCD655B040478E109CB755EF659C018B94
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: C
                      • API String ID: 0-1037565863
                      • Opcode ID: bc2766d7f2b14cd8dc198a3d933e638b6e5d8ee6a5dda56ef153603831bb92f8
                      • Instruction ID: 2ffa3821a95cad1c16f8d4b6867bd8cac891d6b4ce6814edd8d25df3ac364d4c
                      • Opcode Fuzzy Hash: bc2766d7f2b14cd8dc198a3d933e638b6e5d8ee6a5dda56ef153603831bb92f8
                      • Instruction Fuzzy Hash: BC019DB4914258CFEB64CF54D884B9CB7B1FB09304F1486EAD64AA7240D3B59EC5CF41
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8
                      • API String ID: 0-4194326291
                      • Opcode ID: 22f2e492e25d8ce580ca0b5c0bd37c2cc4471a5748c502f45371d6cf7be13122
                      • Instruction ID: dce67757c1df1b1588cc77f070756ac60d7b67c37546cff3b745a882b6fd61a5
                      • Opcode Fuzzy Hash: 22f2e492e25d8ce580ca0b5c0bd37c2cc4471a5748c502f45371d6cf7be13122
                      • Instruction Fuzzy Hash: FAF0CF74951268CFEB94CF14C884B98BBB1FB09348F1485E9D40AA3290D77AAEC5CF40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: C
                      • API String ID: 0-1037565863
                      • Opcode ID: f7288fac6024089ae33e625a0dd23f1c03267ea879d983edc24748764ea8963b
                      • Instruction ID: c1308148f4d1632facdadc7623c0600b8bec53be0106e07f5609482f4cb245ea
                      • Opcode Fuzzy Hash: f7288fac6024089ae33e625a0dd23f1c03267ea879d983edc24748764ea8963b
                      • Instruction Fuzzy Hash: A9F0F2B49001598FCB54DF24D8A0ADCB7B5EF49304F5085EA890EB7280DB30AE86CF40
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fdf90b3f1fe86b40bb47a0d006b39bffb7449e0640af095ee106fa05b6b34eac
                      • Instruction ID: 2e5b79128ef3b34d1c552083f9df82d7b23643206d495324772d541496c64fd9
                      • Opcode Fuzzy Hash: fdf90b3f1fe86b40bb47a0d006b39bffb7449e0640af095ee106fa05b6b34eac
                      • Instruction Fuzzy Hash: E762C370D00B458FDBB49F78D8983ADB6E1AB86310F104A5FD0EACF695D77C98818B46
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d1917e13d17b668bf5f4d1e781ae82f357ca83f7ca680e4ded2e7f1ee344d7aa
                      • Instruction ID: d32f14a5a56c26a31441e24e7972e863365219228af08a2737c216f1ffb2d754
                      • Opcode Fuzzy Hash: d1917e13d17b668bf5f4d1e781ae82f357ca83f7ca680e4ded2e7f1ee344d7aa
                      • Instruction Fuzzy Hash: 8C1250B0D05B464ED7B85F68C88439E76D0AB47310F208A5BD0FACF259D77894869B8B
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b73115206c8d3b2218a558ab559566373ce1098007d45e1240a8494d8df1bd20
                      • Instruction ID: 15c354e648dc63e2cf4776b0636e8217f840b3814d625f2567aca1d7a3fddec1
                      • Opcode Fuzzy Hash: b73115206c8d3b2218a558ab559566373ce1098007d45e1240a8494d8df1bd20
                      • Instruction Fuzzy Hash: 01B1D070E16218CFEB50DF68D944B9DBBB2FB49304F2081AAD509AB241DB785E85CF52
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3a81d61be80ba57e261810dc11f01dccf5d9243431efbc9edcb9a8758cc2a4dc
                      • Instruction ID: c1483975d580898fedf6b6ba9d7542af0fdb60bcfce3ce5adbfbb8654a7b8180
                      • Opcode Fuzzy Hash: 3a81d61be80ba57e261810dc11f01dccf5d9243431efbc9edcb9a8758cc2a4dc
                      • Instruction Fuzzy Hash: 4C81E1B0D15218CFEB50CFA5DA84BADBBB2EF48305F20402AD609B7351DB785986CF91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 39db0af41252301f9e631305bd005b181fe89bfb6682de0674dba02d6c9efeb7
                      • Instruction ID: 40f0da8f2de0197e18b39b5c98c45e7b1d58d01bd8242ce2cd924888bb457c27
                      • Opcode Fuzzy Hash: 39db0af41252301f9e631305bd005b181fe89bfb6682de0674dba02d6c9efeb7
                      • Instruction Fuzzy Hash: 5F81E070D16218CFEB50CFA4DA84BADBBB2EF48305F20502AD609A7351DB785986DF91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ece2a35c92428dc2bc94b26c3175886e807eafd7f756e2318d6098688ee40000
                      • Instruction ID: bd89c82bd4b1504e6557e7c651da10cb78455a8d4360b78fa8d7505bc70a59cf
                      • Opcode Fuzzy Hash: ece2a35c92428dc2bc94b26c3175886e807eafd7f756e2318d6098688ee40000
                      • Instruction Fuzzy Hash: BE510431D0878A9FCB039B7CD4A04EDBFB0EF46318B05C597D8D4AB11AEB25944AC781
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ed31852ed945ffd16fd3520184d259116c3b60821eb693892a0d8482028598f
                      • Instruction ID: e3708fc6f4e2e87d1e4e892e354f1ffda9a15a841ae12c7272de701821116077
                      • Opcode Fuzzy Hash: 7ed31852ed945ffd16fd3520184d259116c3b60821eb693892a0d8482028598f
                      • Instruction Fuzzy Hash: 9F414D315092559FCB0BCB78C8149EDBFB5EF85220B14C4DAE180DF5ABDB368902D790
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10bbe3ee1c6bdbf56e6f6ee52f51cbbab0d8adfe85113b286ea4a0ada729f58a
                      • Instruction ID: 04ead6140fe6585dd61c5df8f042088e2d4e91579f4b5fc82173feef8440293c
                      • Opcode Fuzzy Hash: 10bbe3ee1c6bdbf56e6f6ee52f51cbbab0d8adfe85113b286ea4a0ada729f58a
                      • Instruction Fuzzy Hash: E5418E35A102099FCB04DFA4D8949ADB7B6FF8D705B20815EE506EB361DB71AC02CB50
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 93d3dcd1e73358b9bba5ffb454b2d247bd5c18354fab0d1baaf77cbca79657b5
                      • Instruction ID: d181ecf82cf87292f335ad02619cc82fb5890e69c6c7c95fb71462d6a3dfc36c
                      • Opcode Fuzzy Hash: 93d3dcd1e73358b9bba5ffb454b2d247bd5c18354fab0d1baaf77cbca79657b5
                      • Instruction Fuzzy Hash: 0B512474E00218CFEB64DFA8D8557EDBBB2EB88304F1080AAD509B7240DB785A82DF50
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 30dd3eac66eb52ea748a409ee9123866809a69b324490ba17bd1b8005c1af741
                      • Instruction ID: 5f436ce31f9cfb4568f7dc010ab4563fa30baeb267fc73ef40f15e2eaf7cf7ab
                      • Opcode Fuzzy Hash: 30dd3eac66eb52ea748a409ee9123866809a69b324490ba17bd1b8005c1af741
                      • Instruction Fuzzy Hash: 5E512570E04218CFEB64DFA5D8557EDBBB2EB88304F1080AAD509B7241DB785E86DF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 47a382557ce19a30a1d94cc0c9eacc2b46f1b528bbf37fe6e4f6066cbadddd00
                      • Instruction ID: 65495d65ea44d57923f0930f14a5c8c13fe6c4e5ebd2b8d96003cde73689792c
                      • Opcode Fuzzy Hash: 47a382557ce19a30a1d94cc0c9eacc2b46f1b528bbf37fe6e4f6066cbadddd00
                      • Instruction Fuzzy Hash: 91416D31E00749DBDB14EFA9C84469EBBF1FF88310F14C669E8456B264EB74A985CB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 395e2bdcaba7e4e6311cda6ff17aed917da2ef81ba527128e13f3e9c4b7f19c2
                      • Instruction ID: d943db371e243e8ee191e5feec36fa2b65fedfc945df737041dd2a54af01a2c9
                      • Opcode Fuzzy Hash: 395e2bdcaba7e4e6311cda6ff17aed917da2ef81ba527128e13f3e9c4b7f19c2
                      • Instruction Fuzzy Hash: CD51FF70D14218CFEB54CFA8C8487EEBBB6FB48304F10812AD205B7291DB784A85CF92
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e46f21b06cfe4d1c35e35d15800c6d99dc312e3b2f4a4bb5036144ca9ea63a44
                      • Instruction ID: 598f99c88ce2850be2e809b9b40470918f5f7e57de566f348f744db902a94543
                      • Opcode Fuzzy Hash: e46f21b06cfe4d1c35e35d15800c6d99dc312e3b2f4a4bb5036144ca9ea63a44
                      • Instruction Fuzzy Hash: CE416F35A102099FCB04DFA4D894DAEB7B6FF8D701F20C15EE505AB360DB72A802CB50
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b13f83e323162c3cd2f74595f0aaabe8f6a4177db6738de38013461f9de26aa
                      • Instruction ID: 0e10bd25f208b79df4a9975aba3a0b879707c9187952b7462652565c03eb6892
                      • Opcode Fuzzy Hash: 5b13f83e323162c3cd2f74595f0aaabe8f6a4177db6738de38013461f9de26aa
                      • Instruction Fuzzy Hash: 0D41DFB1D01309DBDB20DFA9C984ACDFBF5BF48304F24802AD449AB214D7756A8ACF91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 47d30189ec07bf54c22e3533e4e1305e122f2e55ea840d8ddc45586680edf0e1
                      • Instruction ID: e9eba244d7934378f260251b709f647cfdadc0c73887e854828782269dda3d3c
                      • Opcode Fuzzy Hash: 47d30189ec07bf54c22e3533e4e1305e122f2e55ea840d8ddc45586680edf0e1
                      • Instruction Fuzzy Hash: 223106B1C093448FDB02CB69C8496DEFFF4FF56220F55808ED8D5AB212D2799506CBA2
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 058d1eebff4aad2793fc11312af30c946796f4c858b47bca115779c20373b678
                      • Instruction ID: 9debdda7858c46853e2c55a0c514b498ca25c0c74de3e97da3bbaac8d7dfee52
                      • Opcode Fuzzy Hash: 058d1eebff4aad2793fc11312af30c946796f4c858b47bca115779c20373b678
                      • Instruction Fuzzy Hash: 154146B0D013498FCB00DFA9D968AEEFBF5BF48304F108829D845B7250DB79A904CBA1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c09e11b2603a0c0e9c33c24c8dc7acbc94c237fc597233cf71f62536dc6ba700
                      • Instruction ID: adee3f514da950a2843f7fc7d9765a16a7a8370735c9c3a69af399ac4eae45d3
                      • Opcode Fuzzy Hash: c09e11b2603a0c0e9c33c24c8dc7acbc94c237fc597233cf71f62536dc6ba700
                      • Instruction Fuzzy Hash: 17510834E151188FD755DF24D895BAAB7B6FF88300F5040E9A40AAB355DB38AF81CF91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a7fb1131a4cf114fd5d182c46d9ab29c544773d8256faa17a705ec6940e4f9f3
                      • Instruction ID: 64f2382b2cb5fe67ddc22bd52748fa24972d7be728a468072b5b0d07131bcb21
                      • Opcode Fuzzy Hash: a7fb1131a4cf114fd5d182c46d9ab29c544773d8256faa17a705ec6940e4f9f3
                      • Instruction Fuzzy Hash: 9B41BFB1D00209DBDB24DFA9C984ACDFBF5BF48304F24842AD409AB214D7756A8ACF91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: af8fc66464ead0abb1a5b875f6d04a7a1d102d4077a1be5e11ec89265976af47
                      • Instruction ID: 341eb480b56c37ec38c0879d5b3fab21a0b3c619302baf219a711787c44f22c3
                      • Opcode Fuzzy Hash: af8fc66464ead0abb1a5b875f6d04a7a1d102d4077a1be5e11ec89265976af47
                      • Instruction Fuzzy Hash: 2C2128B290D2915FDB079B259C524AD7FB5EF9222030A81EBE4C4CF0A7D2388507C711
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f5af311051028a63b83defc6b7a611509678b10029efb553c8bfdc3d86b646a
                      • Instruction ID: b982c8f36ded9065790274fba4595d70f3329f53246cba8439cd346531432c07
                      • Opcode Fuzzy Hash: 8f5af311051028a63b83defc6b7a611509678b10029efb553c8bfdc3d86b646a
                      • Instruction Fuzzy Hash: AA3101716043059FC711EB78D4498AABBF2EF8530475588ADE446EB366EB39DC0A8B90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 834bcd1a275bb251e4e167529f32ef210be4a9dcf85cbe8771ec8834ee76577d
                      • Instruction ID: aca467918c4196c3b8bb18162a305dbaff7a10b43bc81d0b0aa5b220d949fe1c
                      • Opcode Fuzzy Hash: 834bcd1a275bb251e4e167529f32ef210be4a9dcf85cbe8771ec8834ee76577d
                      • Instruction Fuzzy Hash: 16312270E14208CFEB40CF99D5447AEBBF2FF89304F10906AE205AB266DB784985CF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4e495d2f8c97358d48f8bf37e174c57688a4f9f456a081b34b1126f886793d3e
                      • Instruction ID: 0de450da9e0be9a2228a113838380b6313182a7fba4fc63853c7767fa0e33325
                      • Opcode Fuzzy Hash: 4e495d2f8c97358d48f8bf37e174c57688a4f9f456a081b34b1126f886793d3e
                      • Instruction Fuzzy Hash: D9314870E28208CFEB40CF98E5447EEB7F1FB46315F10506AE14AAB266DB785985CF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370115886.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_fcd000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0ce4f64a72ffffb1dac79c7f749f913805aea5ab9ee25c7edf80d341ea1058f2
                      • Instruction ID: d4289e2bc2b596a4003dada50e0641ce8cc343f8f79fae163424a3e0b0adaa3b
                      • Opcode Fuzzy Hash: 0ce4f64a72ffffb1dac79c7f749f913805aea5ab9ee25c7edf80d341ea1058f2
                      • Instruction Fuzzy Hash: B62128B2904241DFDB05DF14DAC1F6ABBA5FB84324F34857DE8090B241C336D80AE6A2
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43834f29faf50c7b74af3b926925eb092519805be209ee6b809c197b9c018779
                      • Instruction ID: d6f6dfb160884137fe691b4694a10b6ebcb78c40b125e7150eac25f709631ccd
                      • Opcode Fuzzy Hash: 43834f29faf50c7b74af3b926925eb092519805be209ee6b809c197b9c018779
                      • Instruction Fuzzy Hash: 4A210672A04219AFCB04EF69EC059EE7BF6FFC5310B44847AE414EB255DB349909CB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370115886.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_fcd000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f3a23c31409bc7e47aae5576d70d86d29de705622b1ded28f35424b6271e9e3
                      • Instruction ID: c5412f39e4b846b6a04dcb8dc006fa5161fd4b974b028d62f3804284c30be972
                      • Opcode Fuzzy Hash: 6f3a23c31409bc7e47aae5576d70d86d29de705622b1ded28f35424b6271e9e3
                      • Instruction Fuzzy Hash: D32104B1944241EFEB04DF14DAC1F2ABBA5FB84324F38C57DD8094B296C336D806DAA1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f8054ca1004c9dfa9433dd5d6a44d755259f7ce86f2151a179ef25183390595a
                      • Instruction ID: 11e7bc8e6e654d1d09892fe7fe2948585e56e35d25813136099138bd52fab9f9
                      • Opcode Fuzzy Hash: f8054ca1004c9dfa9433dd5d6a44d755259f7ce86f2151a179ef25183390595a
                      • Instruction Fuzzy Hash: BD313574E45219CFDB64DF64D855BADBBB2FF48300F2040AAD509AB251DB386E82DF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7895c235144fc8b8d3a16e53cde7c12b8392ac5f7bd799f611a4764309c9a53f
                      • Instruction ID: aff643f6057142e41ad423ecaf55646f9d978fa820e351f63cba447454afb934
                      • Opcode Fuzzy Hash: 7895c235144fc8b8d3a16e53cde7c12b8392ac5f7bd799f611a4764309c9a53f
                      • Instruction Fuzzy Hash: 3931F2B0D01298DFDB10DF99C988BDEBBF5FB48314F24845AE404BB245C7B95845CBA1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 093c4b1a70e238cbdf6b89aa71d7f56f37bb17307ef26889d5ff7c64cfd73605
                      • Instruction ID: 75e62dc57c3d925bacc649fc3b020857fab458975359dbabf5a4ce6333299ecb
                      • Opcode Fuzzy Hash: 093c4b1a70e238cbdf6b89aa71d7f56f37bb17307ef26889d5ff7c64cfd73605
                      • Instruction Fuzzy Hash: 1D215A74D1420D9FEB40DFA9D8456AEBBF5EF89304F40806AD204F7382C7785A458F91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9774c834c92a123b7cdc4756a4c6fba63767c7d8c8619938a5d8d455cc6166c9
                      • Instruction ID: 1a91bb3a5dc578041cf8be59d9df9f31b7b69ed9aef230660a6d6485ac924522
                      • Opcode Fuzzy Hash: 9774c834c92a123b7cdc4756a4c6fba63767c7d8c8619938a5d8d455cc6166c9
                      • Instruction Fuzzy Hash: 9E31A234A052288FEB64EF64D854B9DBBB2FF88200F1081EAD509B7255DB386E85DF51
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 091af38318086b89c672e0b47653984b94b6d68d1075ee60c8d1bef75893a790
                      • Instruction ID: 80c9d0d915daa650358bf945a182e53e3eda9cd9d00429805db9eacec89b5f69
                      • Opcode Fuzzy Hash: 091af38318086b89c672e0b47653984b94b6d68d1075ee60c8d1bef75893a790
                      • Instruction Fuzzy Hash: 09214A70D1420DCFDB40DF99D845AAEBBF5EF89304F50806AD209F7281C7B85A458F91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eb60805cc4df6684f281880e39aa259bb19e4af86ebff78e1f10280257c7ca32
                      • Instruction ID: 4929746bcf5e0c8636200786df77c1d3440d94024e766e77b50eaf117653fa49
                      • Opcode Fuzzy Hash: eb60805cc4df6684f281880e39aa259bb19e4af86ebff78e1f10280257c7ca32
                      • Instruction Fuzzy Hash: B2311474E45219CFDB64DF94D851BEDBBB2EF48300F6080AAD509A7345DA386E82DF90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e5c914a9669560124dec86cfe1cb67a8040e92398829a849c1439ad4ba719684
                      • Instruction ID: 42ed1e8c0a28f3b419f3e7a3b9b0c2c5d5ae3a8b0ccc3c558fe24dbbdf5786a7
                      • Opcode Fuzzy Hash: e5c914a9669560124dec86cfe1cb67a8040e92398829a849c1439ad4ba719684
                      • Instruction Fuzzy Hash: EB213774D18259CFEB91CFA8C8447DDBBF5FB19304F00016AD641A7292DBBC4A86CB96
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 18b819cbe12cb5a23682e901aa99af51e8b3394ff6fc9e3dcb3e313e45bfdd67
                      • Instruction ID: 75d4d46857ae139edb3b7d65fcb63bee79403cf4040c9d6fa3b105c6afa4ff0f
                      • Opcode Fuzzy Hash: 18b819cbe12cb5a23682e901aa99af51e8b3394ff6fc9e3dcb3e313e45bfdd67
                      • Instruction Fuzzy Hash: 4531A0B4E51219DFEBA0CF18CD85BE9B7B6BB48304F1080E5E609E7281D7759A85CF50
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f19f9faea5fabee5ff7b0cb3af436bf1b32f66d5a9e1d79775cd803db2da8f69
                      • Instruction ID: 51cb414b89add8d380388b3ce5e2e1ecdb348b0a669b521cc481667530b35276
                      • Opcode Fuzzy Hash: f19f9faea5fabee5ff7b0cb3af436bf1b32f66d5a9e1d79775cd803db2da8f69
                      • Instruction Fuzzy Hash: AB213D31C14B4A9ECB01EFB9D4908D9FBB1FF55354B45C65AE89877221EB30E585CB40
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 67e70c82b6147560bbf75a6587a4f52481ad677b3b58ff43f5bd4a874d634bd9
                      • Instruction ID: b9f16ee51b8bd665b6731bd89563210e879f0440dd90af52c0791e89c3311fd1
                      • Opcode Fuzzy Hash: 67e70c82b6147560bbf75a6587a4f52481ad677b3b58ff43f5bd4a874d634bd9
                      • Instruction Fuzzy Hash: B1311274E41219CFDB64DF94D851BEDBBB2EB48300F1040AAD609A7785DA386E82DF90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a21466b29634b4c17abf788f3e09bf44bdacb264e89ceff5f755062c6dc2afc6
                      • Instruction ID: 58723495cf8d025cdd2ee4dc2df2060f73bb06b5c1c852b8cf02e8adecc85a97
                      • Opcode Fuzzy Hash: a21466b29634b4c17abf788f3e09bf44bdacb264e89ceff5f755062c6dc2afc6
                      • Instruction Fuzzy Hash: 80312374E45219CFDB64DF54D851BEDBBB2EF48300F1040AAD609A7345DA386E82DF91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4508b666094da805ef260bb1853fb65076332e5e16874ac648312e493ae0eba
                      • Instruction ID: cfd88d532faecce626e5772f99d09e52cab943a51b7a8f2a2342876c23264dbd
                      • Opcode Fuzzy Hash: f4508b666094da805ef260bb1853fb65076332e5e16874ac648312e493ae0eba
                      • Instruction Fuzzy Hash: 8821D3B5D003499FCB10CF9AD989ADEBFF4FB58310F108419E959A7210C379A555CFA1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1cdf01810fed6cc935b7e74e0e4fa3e71118d2b7bb9e4846d87ff7385e846b85
                      • Instruction ID: bc918b70b9cd65d95b8670e883af92ab7f14e6ca15be4a4f754d28678ec984bc
                      • Opcode Fuzzy Hash: 1cdf01810fed6cc935b7e74e0e4fa3e71118d2b7bb9e4846d87ff7385e846b85
                      • Instruction Fuzzy Hash: 542103B5D003499FCB10CF9AD888ADEBFF4FB48320F108419E919A7210C379A954CFA5
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370115886.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_fcd000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4debc72d566a432075444213d0986bb668aee8537d1fa8b58e63e6cf4e4d047
                      • Instruction ID: 5ca899246439ba2fa1c3e864b96766e81f9060f1d3ba0424dc1851cf23a98fdc
                      • Opcode Fuzzy Hash: d4debc72d566a432075444213d0986bb668aee8537d1fa8b58e63e6cf4e4d047
                      • Instruction Fuzzy Hash: 5311E676904281CFCB15DF10DAC4B5ABF71FB84324F24C2ADD8494B656C33AD81ADBA2
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2e6534d938cee843a356695018180c171a75409d0a60f2c5ba7f01b85e23e842
                      • Instruction ID: aeeea79bd9f80c7945934aebd4b99c7524e68c6c7610122c2a4fa12430cb833a
                      • Opcode Fuzzy Hash: 2e6534d938cee843a356695018180c171a75409d0a60f2c5ba7f01b85e23e842
                      • Instruction Fuzzy Hash: 2E11E474E2420CCFEB50CF99D440BAEB7F1EB85315F01906AD209E7222DB345981CF55
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 89ab21ecb3219faa7ad811304943652288ccf00b0889a1edcbacf0544a97c423
                      • Instruction ID: b76a431c91e0c419a78bc6f68b07ec315983edca489dd04b96fe0f28823bdc97
                      • Opcode Fuzzy Hash: 89ab21ecb3219faa7ad811304943652288ccf00b0889a1edcbacf0544a97c423
                      • Instruction Fuzzy Hash: BC210274E44219CFDB64DF64D851BEDBBB2EF48300F6040AAD509A7741DA386E82AF90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370115886.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_fcd000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                      • Instruction ID: 8acaff3aa43a16a695d7ae1a3982721416ecaf959fa33435768cc4264576d6ca
                      • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                      • Instruction Fuzzy Hash: 37119075904280DFEB05CF14DAC4B19BFB1FB84324F28C6ADD8494B656C33AD85ADB91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 611a18eb167b52f606c35e4e84e57b4ab1650248e990740c1ac510bbd882e34e
                      • Instruction ID: f240b3dd1c0b6b9dadd2bb64338884da992a6821c560a9abf887cf9ec45f7285
                      • Opcode Fuzzy Hash: 611a18eb167b52f606c35e4e84e57b4ab1650248e990740c1ac510bbd882e34e
                      • Instruction Fuzzy Hash: 2F1125B1C002088FDB10DF99D549B9EFFF4EB89320F20841AD569A7200C375A945CFA1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c8cb87c0c4aea7364d09a5b295c5c2b33753609dfdd630ebd095418b207ebe3
                      • Instruction ID: 46ee683fb546d50ed7c89e31735ee856324335e6f910d45db4029861a0fb67cf
                      • Opcode Fuzzy Hash: 6c8cb87c0c4aea7364d09a5b295c5c2b33753609dfdd630ebd095418b207ebe3
                      • Instruction Fuzzy Hash: 981128B5C003088FDB10DF99C548B9EFBF8EB49320F10841AD555B7200D375A945CFA5
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a969a3779869b73e28d9c25dd7898c6a149acb72c50d97a3141b9af18a6fdcdc
                      • Instruction ID: 2875e019fd71ddb2a2d881deb586058a22efc0ff5c690fa068287ad92eb1891f
                      • Opcode Fuzzy Hash: a969a3779869b73e28d9c25dd7898c6a149acb72c50d97a3141b9af18a6fdcdc
                      • Instruction Fuzzy Hash: B711ED36900249DFCB159F64C809AEE7FF2AF88310F14849DE582AB269CB764E41DB91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 411703af3d774a72dcaf1338a5d570f937328a106920bee2d53fe78f54566f8b
                      • Instruction ID: 3c73db177e21426f9485f28be9a5ad6bd0cefd9409aae3d86c74182db705f191
                      • Opcode Fuzzy Hash: 411703af3d774a72dcaf1338a5d570f937328a106920bee2d53fe78f54566f8b
                      • Instruction Fuzzy Hash: AA01D875C49248DFC741DBB5D9127AE7FB4DF46201F1440EBC988D7251D6398E04DB92
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d0eb7cb8f338a45deb59260e1358d3e4a5ec0d896b71deb8a770c8ff25d243ca
                      • Instruction ID: 100c832a43151c0c96d72a2267107a550b111b0ac42bf8ac75abf9888af1833f
                      • Opcode Fuzzy Hash: d0eb7cb8f338a45deb59260e1358d3e4a5ec0d896b71deb8a770c8ff25d243ca
                      • Instruction Fuzzy Hash: 6411613290020AEBDF14DF94E805AEDBB78FF48310F10C519EA5966250D7316591DBA4
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4bb842f4f83b848273e6cecd11770be4abe453767040c38c49f3b59c8fb6236
                      • Instruction ID: e21a7b7085add00d5a166e996c4ff818d6010a26cd7dae54824dcea6f105f6d9
                      • Opcode Fuzzy Hash: d4bb842f4f83b848273e6cecd11770be4abe453767040c38c49f3b59c8fb6236
                      • Instruction Fuzzy Hash: 3B012C71D0020A8BDB00EF90C9A56EEB7F6AB5C308F144524C841B7259EA795E0ACBA0
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aca1f38b9b5be98f4bc220d7885ab328b7498c3efad24938c1674904043e8292
                      • Instruction ID: 1c01f821704501c82fa87cbbe91e14c46d4a77fe8e7863ea89b2ac4bb052f59f
                      • Opcode Fuzzy Hash: aca1f38b9b5be98f4bc220d7885ab328b7498c3efad24938c1674904043e8292
                      • Instruction Fuzzy Hash: 09017135900209DFCB059F64C918AED7BF2AF88310F144469E541AB264CF764D40DB91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f06433edf47c523fbad70781caa44ed468a5e71434f875a99d9986235680ee4d
                      • Instruction ID: 18148fafeaf8bc1d46bc0eff820db37812769c8e8f2bf6d88f33b4c9f1ba6ee9
                      • Opcode Fuzzy Hash: f06433edf47c523fbad70781caa44ed468a5e71434f875a99d9986235680ee4d
                      • Instruction Fuzzy Hash: 24016D32C0060AABDF00AF99D801AEDBB74FF88310F14C519EA5877210D775A566DBD0
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a70a7c35570b151b9c6ff5e7f08f2f12dc64f1302bc6d86069b1a2750b2eae80
                      • Instruction ID: 1faac32893938b1706a4d45683855599fb9aed35a33ee9be4b54e7df90392bc8
                      • Opcode Fuzzy Hash: a70a7c35570b151b9c6ff5e7f08f2f12dc64f1302bc6d86069b1a2750b2eae80
                      • Instruction Fuzzy Hash: E4115D74A52268CFEBA0CF58D944B9CBBB1FF4A304F1045A9D609AB290D3759EC0CF45
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 894817559e8460e0b38c38d31d15d61e588f54caa11910bea0ba20b6a04aa473
                      • Instruction ID: 33630b7a337f79ccc654347323cca2d9078b6b05981ba3365ca46d537ea7829d
                      • Opcode Fuzzy Hash: 894817559e8460e0b38c38d31d15d61e588f54caa11910bea0ba20b6a04aa473
                      • Instruction Fuzzy Hash: 8B01D0B0D11219CFEB64CF58C948B9DBBF2EB48304F1480A6D208A7291D7789EC0CF42
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ba0e65864e08c03bfad2c6edead710e6dd908e9d5119e84417518a8496895be
                      • Instruction ID: f725753fb10a609ebf0646228a1e230d2e036f6a593659127adc100d3cf3e6e4
                      • Opcode Fuzzy Hash: 6ba0e65864e08c03bfad2c6edead710e6dd908e9d5119e84417518a8496895be
                      • Instruction Fuzzy Hash: 52F05E74D4520CAFCB80DFE8D9416ACBBF4EB48210F10C0EA981CD3310D63A9A41DF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f0d83b2864574225392d2441f13133d4cf6f7861baba3867fa373694888d8212
                      • Instruction ID: 0cf43574e0aa46825cbbaa2ad60dd88c9506103fc0c6f62b3bc197ea898217bb
                      • Opcode Fuzzy Hash: f0d83b2864574225392d2441f13133d4cf6f7861baba3867fa373694888d8212
                      • Instruction Fuzzy Hash: D8F03731C0020EEBCF00EF98D8018EEBB75FF89320F10C519EA5867210D772A5A6DB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fb66d11772b57fe3d1bcbc770e1ca855ad86ab70ed6e5885a4694201e5e0e81c
                      • Instruction ID: 6b9b3f084221ec323f744889ac71e9d99dd6989c472bb9ee14e2260f7cb5c4b0
                      • Opcode Fuzzy Hash: fb66d11772b57fe3d1bcbc770e1ca855ad86ab70ed6e5885a4694201e5e0e81c
                      • Instruction Fuzzy Hash: 8DF08276C04108AFDB40DFA4D442BADBFF4DB45310F14C0A9EA5597381D63A9A02DB84
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ded50dd52c98adcab1a055e2eff7dd5baacc2cb1a5b763beda23008e6c3dd17c
                      • Instruction ID: 2800debdf99345eb82f00efb4d52d79b94695e677ec3237ed2f0c1ca03fa9b8f
                      • Opcode Fuzzy Hash: ded50dd52c98adcab1a055e2eff7dd5baacc2cb1a5b763beda23008e6c3dd17c
                      • Instruction Fuzzy Hash: D701F63182061ACBDB11DF54C854BDDB7B2FF49304F1086A9E60AB7250D775AAD5CF80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24b35203e1592a6dfb4692c84e692da6b0e24a3f4674b8f1510344e6dd9cae79
                      • Instruction ID: b263172f7bc496b89f499e98a7d07ba002a59a6976f006d7a856a85e494f1321
                      • Opcode Fuzzy Hash: 24b35203e1592a6dfb4692c84e692da6b0e24a3f4674b8f1510344e6dd9cae79
                      • Instruction Fuzzy Hash: BFF0657520D2844FD7026FB8A8254653FF1EF4F62132640E7D849CB3A7D9298C16C752
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24a0585f4189d0c4d7b42b2b1cb5da279ce3031d2c4c833dcefb80a8d4876d25
                      • Instruction ID: 3a9abb1452c665b0d283a489f516e78c0f26b9080f17ae3ef96244ad6903e3f3
                      • Opcode Fuzzy Hash: 24a0585f4189d0c4d7b42b2b1cb5da279ce3031d2c4c833dcefb80a8d4876d25
                      • Instruction Fuzzy Hash: 14F08C3A804108ABCF40DF90D942BAEBB75EB48300F108059FD0867350C6329A69EB82
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 011bafd8011398276f745bc3a3077d4d9d4b099812987c8dc4980a7ef100bf64
                      • Instruction ID: 43bca5604b617c4d3ed0b1f0fc76a43ebd3650a40e938f9185f961da7885ee4c
                      • Opcode Fuzzy Hash: 011bafd8011398276f745bc3a3077d4d9d4b099812987c8dc4980a7ef100bf64
                      • Instruction Fuzzy Hash: 9AF0E534904108DBD794EBA8D4462BDBBB4DB45314F1441DDD98C97382DA3B5E02DB82
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c49cc201715feaee5e9e358b2a5a24d0d0e10bac0d0c2470dffc10a4952372f5
                      • Instruction ID: 107f5d2c88bddf507b3f890cceb89c8d48e773e2f467f5199d6a504d28e8950a
                      • Opcode Fuzzy Hash: c49cc201715feaee5e9e358b2a5a24d0d0e10bac0d0c2470dffc10a4952372f5
                      • Instruction Fuzzy Hash: 1901DD70E11219CFEB64CF58C948B9EBBF2EB48300F4580A6D508AB291E7349E80CF42
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 571af88e3f32a4152e0a98eb9c9758b553ba7659caf374eec4e77d11c6f79a4f
                      • Instruction ID: 7815c49140c9959ceb3ac2c50414efb81c61644523145ed79617e811c8d87365
                      • Opcode Fuzzy Hash: 571af88e3f32a4152e0a98eb9c9758b553ba7659caf374eec4e77d11c6f79a4f
                      • Instruction Fuzzy Hash: EB01E47086121ACFEB64CF24D848BECB7B1FB05309F2046A9D10AB3241D7794AC4CF00
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4989fefdef03616c1e1b352287eb42ee03432cb01e32ae3537edb25eed81eddc
                      • Instruction ID: 266cb71264dfd80b12e4b60e3a4cb77959c3dcf0fbef09b1a7ca08bff6c04a45
                      • Opcode Fuzzy Hash: 4989fefdef03616c1e1b352287eb42ee03432cb01e32ae3537edb25eed81eddc
                      • Instruction Fuzzy Hash: E9F05E79904208EFCB44DFA4D942BEDBBB4EB48310F54C49AAC1892350C6328A55EF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ffb967220164b2024136442b9a1f4c1c50a8f488f790e344d5a60dcf139ac7d
                      • Instruction ID: 3199e92f7b6355b0ec884e6263017bd6d42def441e4cd8c211921551d5351e10
                      • Opcode Fuzzy Hash: 5ffb967220164b2024136442b9a1f4c1c50a8f488f790e344d5a60dcf139ac7d
                      • Instruction Fuzzy Hash: 69F09034808248AFCF41CF94D9415ACBFB5EF08300F00C09AED8897251C2364A12EF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cbdcf6060039aabd461272318e97994ba52bde540045dca4ca68f99d35995c6b
                      • Instruction ID: eeb34d5009ed98b024795b5c9b9d5099a3743c94766d11c5511cda09f4b8a4af
                      • Opcode Fuzzy Hash: cbdcf6060039aabd461272318e97994ba52bde540045dca4ca68f99d35995c6b
                      • Instruction Fuzzy Hash: 87E0DF33604218AFDB08DAA8E4006DE7BEDEB48231F1040BAD50CC3740EA72984087A0
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a99fd26aa988533b1f2923bfd33cdc0519944e41fa15e5a3f8acc6a35708a5cf
                      • Instruction ID: 77f774ab2ed79d225983e524bfa685ccbb3834f856412d40f70f1dc62b50c981
                      • Opcode Fuzzy Hash: a99fd26aa988533b1f2923bfd33cdc0519944e41fa15e5a3f8acc6a35708a5cf
                      • Instruction Fuzzy Hash: 37F08C75C04008AFDB84EFA4E4416ECBFB4EB48300F10C0AAEC5897341D7758A06EB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3d994d1aa0a21121dce5032a1ea2764a0046a360355a14ec1083cacf3b34f334
                      • Instruction ID: 6526eb64532ef505f69b2274058449a9a5a07e8ab3253856d7bd9b5f8fd44008
                      • Opcode Fuzzy Hash: 3d994d1aa0a21121dce5032a1ea2764a0046a360355a14ec1083cacf3b34f334
                      • Instruction Fuzzy Hash: 9DF0E778D1425CCFEBA1CF24D8547EDB7B2BB49309F1040A9D509B6292D7784AC4CF01
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6fe0897eb607b71550308e1713858becf68f329275f315125b3b0dd2393f08a7
                      • Instruction ID: 586c6f81021522c606fd570c14dabe771d6d357a6c4f56f015d9628ba63d10cc
                      • Opcode Fuzzy Hash: 6fe0897eb607b71550308e1713858becf68f329275f315125b3b0dd2393f08a7
                      • Instruction Fuzzy Hash: 09019278E142289FEB50DF24D855B9ABBB2FF85304F5041E9A44DAB355CB385E818F41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5a8d831fccdc09025b42b7c5a8db5cf2d0328e379fe6462fafb11418b352a897
                      • Instruction ID: 5dcc1d5d4e9070dbfe042502989b80b870d8772c2fc3792a0f16a0d7a34e3dc8
                      • Opcode Fuzzy Hash: 5a8d831fccdc09025b42b7c5a8db5cf2d0328e379fe6462fafb11418b352a897
                      • Instruction Fuzzy Hash: 24F0E574909209EFCB00EFA4EA419ED3BF2EF483087204599E805C7725D7311F06AF00
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c83991d099709e96f508b365f43506185fb506db5c6bebae6f961af256576de
                      • Instruction ID: 63cbd2cd91fe40c7e8860f6dc4e05b1df955103ed3cc6a3cf5a1ac51d4e29fdd
                      • Opcode Fuzzy Hash: 6c83991d099709e96f508b365f43506185fb506db5c6bebae6f961af256576de
                      • Instruction Fuzzy Hash: E4E0DFB981410CAFD750EFB8D8427AEBBB4DB04200F2040B88808E2340D6319A51C691
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 538f264ba755c2b4669fa1ad6d1d89f3bf5b04e25504ad45189f7151d172e72f
                      • Instruction ID: 73b0de38e42cb1374813b53e1477423ad505cf0112c4657cee659a6153d4e9e6
                      • Opcode Fuzzy Hash: 538f264ba755c2b4669fa1ad6d1d89f3bf5b04e25504ad45189f7151d172e72f
                      • Instruction Fuzzy Hash: D3E09279808108EBCB00DBA4D947AADFFB4EB44310F14C0A9D80853340C7329E42DAD1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5832673714f03bdc2484f5c6d119760bfea24415b9e0ba274efd4ffdde3b4ca7
                      • Instruction ID: 0066b164fa15a2386640ae945364d709bb0890a4915db4eadc477bd842b9af9d
                      • Opcode Fuzzy Hash: 5832673714f03bdc2484f5c6d119760bfea24415b9e0ba274efd4ffdde3b4ca7
                      • Instruction Fuzzy Hash: BBF0E574C14208AFD750CFA4D542ABDBFB0EB59311F1081E6DC4883340C6355E42DF82
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 05e5119e3f9ebc656a7fb8db8c8ceccc6419cf13826d1e7706c075930e114ea5
                      • Instruction ID: a67b3756718a5d87e752ce6715c666d4a7bb11b1ee6e7e462fc3ca856f1d2369
                      • Opcode Fuzzy Hash: 05e5119e3f9ebc656a7fb8db8c8ceccc6419cf13826d1e7706c075930e114ea5
                      • Instruction Fuzzy Hash: FDF06D36618008EFDB05DFA4D941EEE7B72EB09314F148599FE088B251C73B9D62EB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 07e2e4b036b9cc132e82c11defbb2c55e2fcc3e34429969f4fa4373021cfad09
                      • Instruction ID: 995a9044b2a53722cd6b8c9e707cd8faa504eea5757b25535b1515fc7f1da861
                      • Opcode Fuzzy Hash: 07e2e4b036b9cc132e82c11defbb2c55e2fcc3e34429969f4fa4373021cfad09
                      • Instruction Fuzzy Hash: FEE06D74919248AFC794DFA8DA866ACBBF4AB49215F2480ED8808D7341D6369E41CB92
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fccc82b4243f5a02e53de3533352f01f1fdc992817ac64311e65f7aa5b0c46e5
                      • Instruction ID: c393e9d793757dbbb4188fd051f16715e004b2de823846887d683b3a2b354caa
                      • Opcode Fuzzy Hash: fccc82b4243f5a02e53de3533352f01f1fdc992817ac64311e65f7aa5b0c46e5
                      • Instruction Fuzzy Hash: 7EE0D835904108EBCB00DFA4E8427ECBBF4D748315F1080B9C80897341C6755D82D781
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e547bd1202b589c9a08764cb23aa7bedee198f0132910e31a44b227d2efdf3f
                      • Instruction ID: 8e49958544afc06b184a48aff8e61f0a6667e18341159d67ca9e6feb44317c60
                      • Opcode Fuzzy Hash: 3e547bd1202b589c9a08764cb23aa7bedee198f0132910e31a44b227d2efdf3f
                      • Instruction Fuzzy Hash: EBF0153590420CEFCF40DF98D941AADBBB5EB48310F10C0A9ED0897350D7329A61EB81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fbc6e7093309ea20a5bc5201cc01ac6eaa26930596bf03db1677c627f3d292f4
                      • Instruction ID: 4903af5baf000d85981692de6e799bcfddf59c7de60d3d5311f100e221f62b59
                      • Opcode Fuzzy Hash: fbc6e7093309ea20a5bc5201cc01ac6eaa26930596bf03db1677c627f3d292f4
                      • Instruction Fuzzy Hash: ACE0DF7D804108AFC790DBE5E9823ADBFF4DB04214F1580DED84C92342E6B99E02D790
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6b8f3999000cc403b49092720511b82b884859247c6d99aed6d0c3b6ebdd7aef
                      • Instruction ID: a66eea2ce6b524071e3a39d0fe5c8834d16a3a2801ffd436018755aca11c70fc
                      • Opcode Fuzzy Hash: 6b8f3999000cc403b49092720511b82b884859247c6d99aed6d0c3b6ebdd7aef
                      • Instruction Fuzzy Hash: C9E0DF71D0920CAFDB40FFB8D40A7AEBFF4DB05200F1040AD8949E3251EA304A42CB82
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d737e0a2802f11e4406c114bb1ad2da6c5df70d8deee65c10d3b826cb2aa801c
                      • Instruction ID: 650326d57272332ff50cf376b2b0c620e804e8ffc80927e54475bced9d4528c5
                      • Opcode Fuzzy Hash: d737e0a2802f11e4406c114bb1ad2da6c5df70d8deee65c10d3b826cb2aa801c
                      • Instruction Fuzzy Hash: 6AE03974808108AFCB85EFA8E4419ACBFB8EB48300F10C0AAAC5896241C6759A51EB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 97e80bedbd99d25905e2f652c7091d1e26d5aff31895ddda8ce258ff264c7e87
                      • Instruction ID: b7dd70b3c93b6dddce216ddcc232ec1cc5ecf886e71fff1bf7318e093b9b8a4a
                      • Opcode Fuzzy Hash: 97e80bedbd99d25905e2f652c7091d1e26d5aff31895ddda8ce258ff264c7e87
                      • Instruction Fuzzy Hash: A1E0E57590420CEFCF05DF94E9419AEBBB5EB49310F108499EE0867251C7729A61EB92
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 55f86eeccc18c2ad2410af2cd961857fb911c1ba5876a0cb4d1176ccbf996197
                      • Instruction ID: 51cf409bdc22fa4c14ec969fa372bab786c9ce877873cbc6a7e38fa80064626b
                      • Opcode Fuzzy Hash: 55f86eeccc18c2ad2410af2cd961857fb911c1ba5876a0cb4d1176ccbf996197
                      • Instruction Fuzzy Hash: 98E0DF78908008DFCB04DFA8E592AEDBFB5EB45314F2489A9CD0897340CA324D02DB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c3f89dbdd7edcbd69f1bc4e9b3f904e2c1664021889dd2466d07e54a67eeb925
                      • Instruction ID: 41668521bb4bb5363d62f1f5428ede08367bec8139bf786b3a4410cc47096b54
                      • Opcode Fuzzy Hash: c3f89dbdd7edcbd69f1bc4e9b3f904e2c1664021889dd2466d07e54a67eeb925
                      • Instruction Fuzzy Hash: B3F0397490420CEFCB40DF94D941AACFBB5EB48310F24C09AED5857350C7329A51EF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf14c1a0746468b5d91205edd35c00c5d903c0cfef4a2ef9e943693a144480a2
                      • Instruction ID: 97479a05f4797fcedf96ce3b450aa4f1533598ed19c5b768aea616ed1567c008
                      • Opcode Fuzzy Hash: cf14c1a0746468b5d91205edd35c00c5d903c0cfef4a2ef9e943693a144480a2
                      • Instruction Fuzzy Hash: 09F03030904145DFD754DBA8D445AADFBF0EB45314F2481DA985897381C6765942DF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 47a0a3517f2af5b4d13ca11adf46b587ce8388736e0d97e178fe7e7fac5f4ac7
                      • Instruction ID: 9750b2084ee7fa520e15e6979ffeb7e15ffada4a38d69ededd4caa28bd360169
                      • Opcode Fuzzy Hash: 47a0a3517f2af5b4d13ca11adf46b587ce8388736e0d97e178fe7e7fac5f4ac7
                      • Instruction Fuzzy Hash: 6BE0E574E04208EFCB84DFA8D5456ACBBF4EB48304F20C1AA9858D3340D635AA41DF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7705721d21d568ef5125404ead15d0a57ebcde7e14a0f897ef8734a462a32e29
                      • Instruction ID: 16106df72c460959602d9584b2204ae29ffefb13e325ac75c19cf8ef7df5672a
                      • Opcode Fuzzy Hash: 7705721d21d568ef5125404ead15d0a57ebcde7e14a0f897ef8734a462a32e29
                      • Instruction Fuzzy Hash: 08F04D74A122689FDBA1DF54D844BEDBBB1FF49310F1041A9EA0DAB350D6755E818F80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2017c1c8f96a63528b009ca4f1e7308aa64947fb127d31250b4e4714912ee6b1
                      • Instruction ID: 0c28b99dd9db2105f6913697667f72ca119a7fe08b9a9570ce64bde6e2334ae6
                      • Opcode Fuzzy Hash: 2017c1c8f96a63528b009ca4f1e7308aa64947fb127d31250b4e4714912ee6b1
                      • Instruction Fuzzy Hash: 58E0263840D308DFC704CB60D922B79BBB8DB02220F0480C9894C8B342C5329D05C782
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b545fb5c77831acf2d711102f21ad96879d14ff2b99310ab64d247133c224716
                      • Instruction ID: 637e187e9d108c37788b88b29ad56006c7ed9f885498b653e9e7e2b988f225d7
                      • Opcode Fuzzy Hash: b545fb5c77831acf2d711102f21ad96879d14ff2b99310ab64d247133c224716
                      • Instruction Fuzzy Hash: BDE04F75A68044DFE714DB64D142BEEB7B4DB59314F148599C9099B242CB369D03C6C1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 869a2b4d51b20f3755452db19b83048ed0bdfcd62759ecbe6244d884cf56d371
                      • Instruction ID: d34bc2ab6b8d68560a739c23dee7c57f6c7fa4ac0c65bea27ff4fc1fb829ad57
                      • Opcode Fuzzy Hash: 869a2b4d51b20f3755452db19b83048ed0bdfcd62759ecbe6244d884cf56d371
                      • Instruction Fuzzy Hash: B9E08636C012A4DFD7116B58F545798B7E5EB01335F0B00A6DC989B15AC768DC80C785
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f43998b992a0cbea25d041c387d6365903d0a47ad4ec8eec5aae1b5f767f0d18
                      • Instruction ID: a53a9731f448f316dd63f8fbb5e6fed37fce9faecad868e7a01f42254f163bbd
                      • Opcode Fuzzy Hash: f43998b992a0cbea25d041c387d6365903d0a47ad4ec8eec5aae1b5f767f0d18
                      • Instruction Fuzzy Hash: 6CE0E574D04208AFCB44DFA8D541AACBBB8EB49310F10C0AAED5997341D6369A55EB85
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b2ce4068340bab217ab7dd931972251d10cac2b86da24b628a114bd11d547d3a
                      • Instruction ID: a99340d0005ea9ffd3f2cc2a63a982f271fe73a9993b027eef6ab2eaf91a3866
                      • Opcode Fuzzy Hash: b2ce4068340bab217ab7dd931972251d10cac2b86da24b628a114bd11d547d3a
                      • Instruction Fuzzy Hash: 18E02634519014DBE344CB64E142BBEB7F0DB85318F2480ADC9088B242CB739D43C680
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8c183f5ca91874fd42f9601d136d54c4b9b3a962d61fe07fae5c14ee733444a7
                      • Instruction ID: 3686f9914672264108a21a76dbf93c0b770e02f364670362bd92acefb0d87c47
                      • Opcode Fuzzy Hash: 8c183f5ca91874fd42f9601d136d54c4b9b3a962d61fe07fae5c14ee733444a7
                      • Instruction Fuzzy Hash: 81E04F30A85109EFCB41EF68E91569CBBB2EF44248F1441A8E40C9B646DA315F12AB81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a73258d50d88d953b21862cfc85fcfa56c870dd5c7b32584539e891a5255845
                      • Instruction ID: 65cdea6b26c4087be714cb2acd15a51c8e9362d906f973b68427b20925d65887
                      • Opcode Fuzzy Hash: 6a73258d50d88d953b21862cfc85fcfa56c870dd5c7b32584539e891a5255845
                      • Instruction Fuzzy Hash: 4CE04FB0D0924CAFC701FFB4ED5519CBBF5DB45344B2045DAD808DB211E6755E149B41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f26a546ce5f713bba99c8954f91d0df852591ec1804c8c8fdd58ca6d505b868
                      • Instruction ID: 3b31b9ee6e2adecb7f7bf066c6dbdb5f1e8da8f8b80a9cd2767b8e87db33a5ec
                      • Opcode Fuzzy Hash: 3f26a546ce5f713bba99c8954f91d0df852591ec1804c8c8fdd58ca6d505b868
                      • Instruction Fuzzy Hash: 82E08670D1410CEFC784DFA8D5456ACBBF4EB48204F2081AD8D0CD7340D6329E41CB82
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ceabc9be2fcef6557259920c2b3118add1af7610d4d3584a25ea87b205bc7774
                      • Instruction ID: f9260093036aa46d3af4d5ca6882861cdb1bf0c0ace7329cff84309e417e3e95
                      • Opcode Fuzzy Hash: ceabc9be2fcef6557259920c2b3118add1af7610d4d3584a25ea87b205bc7774
                      • Instruction Fuzzy Hash: 7EE046B4908208EBCB04DFA4E9469ADBFB8EB45310F2080A99D0867340D6329E52EAC5
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2ab5eba55ea8093f470d5886a5e0aecd952b948c250f372227bac23369ba3524
                      • Instruction ID: 4148b35d4f4aed4adf5f77a0dab6fd5efdd029344a07a543afd1ffd8c273ace9
                      • Opcode Fuzzy Hash: 2ab5eba55ea8093f470d5886a5e0aecd952b948c250f372227bac23369ba3524
                      • Instruction Fuzzy Hash: 3EE04F78A00208EFCB00FFA4EE4599D7BF5FF483087204598E80893714EB312F10AB55
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 44d1756a15676ddeed417904f39240fad00d440429276c46564b5ac62777bfae
                      • Instruction ID: c879f286652124096c6b71319e9ef8f6442e1258cc8c750891cdc2cadf8eba4a
                      • Opcode Fuzzy Hash: 44d1756a15676ddeed417904f39240fad00d440429276c46564b5ac62777bfae
                      • Instruction Fuzzy Hash: A9E012797000148F9744ABB8E91896977E5FF4C62532140A5EC09C7359DE35DC118B95
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction ID: 9bf4bb89d766715a4bbf4f21bc76143bbc5610d154e2d29e5925d9afe7b0fa78
                      • Opcode Fuzzy Hash: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction Fuzzy Hash: D4E0C23490810CEFCB08EFA4E5819BCBBB9EB45314F2089ADCC0C97340CA725E42DB81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction ID: 5a30d0b1e1d2e75709c03b1dd2b955ef9f1195c007155d77f8b909a1f2fefc8d
                      • Opcode Fuzzy Hash: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction Fuzzy Hash: 5FE08C34909108EBCB04DFA4E981AACBBB8EB45304F2080ADC80857340CA725E42DB81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction ID: fe819d71fae333761376a931960c53697cd8c40e9a5dd077e601fa763ec1c8f4
                      • Opcode Fuzzy Hash: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction Fuzzy Hash: 37E0E674909108DBC744DF94E5455BDBBB4EB85314F1081AD990857341C6725D45D785
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85fafee2336c1a5d36d8184b9b06ce26c8033ca14153bc76fc0dade2635ef42d
                      • Instruction ID: 1d0cf77921597c110f45a8c20464acde250e180569a28b0a19cf239bb36c737a
                      • Opcode Fuzzy Hash: 85fafee2336c1a5d36d8184b9b06ce26c8033ca14153bc76fc0dade2635ef42d
                      • Instruction Fuzzy Hash: 24E01270D1521CEFCB84EFB8D5466ADBBF49B04600F2040A98909D3250E7705A54D7D1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction ID: f8669a8e491acbba82f54eaa4439df10aa328604c12eeeaaa6f9b33f45a8114a
                      • Opcode Fuzzy Hash: 4b64836c89e7cc928bb486191cdd20904db59716424ccd7a49c330bd85f72b79
                      • Instruction Fuzzy Hash: 38E08C34918108EBCB04DFA4E5419ADBBB8EB45304F20809E890867341CA325E42DBC1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c16359c359c31dd617e41e528c0f57022a1e67eef25f8cb8fdcf3ba386d59b90
                      • Instruction ID: 41acea824fd212f0777e42612d5678f26b935fff77447625e62bf684c050a588
                      • Opcode Fuzzy Hash: c16359c359c31dd617e41e528c0f57022a1e67eef25f8cb8fdcf3ba386d59b90
                      • Instruction Fuzzy Hash: 72E0C239405104DBDB00DBD0F6427BEB774EB95304F2486AD880997341CA338D06CB82
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85fafee2336c1a5d36d8184b9b06ce26c8033ca14153bc76fc0dade2635ef42d
                      • Instruction ID: a83e0b63978a7b51d5c4d0d95f98f1f4be25f0c28580e066b0e1b65e80acf506
                      • Opcode Fuzzy Hash: 85fafee2336c1a5d36d8184b9b06ce26c8033ca14153bc76fc0dade2635ef42d
                      • Instruction Fuzzy Hash: 48E01270D5520CEFCB80EFB8D5456BDBBF49B05200F1041A98D49D3250EF705A45D7C1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7b8debba7eeec9443a105590e0f98d5b62743fd3c198da5f5a285ce285b50953
                      • Instruction ID: a150a888e1cce3c4df7e14ba3d8c9a687405222928523394fb1310479b111014
                      • Opcode Fuzzy Hash: 7b8debba7eeec9443a105590e0f98d5b62743fd3c198da5f5a285ce285b50953
                      • Instruction Fuzzy Hash: E2D0A7B030420A6BDB046B2CDD89D7B37DCEB85B407208829BC42C729AEF34EC01D4A1
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 29b430aa76a6900c52a1b46f3c57cb8b4d966bc4f4319e2eb3e179df6fb749dd
                      • Instruction ID: 2105fd53f46a5cdcbde8774358e14c6cded31441b27e0bef18399c208865bf4e
                      • Opcode Fuzzy Hash: 29b430aa76a6900c52a1b46f3c57cb8b4d966bc4f4319e2eb3e179df6fb749dd
                      • Instruction Fuzzy Hash: 60E0E5B4D0021C8FEB51DFA4CC54ADEBBB9EB48304F004096E649EB244D6389A818F90
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a51034aee5bac8eaba66985132d3b7cbe6a78650493a59a9e579a948cd77a3eb
                      • Instruction ID: ddaeb29babb6a31020c74a1fb76abbe54ea8d980ceec646f80d20b478a46be2c
                      • Opcode Fuzzy Hash: a51034aee5bac8eaba66985132d3b7cbe6a78650493a59a9e579a948cd77a3eb
                      • Instruction Fuzzy Hash: FAE08C30814108EFC784DBA8E5456BCBBB4EB05214F1080ED988897341D6729E41DB81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a51034aee5bac8eaba66985132d3b7cbe6a78650493a59a9e579a948cd77a3eb
                      • Instruction ID: 2cf6c389ea2db3a5a589d92f3bc410808465974e126e56cfe04abaaa723ae39d
                      • Opcode Fuzzy Hash: a51034aee5bac8eaba66985132d3b7cbe6a78650493a59a9e579a948cd77a3eb
                      • Instruction Fuzzy Hash: 5AE08C30804108EFCB80EBA8E5416BCBBF4EB45214F1080DA994C97342EA769E41DB91
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a51034aee5bac8eaba66985132d3b7cbe6a78650493a59a9e579a948cd77a3eb
                      • Instruction ID: d9f23b5fd03d7c7ce6806e68951f945bcabe56e2bde8172c980c63502184c5b4
                      • Opcode Fuzzy Hash: a51034aee5bac8eaba66985132d3b7cbe6a78650493a59a9e579a948cd77a3eb
                      • Instruction Fuzzy Hash: 1BE08C70904108AFCB80DBA8D5416BCBBB4AB49204F108099884897341D6329E45DB81
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6fba1d64a590659005fbe6ae55025425defddf6977eeeda8cb2de83e9687d8b5
                      • Instruction ID: 2f723db905b232691f91b39a68a187def002dadf9429837883e3df1bcdb6be48
                      • Opcode Fuzzy Hash: 6fba1d64a590659005fbe6ae55025425defddf6977eeeda8cb2de83e9687d8b5
                      • Instruction Fuzzy Hash: 31D05E74519108EFCB44DB94E541ABAB7A8DB4A314F10919D990887341DA739D02DA92
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 300706a3c361abc3753a17fa01389256e5a33c7809d0e613acd3e6a1e4cbc471
                      • Instruction ID: 45013a00239fa63b28fb071d07e75affa5ee26b6c4db98c6f7686a029888c558
                      • Opcode Fuzzy Hash: 300706a3c361abc3753a17fa01389256e5a33c7809d0e613acd3e6a1e4cbc471
                      • Instruction Fuzzy Hash: 21E0DF3480C2C48FE7419B70C8212ED3FF1EF06304F4450DBC088AB246CB3809818F11
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e74fe6605bfbe31113da2e28dd95c29a9c5c20012608ec6d413b7abc9e297a74
                      • Instruction ID: 7e097c60db4def3774ec6525fe3974ec9be7244f5bd65855914c7a6bcb0f2710
                      • Opcode Fuzzy Hash: e74fe6605bfbe31113da2e28dd95c29a9c5c20012608ec6d413b7abc9e297a74
                      • Instruction Fuzzy Hash: BED05E347401049F8B08BBB4A93A82C37A5EF89705340046DE506C7362DE35BC00AB40
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c794a5c8ce46592e899d1105b098c33dd81cdcbcdb8ae646420d441bba9b3b94
                      • Instruction ID: dd0b79be36c17f269ac0e419f3ac147ab30791b6b01b62a186e069c10182380d
                      • Opcode Fuzzy Hash: c794a5c8ce46592e899d1105b098c33dd81cdcbcdb8ae646420d441bba9b3b94
                      • Instruction Fuzzy Hash: 6BD01770A8010DEF8B40FFA9EA0159DB7FAEF44248B6045A8A808E7641EA316F109B80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0536763aa1925e789f3e8e90a7433eb04b1e0928fca46e51a63fe2e926273d8f
                      • Instruction ID: 056a30acd668860aa30d7dff1f71943111547c1fe8d673d5338d587d48e64227
                      • Opcode Fuzzy Hash: 0536763aa1925e789f3e8e90a7433eb04b1e0928fca46e51a63fe2e926273d8f
                      • Instruction Fuzzy Hash: 02D017B0A0010CEB8B40FFB9ED0169DB7F9EB44248B2085A9E808E7200EA316F109B80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f4eeec3955134b2831f5804c7726c2add2c25bfb5839c429c5d773775717b3e
                      • Instruction ID: d67d9790f2090530e759ceb1c58a7c654c95d93f43a03b0a60d4163eab15baa6
                      • Opcode Fuzzy Hash: 7f4eeec3955134b2831f5804c7726c2add2c25bfb5839c429c5d773775717b3e
                      • Instruction Fuzzy Hash: A7D05E3481821C8FE790DF60C8503AD7AB6FB44304F1000A9E049B6292CB3C0985DF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 284da4b166368ecc9c635e1b23058325bf44d45d52e7f92b9c3a4273c53b4838
                      • Instruction ID: 56f8e7a7c3907e30f09b9acebd6127ebdb33e3b337ef6c915dd4be63648d27df
                      • Opcode Fuzzy Hash: 284da4b166368ecc9c635e1b23058325bf44d45d52e7f92b9c3a4273c53b4838
                      • Instruction Fuzzy Hash: 6AC08CA180E3C60FCB0BBBA01898110FF21A923208B1A0BCBC080CE483C60D498A9327
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb3706e265b0adb570c121a7430dcc1edc660f0858d3dab1066aedd38e07df0e
                      • Instruction ID: 5a56c5786427a7964134184a8dedf0e3f8bc8ef68cee68496128fd646e4f19b2
                      • Opcode Fuzzy Hash: cb3706e265b0adb570c121a7430dcc1edc660f0858d3dab1066aedd38e07df0e
                      • Instruction Fuzzy Hash: 4EB01230208A0C0A1BC266B53C44B3233CC86004043400065A44CC0401F908F4401241
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: abbfe8676f2ad4a9472ad31d549b2f213a037ede564f09fcafe704a59ad5527a
                      • Instruction ID: 650fb019e94a19a27f99eac1810759a4cfd5df5f28799aacdd376f5bfb43d0b5
                      • Opcode Fuzzy Hash: abbfe8676f2ad4a9472ad31d549b2f213a037ede564f09fcafe704a59ad5527a
                      • Instruction Fuzzy Hash: 7EB01279998103A6430863B4A9C1E7E5550FFB2702B10CC2937CC8100884384828F117
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 4165629d7c006f512b9d331a949ca31e0decbc1504917e0d20796f0733bc278e
                      • Instruction ID: bb0f4f0fbdfd02833c56a79f5eae51d39d89aa00004fe786fa459871ee38b101
                      • Opcode Fuzzy Hash: 4165629d7c006f512b9d331a949ca31e0decbc1504917e0d20796f0733bc278e
                      • Instruction Fuzzy Hash: 5351BE31B001158FCB54DB6DD8806AEBBF2FBC8211B28C5BAD519DB759EB34ED418B81
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.2399879214.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_68f0000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID: ??o
                      • API String ID: 0-3811451311
                      • Opcode ID: 9088c88360a3858016d063b237d421711a084a64a31bfd827a83fe010cfa91fc
                      • Instruction ID: 3d5e2ffad108e8c8a7b301f1d6ba1a9152c9dfb77ebb3fa12a9ffaa87e45cfb9
                      • Opcode Fuzzy Hash: 9088c88360a3858016d063b237d421711a084a64a31bfd827a83fe010cfa91fc
                      • Instruction Fuzzy Hash: F851F774E14108CFE754DFA8D995AAEBBB2FF88310F604069E10AEB245DB389D428F51
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1ad2742a7b3fefa7b8d7ff3d3cdcf3949e465cb6197e714b43640e0874137ab9
                      • Instruction ID: 6ca7b2bd035af6de0a77335c1f7bacc54d9bb0f4ff030ec9f7107a1e2f2d1d9e
                      • Opcode Fuzzy Hash: 1ad2742a7b3fefa7b8d7ff3d3cdcf3949e465cb6197e714b43640e0874137ab9
                      • Instruction Fuzzy Hash: 82D11735C1475A8ACB11EB64DA50AA9F7B1FF95300F20CB9AE4093B625EB706AC5DF40
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 51ef69aa26ac77b261aeedb17aa2953cac1c2127114da39f9a470911ce3fefc7
                      • Instruction ID: 7ea9852c373e51f8e6242a6ee6bbbcf3624635b1b1b0c6a9cc2f39898166bb06
                      • Opcode Fuzzy Hash: 51ef69aa26ac77b261aeedb17aa2953cac1c2127114da39f9a470911ce3fefc7
                      • Instruction Fuzzy Hash: 40D1F835C1475A8ACB11FB64DA50A99F3B1FF95300F20CB9AE4093B625EB706AD5DF80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8eeeeff122948bb3cbe1e0f3d76cb62aa0f2d0462269bc5ebc647d142303d7b4
                      • Instruction ID: 2e639f1faa155baeab44c0fe0afc80d9e71a2cd664748d061b2dfdc78dbcace2
                      • Opcode Fuzzy Hash: 8eeeeff122948bb3cbe1e0f3d76cb62aa0f2d0462269bc5ebc647d142303d7b4
                      • Instruction Fuzzy Hash: E1816B36F105258FD754DB69D880B9EB7E3AFC8710F1AC169E449DB369DE34AD018B80
                      Memory Dump Source
                      • Source File: 00000001.00000002.2370258241.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1010000_new shipment list.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78b6bffbc30f23d5b9285bd5560b7df5506bde65384ad90f36810f231c256ca1
                      • Instruction ID: 57f0adc6e12cfe068895a56a4e5602c0c8d45349b1553fe5b41e47aa5b0f2c66
                      • Opcode Fuzzy Hash: 78b6bffbc30f23d5b9285bd5560b7df5506bde65384ad90f36810f231c256ca1
                      • Instruction Fuzzy Hash: 2D616D32F105258FD754DB69C880B9EB3E3AFC8710F1AC169E4499B36ADE34ED018B80
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tecq
                      • API String ID: 0-1122318316
                      • Opcode ID: 353b91790db75e544db2abdbab1fea83532e2f1d2bab42996fba2c604d7d95d0
                      • Instruction ID: 978e423e8a3825475e50dda1bd5b301d35e522326eafb73e673fe8b10d334bfa
                      • Opcode Fuzzy Hash: 353b91790db75e544db2abdbab1fea83532e2f1d2bab42996fba2c604d7d95d0
                      • Instruction Fuzzy Hash: 05919134600204DFDB54EF59D488BAE77F2FB89B04F2580A5D10A9B7A5CB349E86CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tecq
                      • API String ID: 0-1122318316
                      • Opcode ID: ab3a17f6ffb15cbffe698f147796d52a5e9913f111cca1f2fa90d06527df75da
                      • Instruction ID: 230ce19f213a34f61525ef5e6625222f4cc328acbf3fca0d5c8887ec2311357e
                      • Opcode Fuzzy Hash: ab3a17f6ffb15cbffe698f147796d52a5e9913f111cca1f2fa90d06527df75da
                      • Instruction Fuzzy Hash: C8919134600200DFDB54EF59D488BAE77F2FB89B04F2580A5D10A9B7A5CB349E86CF61
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d42e4292dcc95411db08f24f3f3a4ee7477dd2f87fac4500a94fb5c5a5bde1a
                      • Instruction ID: 56db575d2d86fcf87910cc9d8f7466dfc75500ac5f77f10c3dcb0e5539511203
                      • Opcode Fuzzy Hash: 0d42e4292dcc95411db08f24f3f3a4ee7477dd2f87fac4500a94fb5c5a5bde1a
                      • Instruction Fuzzy Hash: 55E19E31E182598FDB15EB68C8846ADFBF1FF89300F2885A9D455E7242D730ED46CBA1
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: Djq
                      • API String ID: 0-3204991199
                      • Opcode ID: 192914739e118186f50cd7ef6d5f8a19b5bfec23ebdf1007080396b045dd5f83
                      • Instruction ID: 17abdcb487b3419820eddb8c775699f8aa9a156d7dda50b271c0573c17db3181
                      • Opcode Fuzzy Hash: 192914739e118186f50cd7ef6d5f8a19b5bfec23ebdf1007080396b045dd5f83
                      • Instruction Fuzzy Hash: 2E91A074A006059FCB55EF29D594A6EBBF2FF88314F258569E4059B3A5DB30EC02CFA0
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: Djq
                      • API String ID: 0-3204991199
                      • Opcode ID: f92261e53427818c5ebf329dab32f0e118f64e7f1b8201c27bd8ce75020ec73a
                      • Instruction ID: bed7ccac0d12a6b7b67b0e5b2c494a69b72c790767296e226987dfb38fb8bbd6
                      • Opcode Fuzzy Hash: f92261e53427818c5ebf329dab32f0e118f64e7f1b8201c27bd8ce75020ec73a
                      • Instruction Fuzzy Hash: 6E615B74A006059FCB54EF29D584A6DBBF2FF88314F258569E4169B3A5DB30EC42CF90
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5f1543d25f5ac33d1404e356f90cc844cf97e57270b9f4930de5a126b35e1a87
                      • Instruction ID: c731a09c76d6351bbff237aa4357498f9d7a782bcf242217c106e0d1dca3c1d8
                      • Opcode Fuzzy Hash: 5f1543d25f5ac33d1404e356f90cc844cf97e57270b9f4930de5a126b35e1a87
                      • Instruction Fuzzy Hash: DB3150387041408FD315DB29C544B6A7BE6FB86304F1682A9E145CB7B5D774EC8ACFA1
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602751984.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_ced000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1945cd09f9d2285b24fe96c32c83e511bbcd7236167684135ce62e92123157a7
                      • Instruction ID: 3ca9234cd3d0ab3d53a4f0bb144d27370d91d899062aab8de822418299de86a3
                      • Opcode Fuzzy Hash: 1945cd09f9d2285b24fe96c32c83e511bbcd7236167684135ce62e92123157a7
                      • Instruction Fuzzy Hash: 812125B1504280DFDB05DF55D9C0B26BFA5FB98318F34C569E90B0B256C336D816CBA2
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602751984.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_ced000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f3d4a87bab837a81809c9b18bbbb9d1e2fcd3fbae7f8d8181845498d0ce6854
                      • Instruction ID: ff721aa79fa054e6c1db4db14626312e4948e50edac9c30c2bc57478d421368d
                      • Opcode Fuzzy Hash: 8f3d4a87bab837a81809c9b18bbbb9d1e2fcd3fbae7f8d8181845498d0ce6854
                      • Instruction Fuzzy Hash: A221F5B1504284DFDB05DF15D9C0B26BF65FBA4314F24C569E90A0B296C336E856CAA2
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a7f79e37556b8c23e63315772baa78271237d3fbfa4a19817817b5c978756e9
                      • Instruction ID: bb18b7ab39f2cdf0da7eb4f987df2b482c87122308593e546ed72ce183f1c2bb
                      • Opcode Fuzzy Hash: 8a7f79e37556b8c23e63315772baa78271237d3fbfa4a19817817b5c978756e9
                      • Instruction Fuzzy Hash: C701ADB07002185BD308EA7A8C55B6F6ADAEFC8350F114069A109EB3E5DD60AC0147A0
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ebf901d5e2e7e1458fda4cab8779e9804fd79e0031523d8cf5123162c13d1618
                      • Instruction ID: 5c669191f61fb9b1c8068b1d7240482e73d1710280e5cf1ce645e9425e1f7e80
                      • Opcode Fuzzy Hash: ebf901d5e2e7e1458fda4cab8779e9804fd79e0031523d8cf5123162c13d1618
                      • Instruction Fuzzy Hash: 8901692441E3C09FE34B932598642A47F7ADF43310F5A80E7D4808B1A7D2285D5BCB22
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602751984.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_ced000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                      • Instruction ID: def74ca5dd41ac73e69341aaa38b84ae056ee01ecbba6ed6492658f5ffa59b11
                      • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                      • Instruction Fuzzy Hash: 2211E676504280CFCB16CF10D5C4B16BF71FBA4314F24C5A9D84A0B656C33AE95ACBA1
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602751984.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_ced000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                      • Instruction ID: dc6e8b4c968f68ffd1d4fc91e58a18d1b3c932d0517be1da4248ad8ea01727cf
                      • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                      • Instruction Fuzzy Hash: 791103B2804280CFCB02CF04D5C4B16BF71FB94324F24C5A9D90A0B256C336D95ACBA2
                      Memory Dump Source
                      • Source File: 00000003.00000002.3606735173.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_5130000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d8eb2a8ec3396db934dbaa111c0948bd6c1f66331a8e8527a8eee3c606ba9833
                      • Instruction ID: 40b2c52f7138abdf646146a4df72533249f9631b2a50c85076d797182aba3a39
                      • Opcode Fuzzy Hash: d8eb2a8ec3396db934dbaa111c0948bd6c1f66331a8e8527a8eee3c606ba9833
                      • Instruction Fuzzy Hash: DB110970E04608EBDB04EFA9D45976DBEF2FB88309F6180A5D50A97294D7345A86CB42
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3bb4bbdae142318dd5717a2465a69233cfdbf1a640ece2f0397050a61a3d854b
                      • Instruction ID: b34a7a3a1ae8548b895feda8f0134e2b5fca01321d6d4c30d74fe0d55637bc7d
                      • Opcode Fuzzy Hash: 3bb4bbdae142318dd5717a2465a69233cfdbf1a640ece2f0397050a61a3d854b
                      • Instruction Fuzzy Hash: 63F0F934B00116CBDB44EB65E544A7DB7B2EF49311F254229F951A73E0CB34DD01DB12
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ee9dc318cb56ff0ff6fcf6a100b42f899686f88044dc55f708717fbd619cb675
                      • Instruction ID: a261298cd9016ee27f2835d488f885dfb191819feede52bae0ba238a9227eb9c
                      • Opcode Fuzzy Hash: ee9dc318cb56ff0ff6fcf6a100b42f899686f88044dc55f708717fbd619cb675
                      • Instruction Fuzzy Hash: C3E09238502204CFE748E715D80837973AEE784304F68C070D50542668D634998BCF21
                      Memory Dump Source
                      • Source File: 00000003.00000002.3606735173.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_5130000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 44e76c4a267e7654c53fdedf3d93d9e2b6cba0e0df643c93a218a59bf4dc2172
                      • Instruction ID: 3a2e39352c2ccb085b04ed0c347efb1f866120806412f9c48bc3e6a2efd02fcf
                      • Opcode Fuzzy Hash: 44e76c4a267e7654c53fdedf3d93d9e2b6cba0e0df643c93a218a59bf4dc2172
                      • Instruction Fuzzy Hash: 05F03934B04108DBEF149B50D879B7D3AA2E788340F0080B6E24A573A0DB7A49818B15
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 50e260258f73242d81dafcd64126b0cc4665607c2a9f2b256d45eb3d576ceff5
                      • Instruction ID: f01132b7839bc4900e2fe63bd3be8a4a52cfb908c0a738ff4f83bd1a7ccb3254
                      • Opcode Fuzzy Hash: 50e260258f73242d81dafcd64126b0cc4665607c2a9f2b256d45eb3d576ceff5
                      • Instruction Fuzzy Hash: 2AE08C743004248F8348EB69E518A6A77E9FF8D2143120094E50ACB3A8CE21DD018BA2
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a63b98d2e503be56f8a5c37ea48517f03b535f07dfdf5d27c376d1478af7b3aa
                      • Instruction ID: b4d83b213bb6216a1d46185181e103b5af6b40bfb69570ebf1d9894650f0228d
                      • Opcode Fuzzy Hash: a63b98d2e503be56f8a5c37ea48517f03b535f07dfdf5d27c376d1478af7b3aa
                      • Instruction Fuzzy Hash: 00E08C747014608F8348DB78E568AAE7BE1BF8D2143220199E50ACB3A9CE61CD02CF52
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 65442aaff90ffd0011f50924f2f8a9ac0fe28b4273bad0cfccb09fdb0c95c137
                      • Instruction ID: b861404284a39766ee3da591bad49750fbe65c6ca7e9e68de5641183ae8eabae
                      • Opcode Fuzzy Hash: 65442aaff90ffd0011f50924f2f8a9ac0fe28b4273bad0cfccb09fdb0c95c137
                      • Instruction Fuzzy Hash: 99E0C934908219CBDB24AB24D8957B97771AF06315F304895C00ED6351CB758985CFA1
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 899287cec06397c278f33575c3ce5e360e6e97d40398910dd5acac37be83294c
                      • Instruction ID: 32b170a2ad7dda79c1216c66f51f2e13cd9f5b38222c75c58e7d1a3ea1a0e201
                      • Opcode Fuzzy Hash: 899287cec06397c278f33575c3ce5e360e6e97d40398910dd5acac37be83294c
                      • Instruction Fuzzy Hash: 4CE0E5382141028FCB48EF18E948B2D37F2EB8D31472100A5E502A73A8DA30EC028B21
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85a456a2178280487160dfe02671311c14bfd521cf7e11f8183d87d881df08d3
                      • Instruction ID: d6467ffb209047289236b9a97c087f6443aecef3912e4e08a611a3a3fd8fbea4
                      • Opcode Fuzzy Hash: 85a456a2178280487160dfe02671311c14bfd521cf7e11f8183d87d881df08d3
                      • Instruction Fuzzy Hash: 87D02B31F04B904FCB031374681C3BC3F915B4627170507AAD246D76D1DA144C21CB67
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 57bc4ff246d5a3c5f8ebcd80768de4b4512f1d226889cedcb2f7dff5c0bacce1
                      • Instruction ID: 953be9000474538e2e1e0e936498b7d2cff4d44bd245f23f2701dd3b10eb7cc5
                      • Opcode Fuzzy Hash: 57bc4ff246d5a3c5f8ebcd80768de4b4512f1d226889cedcb2f7dff5c0bacce1
                      • Instruction Fuzzy Hash: 4CD01738204101CFCB40AB24D898B6CBB71FF00308F204054E4428B3A0DA789C44CF50
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24e83072a56ff4d0ee77d862cd3fe12359f57e3940773880205b06e75375cb54
                      • Instruction ID: 3c435c0ce08ad0bc8a22f720d483ab2c35fcaf18188e1092e6b8ab52dbae6d95
                      • Opcode Fuzzy Hash: 24e83072a56ff4d0ee77d862cd3fe12359f57e3940773880205b06e75375cb54
                      • Instruction Fuzzy Hash: 34C08C70A002968BCB41B334941433C2511CB80308F0185B8A50667281DE181D0A83C2
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4ff3c484ccf58545f122f52edb52b334650a17dc06e1b3e68ce01ed45cd1c150
                      • Instruction ID: 5dd94515ac07d54638208f0e7d0601bc5e0fe877a9fdcc8d27bc7b22759d5ed4
                      • Opcode Fuzzy Hash: 4ff3c484ccf58545f122f52edb52b334650a17dc06e1b3e68ce01ed45cd1c150
                      • Instruction Fuzzy Hash: 1DC04C2401D3C14FC7431B2948100647F715D4732434D90E3C1C08B267C6140928E763
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 067628e1bd214dad128a055258515510de66df871f639028c95a3479a6655563
                      • Instruction ID: 11789495ae7b956d4d6df3888a4433801012e21fc3a80509fe1d685436c12c0e
                      • Opcode Fuzzy Hash: 067628e1bd214dad128a055258515510de66df871f639028c95a3479a6655563
                      • Instruction Fuzzy Hash: 03B09272D026409BEF89A770A44E73C26E09A8233431605A9E301DB101EAAA5A839702
                      Memory Dump Source
                      • Source File: 00000003.00000002.3606735173.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_5130000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                      • Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
                      • Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                      • Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e52275136374ee9ab8b4260f3b389b3f232e142aca3956add857c88316648c79
                      • Instruction ID: fff3291493083e6054742f44a821eb87426812bbc688591208bf83518ee1ff81
                      • Opcode Fuzzy Hash: e52275136374ee9ab8b4260f3b389b3f232e142aca3956add857c88316648c79
                      • Instruction Fuzzy Hash: 34A0223208020C8F0C8833E0B80A3AC3B0CC8002223800000F00E000030F00200282B3
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 102df6b2063e7d4ac7d761269601dd8dfe0c98bb63e0d3ef35c023b3de3c4e25
                      • Instruction ID: 2481ad1a84f2020bc1fec56ce699ef69adccc8c72c89fe1bfa36df8f580b388f
                      • Opcode Fuzzy Hash: 102df6b2063e7d4ac7d761269601dd8dfe0c98bb63e0d3ef35c023b3de3c4e25
                      • Instruction Fuzzy Hash: 5FA012394891446D4F0433B064855DC3F1888001513000149F40B40413865100068A22
                      Memory Dump Source
                      • Source File: 00000003.00000002.3606735173.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_5130000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 92cc870fd4e6ad4e30b7f01240b04c31223dfce39e284092f3fee70e3c4ba2d5
                      • Instruction ID: c7d0f5085551823a8ec10e69a2b7f2068ec7cbe3909a60b9f9cd2df9c822382e
                      • Opcode Fuzzy Hash: 92cc870fd4e6ad4e30b7f01240b04c31223dfce39e284092f3fee70e3c4ba2d5
                      • Instruction Fuzzy Hash: 32A02230082B0CC2830033B02003020338C88008083C008F8C20C0AA220A3BE0A080C0
                      Memory Dump Source
                      • Source File: 00000003.00000002.3602929540.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d80000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 17da2096ed536fe98cb8861d4b7454c50782fc143d67f8539a21b5bc36d698d0
                      • Instruction ID: e28d2c077267928750b7a8c861bffcbbb7c3cd5abea9c3e350cae9e47e9c89c5
                      • Opcode Fuzzy Hash: 17da2096ed536fe98cb8861d4b7454c50782fc143d67f8539a21b5bc36d698d0
                      • Instruction Fuzzy Hash: