Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
invoice & packing list.exe

Overview

General Information

Sample name:invoice & packing list.exe
Analysis ID:1427730
MD5:e9de39ce29b4e19d9487d6517f5fe390
SHA1:aa9300231e426c9d0cbffe0bcf36f047235e79a6
SHA256:24390949599e57a802ea820e402befca0610937e51e19a4db8228235d0017a58
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • invoice & packing list.exe (PID: 6616 cmdline: "C:\Users\user\Desktop\invoice & packing list.exe" MD5: E9DE39CE29B4E19D9487D6517F5FE390)
    • invoice & packing list.exe (PID: 6324 cmdline: "C:\Users\user\Desktop\invoice & packing list.exe" MD5: E9DE39CE29B4E19D9487D6517F5FE390)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.invoice & packing list.exe.36edbe0.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.invoice & packing list.exe.36edbe0.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.invoice & packing list.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  2.2.invoice & packing list.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.invoice & packing list.exe.36edbe0.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x31673:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x316e5:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x3176f:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x31801:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x3186b:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x318dd:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x31973:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x31a03:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    Click to see the 10 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.241.123.30, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\invoice & packing list.exe, Initiated: true, ProcessId: 6324, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49735

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: invoice & packing list.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: invoice & packing list.exeVirustotal: Detection: 29%Perma Link
                    Machine Learning detection for sample
                    Source: invoice & packing list.exeJoe Sandbox ML: detected
                    Source: invoice & packing list.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49733 version: TLS 1.2
                    Source: invoice & packing list.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: global trafficTCP traffic: 192.168.2.4:49735 -> 162.241.123.30:587
                    Source: Joe Sandbox ViewIP Address: 162.241.123.30 162.241.123.30
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficTCP traffic: 192.168.2.4:49735 -> 162.241.123.30:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownDNS traffic detected: queries for: api.ipify.org
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.techwiser.in
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873691975.00000000011F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873691975.00000000011F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2879639896.0000000006845000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2879639896.0000000006845000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: invoice & packing list.exe, 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: invoice & packing list.exe, 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: invoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49733 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, oAKy.cs.Net Code: xXlophBw8

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.invoice & packing list.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.invoice & packing list.exe.36b31c0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.invoice & packing list.exe.36b31c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: invoice & packing list.exe, App.csLarge array initialization: : array initializer size 627791
                    Source: 0.2.invoice & packing list.exe.6f30000.6.raw.unpack, SQL.csLarge array initialization: : array initializer size 33608
                    Source: 0.2.invoice & packing list.exe.2690d84.0.raw.unpack, SQL.csLarge array initialization: : array initializer size 33608
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: invoice & packing list.exe
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB43A00_2_06FB43A0
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB40880_2_06FB4088
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB00400_2_06FB0040
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0EF00_2_06FB0EF0
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB65600_2_06FB6560
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB654F0_2_06FB654F
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB326C0_2_06FB326C
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB32400_2_06FB3240
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB43900_2_06FB4390
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FBF3380_2_06FBF338
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FBF3280_2_06FBF328
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB40790_2_06FB4079
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB001E0_2_06FB001E
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB30080_2_06FB3008
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FBEEF00_2_06FBEEF0
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0EB90_2_06FB0EB9
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB2FF80_2_06FB2FF8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB2C980_2_06FB2C98
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB2C880_2_06FB2C88
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB1DE00_2_06FB1DE0
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB1DD00_2_06FB1DD0
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010EE6D02_2_010EE6D0
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010ED9D82_2_010ED9D8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010E4A982_2_010E4A98
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010E3E802_2_010E3E80
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010E41C82_2_010E41C8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010EA9582_2_010EA958
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06ACA0682_2_06ACA068
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD55702_2_06AD5570
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06ADB2992_2_06ADB299
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD30282_2_06AD3028
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06ADC1482_2_06ADC148
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD7D402_2_06AD7D40
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD76602_2_06AD7660
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06ADE3602_2_06ADE360
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD00402_2_06AD0040
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD5CAF2_2_06AD5CAF
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06AD00062_2_06AD0006
                    Source: invoice & packing list.exe, 00000000.00000002.1684734948.00000000007EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000000.00000002.1686242139.0000000004026000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000000.00000002.1685787944.00000000026AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename28519625-fb4c-40d0-af15-66ea2f96c830.exe4 vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename28519625-fb4c-40d0-af15-66ea2f96c830.exe4 vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000000.00000002.1689959978.0000000006F30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000000.00000002.1685787944.000000000266D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000000.00000002.1690928922.000000000AD10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000002.00000002.2872402277.0000000000EF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs invoice & packing list.exe
                    Source: invoice & packing list.exe, 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename28519625-fb4c-40d0-af15-66ea2f96c830.exe4 vs invoice & packing list.exe
                    Source: invoice & packing list.exeBinary or memory string: OriginalFilenameGGDk.exe< vs invoice & packing list.exe
                    Source: invoice & packing list.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.invoice & packing list.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.invoice & packing list.exe.36b31c0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.invoice & packing list.exe.36b31c0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: invoice & packing list.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, ekKu0.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, vKf1z6NvS.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, ZNAvlD7qmXc.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, U2doU2.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, BgffYko.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, HrTdA63.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, boeN8EZugYfTRxOApL.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, boeN8EZugYfTRxOApL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, boeN8EZugYfTRxOApL.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, IsmbWLLylsNbQBJICW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, boeN8EZugYfTRxOApL.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, boeN8EZugYfTRxOApL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, boeN8EZugYfTRxOApL.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, IsmbWLLylsNbQBJICW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/2
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\invoice & packing list.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMutant created: \Sessions\1\BaseNamedObjects\oOQVhVfletgHpIzCI
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMutant created: NULL
                    Source: invoice & packing list.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: invoice & packing list.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: invoice & packing list.exeVirustotal: Detection: 29%
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile read: C:\Users\user\Desktop\invoice & packing list.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\invoice & packing list.exe "C:\Users\user\Desktop\invoice & packing list.exe"
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess created: C:\Users\user\Desktop\invoice & packing list.exe "C:\Users\user\Desktop\invoice & packing list.exe"
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess created: C:\Users\user\Desktop\invoice & packing list.exe "C:\Users\user\Desktop\invoice & packing list.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: invoice & packing list.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: invoice & packing list.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: invoice & packing list.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, boeN8EZugYfTRxOApL.cs.Net Code: AMv9OyRGrP System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.invoice & packing list.exe.6f30000.6.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.invoice & packing list.exe.2690d84.0.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, boeN8EZugYfTRxOApL.cs.Net Code: AMv9OyRGrP System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_024E336C push 9C00005Fh; iretd 0_2_024E3419
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_024E3445 push F000005Fh; iretd 0_2_024E34C9
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_024E3415 pushfd ; iretd 0_2_024E3419
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_024E3EF7 push ebp; ret 0_2_024E3EF8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0E9A push es; retf 0_2_06FB0EB8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0E69 push es; retf 0_2_06FB0EB8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0E00 push es; retf 0_2_06FB0E68
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0E00 push es; retf 0_2_06FB0EB8
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB0947 pushad ; retf 0_2_06FB0948
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 0_2_06FB093D pushad ; retf 0_2_06FB093E
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010E0B4D push edi; ret 2_2_010E0CC2
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_010E0C95 push edi; retf 2_2_010E0C3A
                    Source: C:\Users\user\Desktop\invoice & packing list.exeCode function: 2_2_06ACFCBC push es; retf 2_2_06ACFCC8
                    Source: invoice & packing list.exeStatic PE information: section name: .text entropy: 7.970575972972858
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, x6benKwwZ9OwZYvEPhn.csHigh entropy of concatenated method names: 'ToString', 'VSP3618CtA', 'xeh39qOQIy', 'xHq3sxK7ey', 'QKn3AgOVGb', 'V5a3Qjwcky', 'hBv3YcnJih', 'R343HW93pw', 'FnLW62HuhEV7M8yQfVG', 'Yrdk1oH22RnKmcAtAOV'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, NHwoM1feufwrIp88B7.csHigh entropy of concatenated method names: 'TjaHK8nL6T', 'k6wH7cfYmb', 'dSYYI47qIx', 'QbhYiMyCfP', 'xnMYdFZPI7', 'DlrYjQHgjP', 'go3YL71jjB', 'AhYYSKQxyt', 't1NYZFw4UN', 'UKpYhbXrOj'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, VJT7qa0GcUv7HvpF5g.csHigh entropy of concatenated method names: 's82k01XjC8', 'xk7kMWDN2a', 'MVLkOSmlmX', 'Kqmk1jXlMq', 'DjokKHi0ah', 'UHrkpJiWlf', 'DfVk730jki', 'MWDkrkKROV', 'yMckbyMxh3', 'allkg8P9HJ'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, aY32ngbTNeQthivMBh.csHigh entropy of concatenated method names: 'ToString', 'B5wUwkIEKn', 'ICEU8y1pp5', 'zGQUIdi6Yk', 'bCSUi1oDLS', 'RtEUdTIPJM', 'SsjUjYQg99', 'tpTULwdGGI', 'u3fUS3c3UV', 'oJpUZWE20I'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, bjS7XK30X9MGr4KoTc.csHigh entropy of concatenated method names: 'D2BWkSxUkq', 'sGoWqRGJ4v', 'pleW2BRIQj', 'R4BWml4h3L', 'QNWWDA9wS8', 'ANxWU8iRhX', 'JkQSGOtnKHu1nTjyZD', 'MRPl3WxGhfE0PhYE6K', 'feuWWnVAA1', 'QNrW65oNTm'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, jHYnMeOpB2i33fdhPK.csHigh entropy of concatenated method names: 'JtEY1AF6UQ', 'WQLYptfsXH', 'EXpYrDr5SO', 'WWMYbDOv7X', 'G1kYDOQcKe', 'VooYUMxsjU', 'n0hYyBIe6W', 'KFUYug5OLA', 'jMdYEmKQqd', 'S3eY3kRGII'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, Td6Ro8Ni3RtXwCuSkU.csHigh entropy of concatenated method names: 'AJmy2C0JKc', 'UKxymGnbN1', 'ToString', 'KdLyAJpH35', 'eaayQtiCTv', 'jIpyY9g5gd', 'hqtyHKZuRI', 'XRXyG5JZxS', 'xITykNIGjh', 'Crqyq5svsj'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, boeN8EZugYfTRxOApL.csHigh entropy of concatenated method names: 'PP36s8YSCR', 'XBX6A0ctCl', 'XI26Q5YSad', 'HsA6YVSQNw', 'gVs6H0VDmC', 'KTp6G4vIdO', 'TvV6kQnO5F', 'c166q4Zled', 'R9d6nQ7qwA', 'U7t62ikyau'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, zM27DOwKFXHJLIf69Xf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T8X3fLxdIs', 'F7n3a6aZ7B', 'DLW3VuEG3b', 'ewr3cKfNMy', 'Tgs3BiM6nJ', 'xRY3XBSgHc', 'WKv3NlLNRe'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, JPAuFR60HCnWvWaABo.csHigh entropy of concatenated method names: 'evZuAns7vC', 'Un8uQQZU7g', 'EiJuY36GOy', 'uINuHJyY3A', 'SK9uGWZMuM', 'il7ukYIO6I', 'rAVuqkwi2r', 'TQbunOkVHV', 'rgtu2jqurm', 'pdDum795lD'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, RoTI2YwtT6lNXfg1pmy.csHigh entropy of concatenated method names: 'hB8E0qBN8j', 'vhbEM3VPqb', 'wEdEONQ9BO', 'XZ2E1KU3DL', 'QCCEKeUVjj', 'jpkEpyZIQd', 'e5oE77TpGj', 'M1SErlDX76', 'QtpEbWv7el', 'y63EgHZvHB'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, pBUQqE1OKEYDSahrfn.csHigh entropy of concatenated method names: 'rKQEWweWEX', 'oLYE62bB6T', 'Rf3E9Fgk4r', 'hc5EAqlUXg', 'ydtEQeNFIK', 'R0TEHV88Gd', 'DAZEGcwi2V', 'qjVuN8FdtA', 'cyMu45QHPu', 'D2FuPfGOBX'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, NilmEEE0CH8Q7vyWme.csHigh entropy of concatenated method names: 'wKIuTu0RNE', 'kInu8fW2JI', 'hrquIgbww2', 'T3Qui585nc', 'hC0ufw6Ojk', 'N0sud33a3Y', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, T9YxjoU0gsyH6XRSVo.csHigh entropy of concatenated method names: 'vCBtrZw2vF', 'PXntb963d0', 'ofYtTiplwu', 'zXTt8ks425', 'a2dtiGF7jU', 'PQItdMinaG', 'Q8qtLEwr4J', 'XZVtSUe3Ki', 'L5MthJexUV', 'O17twxIF2F'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, aNy1cxcPoNsKYhTvd2.csHigh entropy of concatenated method names: 'WOWO967wR', 'Aic14bKHY', 'NsLpwBq0p', 'FN77d83oE', 'syTbZIAUR', 'ieDgU1B0x', 'xV3xN9GFbAgaMFBLSr', 'iLLIGZaGfe2eGAjW68', 'VF0udco3J', 'XwN3EsMqd'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, wDdWn8PJtKvMPM9vfi.csHigh entropy of concatenated method names: 'dy2Gs38uj9', 'l9ZGQlYVh6', 'HWDGH9fYl0', 'I43GkA116F', 'WstGq3k1Mv', 'auMHBwk8NX', 'EZiHXO5owM', 'QDFHNgoiFU', 'dgbH4EXpEo', 'uFnHPLNqLh'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, IsmbWLLylsNbQBJICW.csHigh entropy of concatenated method names: 'Lb4Qfsf5pH', 'AdIQa7AiVe', 'CbjQV2Iu3q', 'BIsQcCUQBD', 'dq2QB2sxPX', 'UBnQXVc8wP', 'jHYQNwDBYf', 'cm0Q4kEFHq', 'k9LQPuvq2y', 'neBQ5qRlZT'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, qjLOrWra3YQuKSIDmX.csHigh entropy of concatenated method names: 'Dispose', 'CgfWP3kEYE', 'EkOC8uSJKp', 'NhOvvfL6F8', 'MWvW5UAuWL', 'TCtWztLLyV', 'ProcessDialogKey', 'IUvCRu4VOd', 'nCHCWrjQS4', 'fVpCCPUgyW'
                    Source: 0.2.invoice & packing list.exe.ad10000.9.raw.unpack, a3SImVRQIFAnlduMwN.csHigh entropy of concatenated method names: 'ftry4m9djd', 'fu5y5RNfOd', 'J8guR3DhKx', 'zHHuWeHSjW', 'zYFywBOO42', 'rAcyeyX2Wm', 'tuEyoYpQwm', 'NRLyfREgu8', 'JgvyaUps9J', 'YdAyVbv0GA'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, x6benKwwZ9OwZYvEPhn.csHigh entropy of concatenated method names: 'ToString', 'VSP3618CtA', 'xeh39qOQIy', 'xHq3sxK7ey', 'QKn3AgOVGb', 'V5a3Qjwcky', 'hBv3YcnJih', 'R343HW93pw', 'FnLW62HuhEV7M8yQfVG', 'Yrdk1oH22RnKmcAtAOV'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, NHwoM1feufwrIp88B7.csHigh entropy of concatenated method names: 'TjaHK8nL6T', 'k6wH7cfYmb', 'dSYYI47qIx', 'QbhYiMyCfP', 'xnMYdFZPI7', 'DlrYjQHgjP', 'go3YL71jjB', 'AhYYSKQxyt', 't1NYZFw4UN', 'UKpYhbXrOj'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, VJT7qa0GcUv7HvpF5g.csHigh entropy of concatenated method names: 's82k01XjC8', 'xk7kMWDN2a', 'MVLkOSmlmX', 'Kqmk1jXlMq', 'DjokKHi0ah', 'UHrkpJiWlf', 'DfVk730jki', 'MWDkrkKROV', 'yMckbyMxh3', 'allkg8P9HJ'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, aY32ngbTNeQthivMBh.csHigh entropy of concatenated method names: 'ToString', 'B5wUwkIEKn', 'ICEU8y1pp5', 'zGQUIdi6Yk', 'bCSUi1oDLS', 'RtEUdTIPJM', 'SsjUjYQg99', 'tpTULwdGGI', 'u3fUS3c3UV', 'oJpUZWE20I'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, bjS7XK30X9MGr4KoTc.csHigh entropy of concatenated method names: 'D2BWkSxUkq', 'sGoWqRGJ4v', 'pleW2BRIQj', 'R4BWml4h3L', 'QNWWDA9wS8', 'ANxWU8iRhX', 'JkQSGOtnKHu1nTjyZD', 'MRPl3WxGhfE0PhYE6K', 'feuWWnVAA1', 'QNrW65oNTm'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, jHYnMeOpB2i33fdhPK.csHigh entropy of concatenated method names: 'JtEY1AF6UQ', 'WQLYptfsXH', 'EXpYrDr5SO', 'WWMYbDOv7X', 'G1kYDOQcKe', 'VooYUMxsjU', 'n0hYyBIe6W', 'KFUYug5OLA', 'jMdYEmKQqd', 'S3eY3kRGII'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, Td6Ro8Ni3RtXwCuSkU.csHigh entropy of concatenated method names: 'AJmy2C0JKc', 'UKxymGnbN1', 'ToString', 'KdLyAJpH35', 'eaayQtiCTv', 'jIpyY9g5gd', 'hqtyHKZuRI', 'XRXyG5JZxS', 'xITykNIGjh', 'Crqyq5svsj'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, boeN8EZugYfTRxOApL.csHigh entropy of concatenated method names: 'PP36s8YSCR', 'XBX6A0ctCl', 'XI26Q5YSad', 'HsA6YVSQNw', 'gVs6H0VDmC', 'KTp6G4vIdO', 'TvV6kQnO5F', 'c166q4Zled', 'R9d6nQ7qwA', 'U7t62ikyau'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, zM27DOwKFXHJLIf69Xf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T8X3fLxdIs', 'F7n3a6aZ7B', 'DLW3VuEG3b', 'ewr3cKfNMy', 'Tgs3BiM6nJ', 'xRY3XBSgHc', 'WKv3NlLNRe'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, JPAuFR60HCnWvWaABo.csHigh entropy of concatenated method names: 'evZuAns7vC', 'Un8uQQZU7g', 'EiJuY36GOy', 'uINuHJyY3A', 'SK9uGWZMuM', 'il7ukYIO6I', 'rAVuqkwi2r', 'TQbunOkVHV', 'rgtu2jqurm', 'pdDum795lD'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, RoTI2YwtT6lNXfg1pmy.csHigh entropy of concatenated method names: 'hB8E0qBN8j', 'vhbEM3VPqb', 'wEdEONQ9BO', 'XZ2E1KU3DL', 'QCCEKeUVjj', 'jpkEpyZIQd', 'e5oE77TpGj', 'M1SErlDX76', 'QtpEbWv7el', 'y63EgHZvHB'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, pBUQqE1OKEYDSahrfn.csHigh entropy of concatenated method names: 'rKQEWweWEX', 'oLYE62bB6T', 'Rf3E9Fgk4r', 'hc5EAqlUXg', 'ydtEQeNFIK', 'R0TEHV88Gd', 'DAZEGcwi2V', 'qjVuN8FdtA', 'cyMu45QHPu', 'D2FuPfGOBX'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, NilmEEE0CH8Q7vyWme.csHigh entropy of concatenated method names: 'wKIuTu0RNE', 'kInu8fW2JI', 'hrquIgbww2', 'T3Qui585nc', 'hC0ufw6Ojk', 'N0sud33a3Y', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, T9YxjoU0gsyH6XRSVo.csHigh entropy of concatenated method names: 'vCBtrZw2vF', 'PXntb963d0', 'ofYtTiplwu', 'zXTt8ks425', 'a2dtiGF7jU', 'PQItdMinaG', 'Q8qtLEwr4J', 'XZVtSUe3Ki', 'L5MthJexUV', 'O17twxIF2F'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, aNy1cxcPoNsKYhTvd2.csHigh entropy of concatenated method names: 'WOWO967wR', 'Aic14bKHY', 'NsLpwBq0p', 'FN77d83oE', 'syTbZIAUR', 'ieDgU1B0x', 'xV3xN9GFbAgaMFBLSr', 'iLLIGZaGfe2eGAjW68', 'VF0udco3J', 'XwN3EsMqd'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, wDdWn8PJtKvMPM9vfi.csHigh entropy of concatenated method names: 'dy2Gs38uj9', 'l9ZGQlYVh6', 'HWDGH9fYl0', 'I43GkA116F', 'WstGq3k1Mv', 'auMHBwk8NX', 'EZiHXO5owM', 'QDFHNgoiFU', 'dgbH4EXpEo', 'uFnHPLNqLh'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, IsmbWLLylsNbQBJICW.csHigh entropy of concatenated method names: 'Lb4Qfsf5pH', 'AdIQa7AiVe', 'CbjQV2Iu3q', 'BIsQcCUQBD', 'dq2QB2sxPX', 'UBnQXVc8wP', 'jHYQNwDBYf', 'cm0Q4kEFHq', 'k9LQPuvq2y', 'neBQ5qRlZT'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, qjLOrWra3YQuKSIDmX.csHigh entropy of concatenated method names: 'Dispose', 'CgfWP3kEYE', 'EkOC8uSJKp', 'NhOvvfL6F8', 'MWvW5UAuWL', 'TCtWztLLyV', 'ProcessDialogKey', 'IUvCRu4VOd', 'nCHCWrjQS4', 'fVpCCPUgyW'
                    Source: 0.2.invoice & packing list.exe.422c0a0.4.raw.unpack, a3SImVRQIFAnlduMwN.csHigh entropy of concatenated method names: 'ftry4m9djd', 'fu5y5RNfOd', 'J8guR3DhKx', 'zHHuWeHSjW', 'zYFywBOO42', 'rAcyeyX2Wm', 'tuEyoYpQwm', 'NRLyfREgu8', 'JgvyaUps9J', 'YdAyVbv0GA'
                    Source: C:\Users\user\Desktop\invoice & packing list.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6616, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 24A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 2640000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 4640000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 8770000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 7100000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 9770000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: A770000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: AD90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 8770000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 10E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 2C40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: 4C40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWindow / User API: threadDelayed 1125Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWindow / User API: threadDelayed 4351Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 6568Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7276Thread sleep count: 1125 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7276Thread sleep count: 4351 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99116s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -99000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98769s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -98091s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97216s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -97109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exe TID: 7272Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\invoice & packing list.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99781Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99562Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99453Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99343Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99234Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99116Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 99000Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98890Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98769Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98640Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98531Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98421Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98312Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98203Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 98091Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97984Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97875Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97765Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97656Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97547Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97437Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97328Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97216Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 97109Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: invoice & packing list.exe, 00000002.00000002.2873751221.00000000011FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeProcess created: C:\Users\user\Desktop\invoice & packing list.exe "C:\Users\user\Desktop\invoice & packing list.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Users\user\Desktop\invoice & packing list.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Users\user\Desktop\invoice & packing list.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36edbe0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.invoice & packing list.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36b31c0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36b31c0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6324, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\invoice & packing list.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36edbe0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.invoice & packing list.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36b31c0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36b31c0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6324, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36edbe0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.invoice & packing list.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36b31c0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36edbe0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.invoice & packing list.exe.36b31c0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: invoice & packing list.exe PID: 6324, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS111
                    Security Software Discovery                    		Distributed Component Object Model1
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSHKeylogging23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    invoice & packing list.exe11%ReversingLabs
                    invoice & packing list.exe30%VirustotalBrowse
                    invoice & packing list.exe100%AviraHEUR/AGEN.1310026
                    invoice & packing list.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    mail.techwiser.in1%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://r3.i.lencr.org/00%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%VirustotalBrowse
                    http://mail.techwiser.in1%VirustotalBrowse
                    http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
                    http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
                    http://www.zhongyicts.com.cn1%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		172.67.74.152
                    		truefalse
                      		high
                      mail.techwiser.in
                      		162.241.123.30
                      		truefalseunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.apache.org/licenses/LICENSE-2.0invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.cominvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designersGinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers/?invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                https://account.dyn.com/invoice & packing list.exe, 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers?invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.tiro.cominvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.goodfont.co.krinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://api.ipify.org/tinvoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.carterandcone.comlinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://r3.i.lencr.org/0invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873691975.00000000011F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sajatypeworks.cominvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.typography.netDinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/cabarga.htmlNinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/cTheinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                          http://www.galapagosdesign.com/staff/dennis.htminvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.ipify.orginvoice & packing list.exe, 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cninvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                            http://www.fontbureau.com/designers/frere-user.htmlinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://x1.c.lencr.org/0invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2879639896.0000000006845000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://x1.i.lencr.org/0invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2879639896.0000000006845000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://r3.o.lencr.org0invoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001157000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873127457.0000000001191000.00000004.00000020.00020000.00000000.sdmp, invoice & packing list.exe, 00000002.00000002.2873691975.00000000011F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.galapagosdesign.com/DPleaseinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers8invoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fonts.cominvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.krinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://mail.techwiser.ininvoice & packing list.exe, 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                  http://www.urwpp.deDPleaseinvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zhongyicts.com.cninvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameinvoice & packing list.exe, 00000002.00000002.2874078879.0000000002C41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.sakkal.cominvoice & packing list.exe, 00000000.00000002.1689367239.0000000006B52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    162.241.123.30
                                                    		mail.techwiser.inUnited States
                                                    		46606UNIFIEDLAYER-AS-1USfalse
                                                    172.67.74.152
                                                    		api.ipify.orgUnited States
                                                    		13335CLOUDFLARENETUSfalse

                                                    General Information

                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                    Analysis ID:1427730
                                                    Start date and time:2024-04-18 02:20:05 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 7m 5s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:7
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:invoice & packing list.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@3/1@2/2
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:
                                                    • Successful, ratio: 98%
                                                    • Number of executed functions: 156
                                                    • Number of non-executed functions: 20
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    02:20:53API Interceptor28x Sleep call for process: invoice & packing list.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    162.241.123.30Draft Sales contract.exeGet hashmaliciousAgentTeslaBrowse
                                                      signed documents and BOL.exeGet hashmaliciousAgentTeslaBrowse
                                                        NOA, BL and invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                          #568350035791.exeGet hashmaliciousAgentTeslaBrowse
                                                            shipping documents and ETA.exeGet hashmaliciousAgentTeslaBrowse
                                                              shipping documents and ETA.exeGet hashmaliciousAgentTeslaBrowse
                                                                QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                  https://t.co/hkbALnjMCQGet hashmaliciousHTMLPhisherBrowse
                                                                    172.67.74.152Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/?format=json
                                                                    Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/?format=json
                                                                    Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                                                    • api.ipify.org/?format=json
                                                                    Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                    • api.ipify.org/?format=json
                                                                    SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/?format=json
                                                                    SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/?format=json
                                                                    Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/?format=json

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    mail.techwiser.inDraft Sales contract.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    signed documents and BOL.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    NOA, BL and invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    #568350035791.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    shipping documents and ETA.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    shipping documents and ETA.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    api.ipify.orgZG17uv37pi.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.26.13.205
                                                                    ZG17uv37pi.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    Fizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 104.26.12.205
                                                                    SecuriteInfo.com.FileRepMalware.7644.21541.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 104.26.13.205
                                                                    payload.jsGet hashmaliciousUnknownBrowse
                                                                    • 104.26.13.205
                                                                    payload.jsGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    Payment Advice.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 104.26.13.205
                                                                    Draft Sales contract.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 104.26.12.205
                                                                    Bank slip.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 104.26.12.205
                                                                    SHARPIL RAT.exeGet hashmaliciousSHARPIL RATBrowse
                                                                    • 172.67.74.152

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    UNIFIEDLAYER-AS-1USDraft Sales contract.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    Bank slip.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 50.87.219.149
                                                                    https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FQuantexa/IpoXF42991IpoXF42991IpoXF/bWFzc2ltb2JvcnJlbGxpQHF1YW50ZXhhLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                    • 192.185.104.70
                                                                    QUOTATION-#170424.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 192.254.225.136
                                                                    PURCHASE ORDER LISTS GREEN VALLY CORP.batGet hashmaliciousGuLoaderBrowse
                                                                    • 173.254.31.34
                                                                    draft bl_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                    • 192.185.13.234
                                                                    signed documents and BOL.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    DN.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 50.87.253.239
                                                                    2llKbb9pR7.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoaderBrowse
                                                                    • 198.57.242.153
                                                                    NOA, BL and invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 162.241.123.30
                                                                    CLOUDFLARENETUShttp://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                    • 104.17.25.14
                                                                    SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.184.140
                                                                    https://windowdefalerts-error0x21906-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                    • 172.67.176.240
                                                                    https://windowdefalerts-error0x21903-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                    • 172.66.44.169
                                                                    https://windowdefalerts-error0x21905-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                    • 104.21.56.41
                                                                    SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.21.75.251
                                                                    https://windowdefalerts-error0x21908-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                    • 172.66.47.160
                                                                    https://windowdefalerts-error0x21904-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                    • 172.66.44.151
                                                                    https://windowdefalerts-error0x21902-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                    • 104.21.56.41
                                                                    https://groun-93ed.ehajdranrsuw.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                    • 104.17.25.14

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    3b5074b1b5d032e5620f69f9f700ff0eZG17uv37pi.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    ZG17uv37pi.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    http://mitchellind.ubpages.com/mi-ind/Get hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    Fizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 172.67.74.152
                                                                    SecuriteInfo.com.FileRepMalware.7644.21541.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 172.67.74.152
                                                                    Payment Advice.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 172.67.74.152
                                                                    Draft Sales contract.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 172.67.74.152
                                                                    Bank slip.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 172.67.74.152
                                                                    https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FQuantexa/IpoXF42991IpoXF42991IpoXF/bWFzc2ltb2JvcnJlbGxpQHF1YW50ZXhhLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                    • 172.67.74.152
                                                                    SHARPIL RAT.exeGet hashmaliciousSHARPIL RATBrowse
                                                                    • 172.67.74.152

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\invoice & packing list.exe.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\invoice & packing list.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):2056
                                                                    Entropy (8bit):5.342567089024067
                                                                    Encrypted:false
                                                                    SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHKHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwqRb
                                                                    MD5:83A6E29FD802325CCCB720870B60C618
                                                                    SHA1:4CD8AC6CA2659E4E32D1B27A8A4E77ABF980EE43
                                                                    SHA-256:A81A5B984180553C06E7C9CAE0BAF7E195950801F493996F48FA59F1ACC135B2
                                                                    SHA-512:69CC81145ACCA3D5C154D3A11396C2AFAEC4135662A82124EA249817BE7066D782DE2C79FE985E23F32F9709C144E2C513C727CFD1A88D677F34EB25E868B560
                                                                    Malicious:false
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):7.963304670236745
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                    File name:invoice & packing list.exe
                                                                    File size:677'888 bytes
                                                                    MD5:e9de39ce29b4e19d9487d6517f5fe390
                                                                    SHA1:aa9300231e426c9d0cbffe0bcf36f047235e79a6
                                                                    SHA256:24390949599e57a802ea820e402befca0610937e51e19a4db8228235d0017a58
                                                                    SHA512:bf67fd485900c9279b9d6be034c4f98c8b2ea711e32dc86821b83d5be17612a0bb326206a6695852228fbbd7cdb72e4c5f152108454f63ea53c9b3669ff0c849
                                                                    SSDEEP:12288:GORgtsY15YRNYpMIhka5EzcCWee290ki+lMkmn4HA3eKzm1asfD:6P5S4MIXeeUn1mkmnqQeKzmwsfD
                                                                    TLSH:A7E42394EA595A1FE14E97FEB912602843F112EE8036D7DEDCC91CAA5CD038947C233A
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J f.................4..."......NS... ........@.. ....................................@................................

                                                                    File Icon

                                                                    Icon Hash:0f235999b9792317

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x4a534e
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x66204A0B [Wed Apr 17 22:15:39 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa52fc0x4f.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa60000x2000.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa80000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000xa33540xa3400f3f7deba8085b8096e1a1136efe28769False0.9716752009954058data7.970575972972858IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0xa60000x20000x200003816a1292f607fe5427cccc1bc12e0aFalse0.850830078125data7.305034955062381IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0xa80000xc0x200ca268675f2a438a2d3d0c0dc895171a3False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0xa61000x1834PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9917688831504197
                                                                    RT_GROUP_ICON0xa79440x14data1.05
                                                                    RT_VERSION0xa79680x350data0.43985849056603776
                                                                    RT_MANIFEST0xa7cc80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                    Imports

                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 18, 2024 02:20:56.766282082 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:56.766336918 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:56.766411066 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:56.773417950 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:56.773433924 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.004425049 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.004511118 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:57.007452965 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:57.007484913 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.007895947 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.058218002 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:57.065417051 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:57.112123966 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.306142092 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.306288958 CEST44349733172.67.74.152192.168.2.4
                                                                    Apr 18, 2024 02:20:57.306361914 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:57.312591076 CEST49733443192.168.2.4172.67.74.152
                                                                    Apr 18, 2024 02:20:58.016705990 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:58.176745892 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:58.176855087 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:58.730129957 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:58.730572939 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:58.891308069 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:58.891463041 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.053905964 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.054390907 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.221674919 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.221709967 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.221730947 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.221817017 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.247426987 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.408389091 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.411334038 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.571712017 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.572665930 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.734268904 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.734637022 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:20:59.935652018 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.986987114 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:20:59.987281084 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.147273064 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.147380114 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.147694111 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.348604918 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.358428955 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.358689070 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.518589973 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.518775940 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.519329071 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.519556999 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.519586086 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.519644976 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:21:00.679521084 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.679792881 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.680624962 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:21:00.730093956 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:22:37.808825016 CEST49735587192.168.2.4162.241.123.30
                                                                    Apr 18, 2024 02:22:37.969960928 CEST58749735162.241.123.30192.168.2.4
                                                                    Apr 18, 2024 02:22:37.970561981 CEST49735587192.168.2.4162.241.123.30

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 18, 2024 02:20:56.656342983 CEST5857953192.168.2.41.1.1.1
                                                                    Apr 18, 2024 02:20:56.760756969 CEST53585791.1.1.1192.168.2.4
                                                                    Apr 18, 2024 02:20:57.783555984 CEST6416453192.168.2.41.1.1.1
                                                                    Apr 18, 2024 02:20:58.014494896 CEST53641641.1.1.1192.168.2.4

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Apr 18, 2024 02:20:56.656342983 CEST192.168.2.41.1.1.10xee31Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                    Apr 18, 2024 02:20:57.783555984 CEST192.168.2.41.1.1.10x82cbStandard query (0)mail.techwiser.inA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Apr 18, 2024 02:20:56.760756969 CEST1.1.1.1192.168.2.40xee31No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                    Apr 18, 2024 02:20:56.760756969 CEST1.1.1.1192.168.2.40xee31No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                    Apr 18, 2024 02:20:56.760756969 CEST1.1.1.1192.168.2.40xee31No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                    Apr 18, 2024 02:20:58.014494896 CEST1.1.1.1192.168.2.40x82cbNo error (0)mail.techwiser.in162.241.123.30A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • api.ipify.org

                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.449733172.67.74.1524436324C:\Users\user\Desktop\invoice & packing list.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-04-18 00:20:57 UTC155OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                    Host: api.ipify.org
                                                                    Connection: Keep-Alive
                                                                    2024-04-18 00:20:57 UTC211INHTTP/1.1 200 OK
                                                                    Date: Thu, 18 Apr 2024 00:20:57 GMT
                                                                    Content-Type: text/plain
                                                                    Content-Length: 12
                                                                    Connection: close
                                                                    Vary: Origin
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Server: cloudflare
                                                                    CF-RAY: 87607df15fb7676e-ATL
                                                                    2024-04-18 00:20:57 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                    Data Ascii: 81.181.57.52


                                                                    SMTP Packets

                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                    Apr 18, 2024 02:20:58.730129957 CEST58749735162.241.123.30192.168.2.4220-sh014.hostgator.in ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 05:50:58 +0530
                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                    220 and/or bulk e-mail.
                                                                    Apr 18, 2024 02:20:58.730572939 CEST49735587192.168.2.4162.241.123.30EHLO 305090
                                                                    Apr 18, 2024 02:20:58.891308069 CEST58749735162.241.123.30192.168.2.4250-sh014.hostgator.in Hello 305090 [81.181.57.52]
                                                                    250-SIZE 52428800
                                                                    250-8BITMIME
                                                                    250-PIPELINING
                                                                    250-PIPECONNECT
                                                                    250-AUTH PLAIN LOGIN
                                                                    250-STARTTLS
                                                                    250 HELP
                                                                    Apr 18, 2024 02:20:58.891463041 CEST49735587192.168.2.4162.241.123.30STARTTLS
                                                                    Apr 18, 2024 02:20:59.053905964 CEST58749735162.241.123.30192.168.2.4220 TLS go ahead

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:02:20:51
                                                                    Start date:18/04/2024
                                                                    Path:C:\Users\user\Desktop\invoice & packing list.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\invoice & packing list.exe"
                                                                    Imagebase:0x2e0000
                                                                    File size:677'888 bytes
                                                                    MD5 hash:E9DE39CE29B4E19D9487D6517F5FE390
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1686242139.00000000036B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:2
                                                                    Start time:02:20:55
                                                                    Start date:18/04/2024
                                                                    Path:C:\Users\user\Desktop\invoice & packing list.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\invoice & packing list.exe"
                                                                    Imagebase:0xa60000
                                                                    File size:677'888 bytes
                                                                    MD5 hash:E9DE39CE29B4E19D9487D6517F5FE390
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2874078879.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2874078879.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2872129268.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:false

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:6.9%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:18
                                                                      Total number of Limit Nodes:3
                                                                      execution_graph 19199 24eda70 19202 24edb68 19199->19202 19200 24eda7f 19203 24edb79 19202->19203 19206 24edb9c 19202->19206 19211 24ebe10 19203->19211 19206->19200 19207 24edb94 19207->19206 19208 24edda0 GetModuleHandleW 19207->19208 19209 24eddcd 19208->19209 19209->19200 19212 24edd58 GetModuleHandleW 19211->19212 19214 24edb84 19212->19214 19214->19206 19215 24ede00 19214->19215 19216 24ebe10 GetModuleHandleW 19215->19216 19218 24ede14 19216->19218 19217 24ede39 19217->19207 19218->19217 19220 24ed0f0 19218->19220 19221 24edfc0 LoadLibraryExW 19220->19221 19223 24ee039 19221->19223 19223->19217

                                                                      Executed Functions

                                                                      Function 06FB0EB9 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 205 6fb0eb9-6fb0f15 208 6fb0f1c-6fb0f58 205->208 209 6fb0f17 205->209 279 6fb0f5a call 6fb1522 208->279 280 6fb0f5a call 6fb1530 208->280 209->208 211 6fb0f60 212 6fb0f67-6fb0f83 211->212 213 6fb0f8c-6fb0f8d 212->213 214 6fb0f85 212->214 228 6fb131c-6fb132f 213->228 214->211 214->213 215 6fb10ba-6fb10c6 214->215 216 6fb11b8-6fb11cc 214->216 217 6fb12b4-6fb12cb 214->217 218 6fb0fab-6fb0faf 214->218 219 6fb1069-6fb1075 214->219 220 6fb122f-6fb124f 214->220 221 6fb112f-6fb114f 214->221 222 6fb116e-6fb1172 214->222 223 6fb10ee-6fb1100 214->223 224 6fb12ec-6fb12f0 214->224 225 6fb0fd8-6fb0fe4 214->225 226 6fb119e-6fb11b3 214->226 227 6fb129d-6fb12af 214->227 214->228 229 6fb0f92-6fb0fa9 214->229 230 6fb11d1-6fb11dd 214->230 231 6fb12d0-6fb12e7 214->231 232 6fb1154-6fb1169 214->232 233 6fb1254-6fb1260 214->233 234 6fb128b-6fb1298 214->234 235 6fb100f-6fb1018 214->235 236 6fb1205-6fb1211 214->236 237 6fb1105-6fb1111 214->237 238 6fb1044-6fb1064 214->238 245 6fb10c8 215->245 246 6fb10cd-6fb10e9 215->246 216->212 217->212 247 6fb0fc2-6fb0fc9 218->247 248 6fb0fb1-6fb0fc0 218->248 239 6fb107c-6fb1092 219->239 240 6fb1077 219->240 220->212 221->212 259 6fb1185-6fb118c 222->259 260 6fb1174-6fb1183 222->260 223->212 257 6fb1303-6fb130a 224->257 258 6fb12f2-6fb1301 224->258 253 6fb0feb-6fb100a 225->253 254 6fb0fe6 225->254 226->212 227->212 229->212 241 6fb11df 230->241 242 6fb11e4-6fb1200 230->242 231->212 232->212 249 6fb1262 233->249 250 6fb1267-6fb1286 233->250 234->212 255 6fb102b-6fb1032 235->255 256 6fb101a-6fb1029 235->256 243 6fb1218-6fb122a 236->243 244 6fb1213 236->244 251 6fb1118-6fb112a 237->251 252 6fb1113 237->252 238->212 276 6fb1099-6fb10b5 239->276 277 6fb1094 239->277 240->239 241->242 242->212 243->212 244->243 245->246 246->212 262 6fb0fd0-6fb0fd6 247->262 248->262 249->250 250->212 251->212 252->251 253->212 254->253 263 6fb1039-6fb103f 255->263 256->263 264 6fb1311-6fb1317 257->264 258->264 268 6fb1193-6fb1199 259->268 260->268 262->212 263->212 264->212 268->212 276->212 277->276 279->211 280->211
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: tIh
                                                                      • API String ID: 0-443931868
                                                                      • Opcode ID: 1ebef288b97d8112f2629c4b30161960255b64b01e6249f8e3de1df9c1b89d3e
                                                                      • Instruction ID: f9d79ce25809de595aad1868ed64c19c657ccf9d0777700b4a02ff105565b37b
                                                                      • Opcode Fuzzy Hash: 1ebef288b97d8112f2629c4b30161960255b64b01e6249f8e3de1df9c1b89d3e
                                                                      • Instruction Fuzzy Hash: A6D16E71E0520ADFDB44CF9AC8818AEFFB6FF89340B14E555E411AB254DB34A982CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB0EF0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 289 6fb0ef0-6fb0f15 290 6fb0f1c-6fb0f58 289->290 291 6fb0f17 289->291 361 6fb0f5a call 6fb1522 290->361 362 6fb0f5a call 6fb1530 290->362 291->290 293 6fb0f60 294 6fb0f67-6fb0f83 293->294 295 6fb0f8c-6fb0f8d 294->295 296 6fb0f85 294->296 310 6fb131c-6fb132f 295->310 296->293 296->295 297 6fb10ba-6fb10c6 296->297 298 6fb11b8-6fb11cc 296->298 299 6fb12b4-6fb12cb 296->299 300 6fb0fab-6fb0faf 296->300 301 6fb1069-6fb1075 296->301 302 6fb122f-6fb124f 296->302 303 6fb112f-6fb114f 296->303 304 6fb116e-6fb1172 296->304 305 6fb10ee-6fb1100 296->305 306 6fb12ec-6fb12f0 296->306 307 6fb0fd8-6fb0fe4 296->307 308 6fb119e-6fb11b3 296->308 309 6fb129d-6fb12af 296->309 296->310 311 6fb0f92-6fb0fa9 296->311 312 6fb11d1-6fb11dd 296->312 313 6fb12d0-6fb12e7 296->313 314 6fb1154-6fb1169 296->314 315 6fb1254-6fb1260 296->315 316 6fb128b-6fb1298 296->316 317 6fb100f-6fb1018 296->317 318 6fb1205-6fb1211 296->318 319 6fb1105-6fb1111 296->319 320 6fb1044-6fb1064 296->320 327 6fb10c8 297->327 328 6fb10cd-6fb10e9 297->328 298->294 299->294 329 6fb0fc2-6fb0fc9 300->329 330 6fb0fb1-6fb0fc0 300->330 321 6fb107c-6fb1092 301->321 322 6fb1077 301->322 302->294 303->294 341 6fb1185-6fb118c 304->341 342 6fb1174-6fb1183 304->342 305->294 339 6fb1303-6fb130a 306->339 340 6fb12f2-6fb1301 306->340 335 6fb0feb-6fb100a 307->335 336 6fb0fe6 307->336 308->294 309->294 311->294 323 6fb11df 312->323 324 6fb11e4-6fb1200 312->324 313->294 314->294 331 6fb1262 315->331 332 6fb1267-6fb1286 315->332 316->294 337 6fb102b-6fb1032 317->337 338 6fb101a-6fb1029 317->338 325 6fb1218-6fb122a 318->325 326 6fb1213 318->326 333 6fb1118-6fb112a 319->333 334 6fb1113 319->334 320->294 358 6fb1099-6fb10b5 321->358 359 6fb1094 321->359 322->321 323->324 324->294 325->294 326->325 327->328 328->294 344 6fb0fd0-6fb0fd6 329->344 330->344 331->332 332->294 333->294 334->333 335->294 336->335 345 6fb1039-6fb103f 337->345 338->345 346 6fb1311-6fb1317 339->346 340->346 350 6fb1193-6fb1199 341->350 342->350 344->294 345->294 346->294 350->294 358->294 359->358 361->293 362->293
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: tIh
                                                                      • API String ID: 0-443931868
                                                                      • Opcode ID: 804ee5e96f363bd85472f70bc4ed78f7b7e1206dcd704776abf066c87b031749
                                                                      • Instruction ID: d4ab497253dbb563a9c09544b28452b47f1a235cc9413ae37e9d4aa2658785e4
                                                                      • Opcode Fuzzy Hash: 804ee5e96f363bd85472f70bc4ed78f7b7e1206dcd704776abf066c87b031749
                                                                      • Instruction Fuzzy Hash: 58D13C70E1520ADFDB44CF9AD8858AEFFB6FF88300B14E555E411AB254DB349982CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB43A0 Relevance: .2, Instructions: 231COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24de1b9a9b96a38ea7182cf2241434d950aa1507c2bd6766d9978d6265e177d4
                                                                      • Instruction ID: f23795d093c8b9dc9906f09b17d5fc44d0ac51c21d1bef9da6a8df4814e78107
                                                                      • Opcode Fuzzy Hash: 24de1b9a9b96a38ea7182cf2241434d950aa1507c2bd6766d9978d6265e177d4
                                                                      • Instruction Fuzzy Hash: 8D910571D15208DFDB48CFAAE6809DDFBF2FB89300F20A41AE416BB269D73099558F54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB4390 Relevance: .2, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ddeedcb427e3ae6d12c94454378076ece29cf63f17c6604dd90accc161685091
                                                                      • Instruction ID: 8211c28ea5062c2e493e0bcbcbf704ba653ae14608f6ed4efdbe10b7d540c6bf
                                                                      • Opcode Fuzzy Hash: ddeedcb427e3ae6d12c94454378076ece29cf63f17c6604dd90accc161685091
                                                                      • Instruction Fuzzy Hash: D8913971D15209DFDB48CFAAEA809DDFBF2FB89300F10A429E416B7269D73099458F54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB4088 Relevance: .2, Instructions: 204COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cee3e0be1ae3248d95c46adaf710b3ca6992fcf498d206cc913ee27e49d2a195
                                                                      • Instruction ID: 7cfa4e0c7fcbe6a825fa0fc3700011384b74c1e48f006d7ef0213e1e4dd32f03
                                                                      • Opcode Fuzzy Hash: cee3e0be1ae3248d95c46adaf710b3ca6992fcf498d206cc913ee27e49d2a195
                                                                      • Instruction Fuzzy Hash: AC812F75E00229CFDB44CFAAC9809EEFBB2FB98300F10A91AD511B7259D7359952CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB4079 Relevance: .2, Instructions: 204COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afec08a6ab3cd1310abb5db73e809418c20e3a9cf574c3d8cfd4851f237feb23
                                                                      • Instruction ID: 73a04f5faac84a60ddfcf73d9038af60b7dc1c2a8c27237ff822152d090a633f
                                                                      • Opcode Fuzzy Hash: afec08a6ab3cd1310abb5db73e809418c20e3a9cf574c3d8cfd4851f237feb23
                                                                      • Instruction Fuzzy Hash: 1C811275E00229DFDB44CFAAC980AEEBBF2FB98300F00A45AD511A7259D7359952CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB001E Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff53cc0276164d58812a6c7f4ac9f519919e35df9471d10745b9e5eb5bf39764
                                                                      • Instruction ID: d037ebcf17edf142f6da239d9d3d26614fbe536bc09286d78b5e5a984ba44623
                                                                      • Opcode Fuzzy Hash: ff53cc0276164d58812a6c7f4ac9f519919e35df9471d10745b9e5eb5bf39764
                                                                      • Instruction Fuzzy Hash: F1212D71E056488BDB18CF6BC8502DEBFB3AFC9300F14C0AAD408AA255DB755945CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB0040 Relevance: .1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9b3a73b8d8a4032816ee80c3b4904d988cbe262fa69a98808ea67a70ef95848
                                                                      • Instruction ID: 8bbe385126e54d8a4495054c470e51c291f0b720fa2aa1cc2c9b955a0cfa30cc
                                                                      • Opcode Fuzzy Hash: d9b3a73b8d8a4032816ee80c3b4904d988cbe262fa69a98808ea67a70ef95848
                                                                      • Instruction Fuzzy Hash: 5421E7B1E016188BEB58CFABD8542DEFBF3AFC8310F14C16AD508A6258DF741A45CA90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB1530 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 132 6fb1530-6fb154e 133 6fb1550 132->133 134 6fb1555-6fb155a 132->134 133->134 146 6fb155d call 6fb161a 134->146 147 6fb155d call 6fb1628 134->147 135 6fb1563 136 6fb156a-6fb1586 135->136 137 6fb1588 136->137 138 6fb158f-6fb1590 136->138 137->135 137->138 139 6fb15fd-6fb1601 137->139 140 6fb1592-6fb15a6 137->140 141 6fb15d6-6fb15f8 137->141 138->139 143 6fb15b9-6fb15c0 140->143 144 6fb15a8-6fb15b7 140->144 141->136 145 6fb15c7-6fb15d4 143->145 144->145 145->136 146->135 147->135
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 3H5$3H5
                                                                      • API String ID: 0-2752242361
                                                                      • Opcode ID: 8b4bd4b9d17f90bed466ae34bfbb87f3e9bfd21f304a9b3db243dc34633f7fd7
                                                                      • Instruction ID: be55ecda361f24bc123c6c59b3c8266bd6be637b9f388cd051b4998d80bb58eb
                                                                      • Opcode Fuzzy Hash: 8b4bd4b9d17f90bed466ae34bfbb87f3e9bfd21f304a9b3db243dc34633f7fd7
                                                                      • Instruction Fuzzy Hash: 992128B0E11209DFDB44CFAAC550AAEFBF1FF89300F14D5AAD509AB254E7309A45CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 024EDB68 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 148 24edb68-24edb77 149 24edb79-24edb86 call 24ebe10 148->149 150 24edba3-24edba7 148->150 156 24edb9c 149->156 157 24edb88-24edb96 call 24ede00 149->157 152 24edbbb-24edbfc 150->152 153 24edba9-24edbb3 150->153 159 24edbfe-24edc06 152->159 160 24edc09-24edc17 152->160 153->152 156->150 157->156 166 24edcd8-24edd98 157->166 159->160 161 24edc3b-24edc3d 160->161 162 24edc19-24edc1e 160->162 167 24edc40-24edc47 161->167 164 24edc29 162->164 165 24edc20-24edc27 call 24ed098 162->165 169 24edc2b-24edc39 164->169 165->169 199 24edd9a-24edd9d 166->199 200 24edda0-24eddcb GetModuleHandleW 166->200 170 24edc49-24edc51 167->170 171 24edc54-24edc5b 167->171 169->167 170->171 172 24edc5d-24edc65 171->172 173 24edc68-24edc71 call 24ed0a8 171->173 172->173 179 24edc7e-24edc83 173->179 180 24edc73-24edc7b 173->180 181 24edc85-24edc8c 179->181 182 24edca1-24edcae 179->182 180->179 181->182 184 24edc8e-24edc9e call 24ed0b8 call 24ed0c8 181->184 189 24edcb0-24edcce 182->189 190 24edcd1-24edcd7 182->190 184->182 189->190 199->200 201 24eddcd-24eddd3 200->201 202 24eddd4-24edde8 200->202 201->202
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685652314.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_24e0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 712d801894b2196b09e2cd38f4aa8dacffccdcda040cc9e9373735287abb224c
                                                                      • Instruction ID: 1b1be5f7c3ce666b66f08259dd225a6e5f4d172244ee177b0a23c7e072ec608f
                                                                      • Opcode Fuzzy Hash: 712d801894b2196b09e2cd38f4aa8dacffccdcda040cc9e9373735287abb224c
                                                                      • Instruction Fuzzy Hash: 8D712570A00B058FEB24DF29C44575ABBF9FF88305F048A2ED48A97B50D775E949CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 024ED0F0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 281 24ed0f0-24ee000 283 24ee008-24ee037 LoadLibraryExW 281->283 284 24ee002-24ee005 281->284 285 24ee039-24ee03f 283->285 286 24ee040-24ee05d 283->286 284->283 285->286
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,024EDE39,00000800,00000000,00000000), ref: 024EE02A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685652314.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_24e0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: d294bebf0560e2590ac96c1330e4988bcf58cb1cef001834872125cce336672c
                                                                      • Instruction ID: ce3c9a6953a4dcfb7be8611706dea556ad8fbd749805f7223c2100fe8f9fb5d3
                                                                      • Opcode Fuzzy Hash: d294bebf0560e2590ac96c1330e4988bcf58cb1cef001834872125cce336672c
                                                                      • Instruction Fuzzy Hash: 181103B69002188FDB20CF9AD444A9EFBF4EB48324F10846AE91AA7210C375A545CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 024EBE10 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 363 24ebe10-24edd98 365 24edd9a-24edd9d 363->365 366 24edda0-24eddcb GetModuleHandleW 363->366 365->366 367 24eddcd-24eddd3 366->367 368 24eddd4-24edde8 366->368 367->368
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,024EDB84), ref: 024EDDBE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685652314.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_24e0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 0700e5c3fba4f0ec1ae907974dd793aba4060a602e60299c4a5c3ced1bf86ce9
                                                                      • Instruction ID: 1902ad3be829febbf5fe676afc993379080f2792670f5bc690f5ec453af42a9f
                                                                      • Opcode Fuzzy Hash: 0700e5c3fba4f0ec1ae907974dd793aba4060a602e60299c4a5c3ced1bf86ce9
                                                                      • Instruction Fuzzy Hash: E31102B5D00249CFDB20DF9AD444ADEFBF8EB89224F10846AD46AA7710C375A545CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3A6C Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 370 6fb3a6c-6fb5a16 call 6fb3c0c 377 6fb5a18-6fb5a28 call 6fb3c18 370->377 378 6fb5a5f-6fb5a67 370->378 382 6fb5a2a-6fb5a4b call 6fb3c24 377->382 383 6fb5a6e-6fb5a83 377->383 378->383 388 6fb5a53-6fb5a55 382->388 389 6fb5a8a-6fb5ada 383->389 388->389 390 6fb5a57-6fb5a5e 388->390 394 6fb5b61-6fb5b73 389->394 395 6fb5ae0-6fb5af1 389->395 398 6fb5af3-6fb5afe 395->398 399 6fb5b21-6fb5b37 398->399 400 6fb5b00-6fb5b1e 398->400 399->398 403 6fb5b39-6fb5b60 399->403 400->399
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 27eb3496d32cd17e7f983a961bd91d4da2fc28a7e80f7a1a9eb88bf32444db57
                                                                      • Instruction ID: 8194a8e66ffcead7b2b00ab53ef783b62562c8363a6c8d782413a3a3b66a2fbb
                                                                      • Opcode Fuzzy Hash: 27eb3496d32cd17e7f983a961bd91d4da2fc28a7e80f7a1a9eb88bf32444db57
                                                                      • Instruction Fuzzy Hash: 7E517E31B002058FCB14EFB998848AEBBF6EFC47207148969E469D7395DF749D0587A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB36BF Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 408 6fb36bf-6fb36cd 409 6fb36eb 408->409 410 6fb36cf-6fb36e8 408->410 412 6fb36ef-6fb36fe 409->412 411 6fb36ea 410->411 410->412 411->412 413 6fb3701 412->413 414 6fb3708-6fb3724 413->414 415 6fb372d-6fb372e 414->415 416 6fb3726 414->416 417 6fb381b-6fb381f 415->417 416->413 416->415 416->417 418 6fb37f8-6fb3816 416->418 419 6fb375f-6fb377d 416->419 420 6fb377f-6fb379d 416->420 421 6fb3733-6fb375d 416->421 422 6fb37a2-6fb37b4 416->422 423 6fb37d5-6fb37f3 416->423 418->414 419->414 420->414 421->414 425 6fb37b7 call 6fb3858 422->425 426 6fb37b7 call 6fb3852 422->426 423->414 424 6fb37bd-6fb37d0 424->414 425->424 426->424
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O};5
                                                                      • API String ID: 0-3558557551
                                                                      • Opcode ID: f728d9048f7e92f4b7777dc48e1475d6c07595454c934aa3552cc8237f6f9572
                                                                      • Instruction ID: 8b6cc50c9d2610c4d7ace2e7efcd3683829057bb05e90f6f6ac7082c02e3716d
                                                                      • Opcode Fuzzy Hash: f728d9048f7e92f4b7777dc48e1475d6c07595454c934aa3552cc8237f6f9572
                                                                      • Instruction Fuzzy Hash: CD41ADB5A24609EFDB84CF96D58489DFFB1FF89200B60D4D9D044AB3A5D7719A50CB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBB2B0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 427 6fbb2b0-6fbb2e3 429 6fbb2ea-6fbb325 427->429 430 6fbb2e5 427->430 431 6fbb32a-6fbb32f 429->431 432 6fbb3fe-6fbb41d 429->432 430->429 433 6fbb466-6fbb47b 431->433 434 6fbb335-6fbb336 431->434 439 6fbb47d-6fbb48a 432->439 440 6fbb425-6fbb455 432->440 438 6fbb49c-6fbb4a2 433->438 434->433 448 6fbb4a4 call 6fbbb39 438->448 449 6fbb4a4 call 6fbbb48 438->449 450 6fbb4a4 call 6fbbce1 438->450 445 6fbb493-6fbb49a 439->445 440->431 447 6fbb45b-6fbb461 440->447 441 6fbb4aa 444 6fbb4ab 441->444 444->444 445->438 445->440 447->431 448->441 449->441 450->441
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 1d8dc6b1a6e22ae2debea30d76498650b7f4767a49d16e54986f0e6114f5ec04
                                                                      • Instruction ID: c6a7329dd2c6762949429d2022a9a8d007d622364fb546ff9887cb68125494e3
                                                                      • Opcode Fuzzy Hash: 1d8dc6b1a6e22ae2debea30d76498650b7f4767a49d16e54986f0e6114f5ec04
                                                                      • Instruction Fuzzy Hash: DE311770E05208CFEB08DFAAD9446EEBFF6FF89300F14912AE416AB254EB755945CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB36D0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 451 6fb36d0-6fb36e8 452 6fb36ea 451->452 453 6fb36ef-6fb36fe 451->453 452->453 454 6fb3701 453->454 455 6fb3708-6fb3724 454->455 456 6fb372d-6fb372e 455->456 457 6fb3726 455->457 458 6fb381b-6fb381f 456->458 457->454 457->456 457->458 459 6fb37f8-6fb3816 457->459 460 6fb375f-6fb377d 457->460 461 6fb377f-6fb379d 457->461 462 6fb3733-6fb375d 457->462 463 6fb37a2-6fb37b4 457->463 464 6fb37d5-6fb37f3 457->464 459->455 460->455 461->455 462->455 466 6fb37b7 call 6fb3858 463->466 467 6fb37b7 call 6fb3852 463->467 464->455 465 6fb37bd-6fb37d0 465->455 466->465 467->465
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O};5
                                                                      • API String ID: 0-3558557551
                                                                      • Opcode ID: 57f4a1e3f6fcb5bcaad305505cd05223b857e196a9361e61c93fd0d5f807af4e
                                                                      • Instruction ID: c484fabe8eb25b0128b19a5fd7cdfc12a8ed1c530b45c5037d77828556030596
                                                                      • Opcode Fuzzy Hash: 57f4a1e3f6fcb5bcaad305505cd05223b857e196a9361e61c93fd0d5f807af4e
                                                                      • Instruction Fuzzy Hash: A0417BB1A24609EFDB84CF96D5848AEFFF1FB89200F60E499D405E72A4DB709A50CB10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBB2C0 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 468 6fbb2c0-6fbb2e3 469 6fbb2ea-6fbb325 468->469 470 6fbb2e5 468->470 471 6fbb32a-6fbb32f 469->471 472 6fbb3fe-6fbb41d 469->472 470->469 473 6fbb466-6fbb47b 471->473 474 6fbb335-6fbb336 471->474 479 6fbb47d-6fbb48a 472->479 480 6fbb425-6fbb455 472->480 478 6fbb49c-6fbb4a2 473->478 474->473 488 6fbb4a4 call 6fbbb39 478->488 489 6fbb4a4 call 6fbbb48 478->489 490 6fbb4a4 call 6fbbce1 478->490 485 6fbb493-6fbb49a 479->485 480->471 487 6fbb45b-6fbb461 480->487 481 6fbb4aa 484 6fbb4ab 481->484 484->484 485->478 485->480 487->471 488->481 489->481 490->481
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 79c638e41dc46f893eb1b428f0fb44b8ab17a7335464f3cb8b5cd82ec66370f4
                                                                      • Instruction ID: cb72490442bfd0fa5ff797ab19b68b663f32943436838212cf08ce9f42f48e71
                                                                      • Opcode Fuzzy Hash: 79c638e41dc46f893eb1b428f0fb44b8ab17a7335464f3cb8b5cd82ec66370f4
                                                                      • Instruction Fuzzy Hash: C531E274E01208CBEB08DFAAD9456EEBFF6BF89300F14902AE41AAB254DB755945CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBB33C Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 491 6fbb33c-6fbb4de 498 6fbb350-6fbb3c0 491->498 499 6fbb4e4-6fbb4e5 491->499 505 6fbb3c2 call 6fbc88a 498->505 506 6fbb3c2 call 6fbc1f9 498->506 507 6fbb3c2 call 6fbc208 498->507 508 6fbb3c2 call 6fbc470 498->508 504 6fbb3c8-6fbb3d2 505->504 506->504 507->504 508->504
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: 9ad16971b2a620c92a62e427f032bacc39c5ca00d5bed585049fd0c515da59a2
                                                                      • Instruction ID: e591175653c7f87e3bf92f95137454b873bcbc5b6e09f527fcc81658bc0c912d
                                                                      • Opcode Fuzzy Hash: 9ad16971b2a620c92a62e427f032bacc39c5ca00d5bed585049fd0c515da59a2
                                                                      • Instruction Fuzzy Hash: E731C275E04209CFDB04CFE9C8849EDBBB1FF48300F249129E919AB365C731A905CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3A5C Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 509 6fb3a5c-6fb591f 513 6fb59ac-6fb59b8 509->513 514 6fb5925-6fb592b 509->514 516 6fb592e-6fb5947 513->516 517 6fb59be-6fb59c4 513->517 516->513 520 6fb5949-6fb5961 516->520 520->513 523 6fb5963-6fb597d call 6fb3a6c 520->523 527 6fb5982 523->527 527->513
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te^q
                                                                      • API String ID: 0-671973202
                                                                      • Opcode ID: b3325a638b67a12929ed693363a651e647284dec945fd6869aa2a165ffa2a669
                                                                      • Instruction ID: 81c858fa1a00e6bd1da48d1e399c2b01703e50f9afa9ca1adb22355354103203
                                                                      • Opcode Fuzzy Hash: b3325a638b67a12929ed693363a651e647284dec945fd6869aa2a165ffa2a669
                                                                      • Instruction Fuzzy Hash: 8C116031F102098BCB44EFB999505FEB6F6AFC4310F10447AD415EB254EB358D05CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB1522 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 3H5
                                                                      • API String ID: 0-3899204960
                                                                      • Opcode ID: ee9bcbad89079c655d0d695202f19f9f3d93bdbd7857062f180e8b656097177b
                                                                      • Instruction ID: 75c0efc3ff58cb78eaf42e86f6418a0c61d0e8d33e6ffef083529486fcb83e0d
                                                                      • Opcode Fuzzy Hash: ee9bcbad89079c655d0d695202f19f9f3d93bdbd7857062f180e8b656097177b
                                                                      • Instruction Fuzzy Hash: 6C214AB0E11609DFDB44CFAAC580AAEFFF1EF8A300F14D1AAD105AB254D7309A45CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE71A Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 'o!
                                                                      • API String ID: 0-3977600089
                                                                      • Opcode ID: f4c0bcec8cd46418fcb54597e50b49ec5cd26ca136d91d339b1fe3898aedda00
                                                                      • Instruction ID: 9e0d9556b750073b3c6c582f323f196b3635790b94fae6a134aa547864e8d2a8
                                                                      • Opcode Fuzzy Hash: f4c0bcec8cd46418fcb54597e50b49ec5cd26ca136d91d339b1fe3898aedda00
                                                                      • Instruction Fuzzy Hash: 0311F374A142588FDB40DFA9E4849DDBFB6FB49310F10A529E416AB388DB3198448F84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE82D Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: sw{
                                                                      • API String ID: 0-3213569877
                                                                      • Opcode ID: 8ed555d8e8450609d9b63fcb4158f7522a18a14c1a3540eb0224486c9c0675e2
                                                                      • Instruction ID: 9741e033e49e1de694e0dff15dbb9028b0729523d0028494cdbd8e57ede24d59
                                                                      • Opcode Fuzzy Hash: 8ed555d8e8450609d9b63fcb4158f7522a18a14c1a3540eb0224486c9c0675e2
                                                                      • Instruction Fuzzy Hash: 52F030B8908318CFDB90DF10D944798BBF7EB84240F105195950A97316DBB09E85CF42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6F18 Relevance: .2, Instructions: 157COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b59296fafd86fe6cc6d1d2504d1ba692195fb57c3a76c9209d1a9f35db04b43
                                                                      • Instruction ID: 1c7ad3ae8ca77d84fe3f80e9b8c19a9598995851b6b504cf86294ddc3ad12c4a
                                                                      • Opcode Fuzzy Hash: 7b59296fafd86fe6cc6d1d2504d1ba692195fb57c3a76c9209d1a9f35db04b43
                                                                      • Instruction Fuzzy Hash: A951D631E00115DFDB409B9AD894AFEBFB2EF84340F44A06AE505EB294D776D941CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6F08 Relevance: .1, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05537d41e70b606fe7e63466ae9ae47c0b7f8ac1d58cd872b30d4837fb83c459
                                                                      • Instruction ID: 8cf9d6d39bf2dd6846440929e45817df5dc139066d58ba4f2cf8af98c3df759a
                                                                      • Opcode Fuzzy Hash: 05537d41e70b606fe7e63466ae9ae47c0b7f8ac1d58cd872b30d4837fb83c459
                                                                      • Instruction Fuzzy Hash: F251A332E00215DFDB40DF9AD885AFDBFB6EB84301F44A06AE511EB290D736D941CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBB48 Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 25479f924e075967eb87f73af2390ab81fbabd28656a5f032340e0a30035f6cb
                                                                      • Instruction ID: 5237418c3b598f45cb17afc289f1ed1ec0392930880473e268e916021478b4ba
                                                                      • Opcode Fuzzy Hash: 25479f924e075967eb87f73af2390ab81fbabd28656a5f032340e0a30035f6cb
                                                                      • Instruction Fuzzy Hash: 1B41FAB5D09209CFEB48CFAAC4446EEBBF6AF8C301F14E069D419A3255DF345941CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3568 Relevance: .1, Instructions: 125COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 355ade067eacb5f33682be1caab1c8e7a3faf3f718944d272b4b6a70e980de0b
                                                                      • Instruction ID: 6ccc05c10778b8a3d41bfb69d12899281beebc7abdbd1d35303a2b45ceeb53ae
                                                                      • Opcode Fuzzy Hash: 355ade067eacb5f33682be1caab1c8e7a3faf3f718944d272b4b6a70e980de0b
                                                                      • Instruction Fuzzy Hash: 4541B1B49186849FD306CBA9D494988BFB0EF8A211F1680D6D484DB3B3DB359985CB12
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBB39 Relevance: .1, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c486ad1fa7dde372bc116c378bb0b199d3d24338eb3442fd0d501d3b9b743df
                                                                      • Instruction ID: 144a0c59f96bd25549199803bd2c693e18d19d175bbe2bc5b2ff1b4959ae6167
                                                                      • Opcode Fuzzy Hash: 1c486ad1fa7dde372bc116c378bb0b199d3d24338eb3442fd0d501d3b9b743df
                                                                      • Instruction Fuzzy Hash: 6041E9B5D09208CFDB48CFAAD9446EEBFF6AF8D301F14E06AE419A3255DB344941CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBCE1 Relevance: .1, Instructions: 107COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db4baaeb2664d385ad75a2a607234519341240967b8b0e464a42bb22f44ea2ff
                                                                      • Instruction ID: d89256bb350672713803a3a7932c5bc879308e13af6ca7a27dc0033555e778cd
                                                                      • Opcode Fuzzy Hash: db4baaeb2664d385ad75a2a607234519341240967b8b0e464a42bb22f44ea2ff
                                                                      • Instruction Fuzzy Hash: 97310774D09209DFDB84CFA6D5819FEBBBAEB4D301F206055E40AA7251CB345A41CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB8A68 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50ee35fc58c023c12c363a9b091a7a65caa069d1dfbbefb9f761f35dac330fe3
                                                                      • Instruction ID: 1a1fbd4be9c034ca5e6d93de4d6892f1c149b03042fbb3c2cb23e19ba9e5a536
                                                                      • Opcode Fuzzy Hash: 50ee35fc58c023c12c363a9b091a7a65caa069d1dfbbefb9f761f35dac330fe3
                                                                      • Instruction Fuzzy Hash: DA41B231E08215DFD380DBAAC885AFA77EEEB80381F49A0B6E525D72D1C334D940CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3858 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d2ee2c9792b76aa9a2d04fd2bf7d3200eff765ba1860597d8ccf8b12c5b63efb
                                                                      • Instruction ID: 22914c79ee2d28b8b65aa5449b342d6bebbcee9a52d88cb18aafbe9a5a8d6941
                                                                      • Opcode Fuzzy Hash: d2ee2c9792b76aa9a2d04fd2bf7d3200eff765ba1860597d8ccf8b12c5b63efb
                                                                      • Instruction Fuzzy Hash: 3D41AE76E0420ADFDB45CF95D8419EEBFB2FB89310F10A529D504A7394D7709A81CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3852 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 095e40f926f13fa3e54339de1a8ca102b9ebff473420fb0605f9a9ab74967247
                                                                      • Instruction ID: 5450d15ad78f05e030d3b9fcf8cc400ac1bc27d36d9eeb58b77220ad11065eb7
                                                                      • Opcode Fuzzy Hash: 095e40f926f13fa3e54339de1a8ca102b9ebff473420fb0605f9a9ab74967247
                                                                      • Instruction Fuzzy Hash: A8418B76E0420A9FDB45CF99D8419EEBFB2FB89310F10A529E504B7394D7709A818FA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6B40 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d61b7e4bcb27906d713bb3ec1d55f4a9edeaed2963d2ee3005bdd937cd6c52f4
                                                                      • Instruction ID: 950f6848c7d102fa534dde6d4d625ebbc51a5fa6f3e59bec474f778117796d08
                                                                      • Opcode Fuzzy Hash: d61b7e4bcb27906d713bb3ec1d55f4a9edeaed2963d2ee3005bdd937cd6c52f4
                                                                      • Instruction Fuzzy Hash: 89312871900209EFCB50DFAAD844ADEBFF9FB89310F10846AE519E7211D735A940CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBE88 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94eb9c1f49b81ac3dedf54648d4474ab331a7325d90d9d2f7dd21a2ea06845fc
                                                                      • Instruction ID: 9e126e77443ca5e8c865b80641689a1e0b4770f9c58ca9ef339e95ad97f09a44
                                                                      • Opcode Fuzzy Hash: 94eb9c1f49b81ac3dedf54648d4474ab331a7325d90d9d2f7dd21a2ea06845fc
                                                                      • Instruction Fuzzy Hash: 48314A75E09218DFDB44CFAAD844AEDBBF5FF89300F0090A9E805A7261DB319A40CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B4D06C Relevance: .1, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685197350.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b4d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8051e52722fa27454d969e6e6aedba71f4ed283f6723f52027e5d2bad47018e0
                                                                      • Instruction ID: 9f0861e8f41b6d29aaf63c520632487cce99b4193c03d0a84751b5e0d2c7ada8
                                                                      • Opcode Fuzzy Hash: 8051e52722fa27454d969e6e6aedba71f4ed283f6723f52027e5d2bad47018e0
                                                                      • Instruction Fuzzy Hash: EB212471100200DFCB059F14C9C4B26BFA5FB88314F2086A9ED091B256C33AC916EBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B4D5C8 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685197350.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b4d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10a5d9d8f31f58b10db24da53249dc72c88e4a20056c096ae82aa57dc20836dc
                                                                      • Instruction ID: 91e8db8feb2613353fec5b79d4703555004e45118d027bab58d0ed2997320463
                                                                      • Opcode Fuzzy Hash: 10a5d9d8f31f58b10db24da53249dc72c88e4a20056c096ae82aa57dc20836dc
                                                                      • Instruction Fuzzy Hash: 6D212571500200DFCB05DF14D9C4B2ABFA5FB94314F20C5ADE9090B25AC336D956E6A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B5D2F0 Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685296209.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b5d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12db482e1332f8fab0520577651e9695958f60ef031060a75fb2ee9ba392411b
                                                                      • Instruction ID: 957c5803f65e32b77e2606dce61aa8712b4b8e1c6963a433cc5aa7be2200c745
                                                                      • Opcode Fuzzy Hash: 12db482e1332f8fab0520577651e9695958f60ef031060a75fb2ee9ba392411b
                                                                      • Instruction Fuzzy Hash: C32104B1604204DFDB24DF14D9C4B26BBA5FB84315F20C6EDDC494B356C37AD84ACA66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B5D01C Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685296209.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b5d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a9fed8e8f8cb9dbe44188333cf4b0bf1285276784c1244afdda5b7ac67cd012
                                                                      • Instruction ID: ab4bae8f6aad8ebf4149c16612ffd31734f5ac221c7d905a42c6a5475655bc8c
                                                                      • Opcode Fuzzy Hash: 4a9fed8e8f8cb9dbe44188333cf4b0bf1285276784c1244afdda5b7ac67cd012
                                                                      • Instruction Fuzzy Hash: C721F271604240DFDB24DF14D9D4B26BBA5EB88315F28C6EDDD0A4B296C33AD84BCA61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD1B1 Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47bcd1a7639bc6ca6b5564f99d979fc24ed1389da1b9a82621ef06c453d1a2b4
                                                                      • Instruction ID: 78887f2da45fd06bf82e55b3f2ab80c5b26e16af0a638baabe7a63ebc28087ca
                                                                      • Opcode Fuzzy Hash: 47bcd1a7639bc6ca6b5564f99d979fc24ed1389da1b9a82621ef06c453d1a2b4
                                                                      • Instruction Fuzzy Hash: 68216270D05349AFD780DFA9DC05AEEBFF5AF44200F0585AAE414E7252E7749605CBE2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB5B7E Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5c7757c0f2d9b5a764c477f8078691d55667444763713a0cf8c267d86f04a378
                                                                      • Instruction ID: 1363575eaf485787fc7661d0af8c0ee0ae993637442ad84292aaaf8190b406fd
                                                                      • Opcode Fuzzy Hash: 5c7757c0f2d9b5a764c477f8078691d55667444763713a0cf8c267d86f04a378
                                                                      • Instruction Fuzzy Hash: 4831C0B4D012189FDB60DFAAC989BCEBFF5EB08714F248459E404BB250C7B95885CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3C0C Relevance: .1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aba5ebe7002c9d6436447f3b24460cf23866d2877e137e2f6e4c7f71ee56145a
                                                                      • Instruction ID: b13af3cb880ee50ce42bc700e4e7e20a2dd85628568535e6b2889512877eae6f
                                                                      • Opcode Fuzzy Hash: aba5ebe7002c9d6436447f3b24460cf23866d2877e137e2f6e4c7f71ee56145a
                                                                      • Instruction Fuzzy Hash: E631CEB4D01218DFDB60DFAAC989BDEBFF5AB08314F249459E404BB250C7B95885CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6B14 Relevance: .1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abbb131a20323a83eaf9d9c94922c6faef42eb1677287459550a9350f1278da5
                                                                      • Instruction ID: e36786b2cbb30e1432b3aa19a27ecfa104555ef9a1fd9830941a4adfaeb48bee
                                                                      • Opcode Fuzzy Hash: abbb131a20323a83eaf9d9c94922c6faef42eb1677287459550a9350f1278da5
                                                                      • Instruction Fuzzy Hash: 2C11E762A18384AFCB41DB75CC15AAE7BF5EB51600F2444E9E805C7342ED35DD058361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB8968 Relevance: .1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1942c038a5246fc2cc22b3fb2c32f2049320b3935ebced751c6377acf016df38
                                                                      • Instruction ID: 34742820d64a41b0c433bea7c371148d6cb0edb154af4c9799f1edcc0651ec36
                                                                      • Opcode Fuzzy Hash: 1942c038a5246fc2cc22b3fb2c32f2049320b3935ebced751c6377acf016df38
                                                                      • Instruction Fuzzy Hash: 0011E931F44344EFEF555A07CC09BA57A6FEBC2F81F195066E1215F1D5C632D840C642
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBCC22 Relevance: .1, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 76fc35391e24176d7e0d142caa370b484501d72e21adf103729e85659b51e51a
                                                                      • Instruction ID: f3847fa35a49f6fecb02696af9d9b5e878e0a916531e6ef55963ac693ec3693a
                                                                      • Opcode Fuzzy Hash: 76fc35391e24176d7e0d142caa370b484501d72e21adf103729e85659b51e51a
                                                                      • Instruction Fuzzy Hash: 44118B75E052189FD748CF6AC4448EEBFBAEF8D311F04D069E415AB251DB35A941CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB35F8 Relevance: .1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7599fa5d3055ca6dec2e657dfe91be188afdf5941a8328779e1946aadc707492
                                                                      • Instruction ID: e1fb2ea2d0b3645efdfe27bbee376f7b46e9fbe9fec27372e2a4de4144f4bf96
                                                                      • Opcode Fuzzy Hash: 7599fa5d3055ca6dec2e657dfe91be188afdf5941a8328779e1946aadc707492
                                                                      • Instruction Fuzzy Hash: 69219FB4A10908DFD744CF5AE084999BFF1FF88310F5280D8E8489B2A6DB719991CF01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B5D005 Relevance: .1, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685296209.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b5d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 176584610317ad6545de6b627560e21ec37d87d73e5ac63d62231f7b3100ae79
                                                                      • Instruction ID: 52b9f7c6176e5b6cf69eceedbaf4f907d5d33778947c9c8f10861deca231ac0f
                                                                      • Opcode Fuzzy Hash: 176584610317ad6545de6b627560e21ec37d87d73e5ac63d62231f7b3100ae79
                                                                      • Instruction Fuzzy Hash: 272165755093C08FDB16CF24D594715BF71EB45314F28C6DAD8498B697C33A980ACB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB59CA Relevance: .1, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 55ed71cecd79d3820da53f5ca457e0bbc678fbcee9ab9a7582299fa52d0dc3c0
                                                                      • Instruction ID: 3e3e16db97ff741ab0a114b8a5cd04ce637b71f38c8f7509e7db35ef47bba652
                                                                      • Opcode Fuzzy Hash: 55ed71cecd79d3820da53f5ca457e0bbc678fbcee9ab9a7582299fa52d0dc3c0
                                                                      • Instruction Fuzzy Hash: C81186B2F006155B9B64EE7A9C445FFBBFAEBC4660B154929E429E7340DF3099014760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBC1F9 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fbb7e149ea62af0f6d15ae20b695723e4d40d98fa1375c8ae907066fe9b543eb
                                                                      • Instruction ID: 6af9f5b2d479d254b4b8f5e1e2f1bd05d86fe9d8608e41c9b0a8e53f349921b0
                                                                      • Opcode Fuzzy Hash: fbb7e149ea62af0f6d15ae20b695723e4d40d98fa1375c8ae907066fe9b543eb
                                                                      • Instruction Fuzzy Hash: 0F21F4B1D056588BEB58CFABC8043EEBFF6AFC9300F14D06AD408B6295DB7509458FA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBCF0 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3083025c99df84c796084f855c063874da713d3794edf5e6a510ecaa3abb4ec1
                                                                      • Instruction ID: 802d2f9797eac4bf9b8b2af782945697862ec5c3fd1adc69851c9e21a9cf04a7
                                                                      • Opcode Fuzzy Hash: 3083025c99df84c796084f855c063874da713d3794edf5e6a510ecaa3abb4ec1
                                                                      • Instruction Fuzzy Hash: D521C7B4E09209DFDB80CFAAD1819EEBBF6AB4C300F60A0559819A7351DB749E40CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBD99 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b85869c3947f1667e07f88c00c7c0fe42dc3cf170cc56a9abe56385a950d60ad
                                                                      • Instruction ID: bb13a74c25fd445078034d0f221f3b0e42326945bdde5296bbb6f9385eee02fd
                                                                      • Opcode Fuzzy Hash: b85869c3947f1667e07f88c00c7c0fe42dc3cf170cc56a9abe56385a950d60ad
                                                                      • Instruction Fuzzy Hash: 69112874D09208EFDB84DFAAD4859EEBBFAEF49300F11A5D5D40897256DB70AA41CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B4D067 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685197350.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b4d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                      • Instruction ID: 99e1490b0855bf150f59a974947bf6f595533b11ea97717507c0fa8202a52e17
                                                                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                      • Instruction Fuzzy Hash: C821DF76504280DFCB06CF00D9C4B16BFB2FB98314F24C2A9DD491B256C33AD926DB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6B50 Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4de90bb4f09d1870da7a0a5fbb1b59ff47a33299d8b6d9fc9d99531eda2cf675
                                                                      • Instruction ID: 5e76e46dd65920a0fc3d3a6c7b32f0b1cc3fd79c924337b12019a3c748759cd6
                                                                      • Opcode Fuzzy Hash: 4de90bb4f09d1870da7a0a5fbb1b59ff47a33299d8b6d9fc9d99531eda2cf675
                                                                      • Instruction Fuzzy Hash: 6721D0B5D00249DFCB20DF9AD884ADEBFF4FB48320F10842AE959A7211C375A954CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B4D5C3 Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685197350.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b4d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                      • Instruction ID: fd83f3477bd17e9894d850ea06fb37c0399606f30a666eabc94b10c078e98788
                                                                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                      • Instruction Fuzzy Hash: 7711B176504240CFCB16CF14D5C4B16BFB2FB94314F24C6A9D8490B256C336D95ADBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB5FDA Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4ed03498d9ab82148e61f99bc42756ab448f6581e01fb946ad7b7e0000c24a07
                                                                      • Instruction ID: 420f123b103d9cb4d95f9a7a4c98f120a82c9a70303aa64b5cf8e8b93f28b258
                                                                      • Opcode Fuzzy Hash: 4ed03498d9ab82148e61f99bc42756ab448f6581e01fb946ad7b7e0000c24a07
                                                                      • Instruction Fuzzy Hash: 9901B132B04204AFD304CB6ED884AABBBF9EFC9674B15806AF408CB350CA308C01C7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B5D2EB Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685296209.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b5d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                      • Instruction ID: 5dc6b70a77b045cac598093537eab135e80c531d76b484e9d97c0751b2758c16
                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                      • Instruction Fuzzy Hash: 6011BB75504280CFDB11CF14D5C4B15BFA2FB84314F24C6EADC494B256C33AD80ACB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBC208 Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fcecbff47ba2fa8404ad61bddbade1777163bd159db6442c3c5394f6efae2240
                                                                      • Instruction ID: 4b833f4f3314dc773e283d28b539cc747e1c589cf59898874df35d464c69f9a8
                                                                      • Opcode Fuzzy Hash: fcecbff47ba2fa8404ad61bddbade1777163bd159db6442c3c5394f6efae2240
                                                                      • Instruction Fuzzy Hash: E911D2B1D006188BEB58CFABD8457DEFEF6AFC8300F04D06AD408B62A4DB7509458FA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD000 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ac174bf6591373de01777f4bb83f29d3e9263ab32f31c3d49006900cf3b0b0f9
                                                                      • Instruction ID: 93241a1500cecb7a1ec47be92165032af4595b2ba46664156200c4a0fe143f76
                                                                      • Opcode Fuzzy Hash: ac174bf6591373de01777f4bb83f29d3e9263ab32f31c3d49006900cf3b0b0f9
                                                                      • Instruction Fuzzy Hash: 8B01473090E145CFD341CB16C5809F9BFB99F8A344B04B191E4198B15BC7365A0BCBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD078 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c3f09d14b2309a47a1ea692ba69eac5f2c9f5a5f04f6d69ab1eb45c663858da
                                                                      • Instruction ID: f0115748239e5e25d8dfbe702b0cc6a61ba5cacf86b818d8013a0ee0b3cbdaad
                                                                      • Opcode Fuzzy Hash: 9c3f09d14b2309a47a1ea692ba69eac5f2c9f5a5f04f6d69ab1eb45c663858da
                                                                      • Instruction Fuzzy Hash: 6501DE35A08148DFC740CBA9C9859E9BFF6AF8A300B14A1C0E4098B2A6C7319E02DB42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBDA8 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a6c960bab5da6fbe99398c835cb4ebaa911f9e99b0e9b0ce684b4df86f74639
                                                                      • Instruction ID: 7565c1e42f995e401beb2862154940d0e31cef0b96f46446547c1c53ca2cbc9d
                                                                      • Opcode Fuzzy Hash: 9a6c960bab5da6fbe99398c835cb4ebaa911f9e99b0e9b0ce684b4df86f74639
                                                                      • Instruction Fuzzy Hash: 8011B774E09208DFDB84DFAAD5819EDBBFAFF48310F11A5959418A7316DB70AA41CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBCC38 Relevance: .0, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e470d505e3bc23538deda475e702ffc75791d3708d230a65fcda041e6bf14500
                                                                      • Instruction ID: 20ad72db4a5df7b21d2d20f167b5d4a35e3089ea84d675c2cf37c4ae285e9cbb
                                                                      • Opcode Fuzzy Hash: e470d505e3bc23538deda475e702ffc75791d3708d230a65fcda041e6bf14500
                                                                      • Instruction Fuzzy Hash: 6D11F775E042089FDB48CFAAD4449EEBFBAAF8D311F04E069E419A7351DB319981CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBAE08 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0bc06eaf077abc0aa0dfb945c3534d23924de6abad03299981184e63a915c08b
                                                                      • Instruction ID: 65e6f26c99b61d6a2a2f76aaf39336c0c475d8f19bacfd83b699cd851ca9898d
                                                                      • Opcode Fuzzy Hash: 0bc06eaf077abc0aa0dfb945c3534d23924de6abad03299981184e63a915c08b
                                                                      • Instruction Fuzzy Hash: 5011E274D0921CCFEB91CFA6E994BDCBBB5FB09305F5061A9E00AA2288D77549C4CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBDF21 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6465e3d5dda1f5376bf2a018c924e80badfafdc0b830df9dc09aae1c9dee9a11
                                                                      • Instruction ID: 754c290b9be44e26530e5c25c265923bfdfb26fee8d47fca722352246317c8b4
                                                                      • Opcode Fuzzy Hash: 6465e3d5dda1f5376bf2a018c924e80badfafdc0b830df9dc09aae1c9dee9a11
                                                                      • Instruction Fuzzy Hash: B1113974D09249AFCB80DFA8D8459EEBFF5BF49300F14819AE854E7381D7349A40CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B4D92D Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685197350.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b4d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9cc3141915da1958ed3cc7799a340845af78c170a21c222909756f96a75b89d4
                                                                      • Instruction ID: b64bf1e7753af505a81ca296cbfeae72ffd6b84993931760ebcb9a4a77879433
                                                                      • Opcode Fuzzy Hash: 9cc3141915da1958ed3cc7799a340845af78c170a21c222909756f96a75b89d4
                                                                      • Instruction Fuzzy Hash: 9601D671108340DAE7108F2ACDC476BFFE8EF51324F18C8AAED598A286C679DD40E671
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB39FA Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1415e0cd3dbd6d9d819c3def20214c49778f22dc293bcb0f9f19829f395d9ba3
                                                                      • Instruction ID: 25966d5bf3d2aa38b90182eafb5663807d3389fb5f2be76aa640e1382783e4c6
                                                                      • Opcode Fuzzy Hash: 1415e0cd3dbd6d9d819c3def20214c49778f22dc293bcb0f9f19829f395d9ba3
                                                                      • Instruction Fuzzy Hash: 9701F66246E7E05ED7436B7849744C13FB09E53100B0B50D3C0D0CE0F3E4488A4DD7AA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE692 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10fe8b205df8bca7454d9cd4562c7204a06d685cd946f1220cdcad3e9b2c7ebc
                                                                      • Instruction ID: e888a87346bfefcbc73e6706a65dde46100b65efd31fa6916e16180983e5a188
                                                                      • Opcode Fuzzy Hash: 10fe8b205df8bca7454d9cd4562c7204a06d685cd946f1220cdcad3e9b2c7ebc
                                                                      • Instruction Fuzzy Hash: 2101F7B9918204DFD751DBB5E4047E87FBABB4A300F00A121A006D735ADB7096498FD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE6E9 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd9566ac01d20144108a266a2ebc07093b28f88439531003bd8bfa7ff671a2d4
                                                                      • Instruction ID: 762a8af38df4204b4e60b8a6665af80a193f3eb4dc8c06825da1783165da2476
                                                                      • Opcode Fuzzy Hash: fd9566ac01d20144108a266a2ebc07093b28f88439531003bd8bfa7ff671a2d4
                                                                      • Instruction Fuzzy Hash: 36113674A05258CFDB50DF68E484AE97FF6FB09300F14A1A9E80987351CB70A881CF42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD088 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0df6c873a36f181a9f42af6e31e50034f4470fff16efbf454b0061e0a4e4f620
                                                                      • Instruction ID: dd478b3f1bf20b8b4a3ca124b95c4099d1e372de72b3fd7a44e170ab036ae512
                                                                      • Opcode Fuzzy Hash: 0df6c873a36f181a9f42af6e31e50034f4470fff16efbf454b0061e0a4e4f620
                                                                      • Instruction Fuzzy Hash: 63014B35A08108DFD744DFA9C585AADBFF9AF48300F25E094A4099B365CB31DE41DB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB5F3C Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 55db2894780cfaed1042240679a77a3b4c31c960e8a79111321099bc58a114ef
                                                                      • Instruction ID: 1b681c2f50fdd4016d0c3f421af2d0f42800bca4a5433d127bfffdd3cd44f557
                                                                      • Opcode Fuzzy Hash: 55db2894780cfaed1042240679a77a3b4c31c960e8a79111321099bc58a114ef
                                                                      • Instruction Fuzzy Hash: EE010871D00219EFEB51CFAAC8483EEBAF5FF48750F148565E424AB2A0D7788A41CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBB421 Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 49f78c0e749ab02a3b0222447819263390702226cc09b827f0c33e793236410c
                                                                      • Instruction ID: f6b640dd4e72f4d9c7b91beec155a1c91d1d1f20d98ce3daf617856c51cbddb6
                                                                      • Opcode Fuzzy Hash: 49f78c0e749ab02a3b0222447819263390702226cc09b827f0c33e793236410c
                                                                      • Instruction Fuzzy Hash: 1A011A74E05208CFEB04DFA5D9856EDBFF6FF49301F24A029E406AB245EB348A40CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB161A Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a73a641440e38d06ee0bcc3c355b7b46535a8d13410956ae8bab6e82a9d64e64
                                                                      • Instruction ID: 872ca44edd1e8f351009924fe5536049f11c7247c655108feef837917388169e
                                                                      • Opcode Fuzzy Hash: a73a641440e38d06ee0bcc3c355b7b46535a8d13410956ae8bab6e82a9d64e64
                                                                      • Instruction Fuzzy Hash: E701D675E00208AFDB04DFA9C985A9DBFF5EF88700F05C198A448AB3A1DB319A40CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD010 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 372cf42f5936ce8c44b0e783bef3485f61ff66db6817ae6c47f5eb4200a7ed7e
                                                                      • Instruction ID: 58d5883a33f6294fcfd10f6434a312abd039843788a335cc74f48375b80b36d8
                                                                      • Opcode Fuzzy Hash: 372cf42f5936ce8c44b0e783bef3485f61ff66db6817ae6c47f5eb4200a7ed7e
                                                                      • Instruction Fuzzy Hash: CFF03C71909108DFD744DB67D5809EDBFB8AF89380F00B1A5D4095B219D7319A46DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBE31 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e811ae41da3ea5b886bf3c14dce6ea2683a00faba8403adcc445cfbdc80f8d81
                                                                      • Instruction ID: 0908b3d342901f0b2c1d874185b01b00f2a27d1bd0cfef91b141cdb98a7103fe
                                                                      • Opcode Fuzzy Hash: e811ae41da3ea5b886bf3c14dce6ea2683a00faba8403adcc445cfbdc80f8d81
                                                                      • Instruction Fuzzy Hash: 8BF06D70D0A308EFDB45CF75D8048EDBFB8EB4A201F0091E9E84593262D7315A50DF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD208 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 17331b6ee7df74187676e2fcd4896f04681195306cf6b980799e337073e67112
                                                                      • Instruction ID: e7a3d7c4925c7958e9b90600eaa5563e18e4ce6604a5d60eda56e4bc2e145d3e
                                                                      • Opcode Fuzzy Hash: 17331b6ee7df74187676e2fcd4896f04681195306cf6b980799e337073e67112
                                                                      • Instruction Fuzzy Hash: 63F04F70D0424AAFDB90DFA9D845AEFBFF5AF48200F008969E504E7241E774D6408FE2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBDF30 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ef9d776e01e94807639b59dc6dca6bef1a106a44e0263aadfa68aef9b35508f
                                                                      • Instruction ID: 61fff15587bd4b98a31ba491092366192b8fe450ef8f05c2577bb809bbb19721
                                                                      • Opcode Fuzzy Hash: 0ef9d776e01e94807639b59dc6dca6bef1a106a44e0263aadfa68aef9b35508f
                                                                      • Instruction Fuzzy Hash: 4D01D774D042499FCB40DFA9D4419AEBFF5BF08301F108196E854E3241D6349A80DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE6A0 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec28ed5432f907b13b7b2cfbd21b3f55b93ab73377e27e113b7043ad8193bb42
                                                                      • Instruction ID: 9b60ac958f3d7ad2767655072b4be8af0bf5a73035f48759dd3c118b26210be5
                                                                      • Opcode Fuzzy Hash: ec28ed5432f907b13b7b2cfbd21b3f55b93ab73377e27e113b7043ad8193bb42
                                                                      • Instruction Fuzzy Hash: 00F081799042089FEB44EBB9D4446EDBFBEBB8A340F00A5249006A6358DB7095458F92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00B4D92C Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1685197350.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_b4d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 641809e3312e0461b0f3c70ce7b5e055da6cd0d25ac609df6e0079036d14eb93
                                                                      • Instruction ID: 2ef0186e72087b2b38c88537e08fc72845dacdaf5d0776efcc96cafda3e2042d
                                                                      • Opcode Fuzzy Hash: 641809e3312e0461b0f3c70ce7b5e055da6cd0d25ac609df6e0079036d14eb93
                                                                      • Instruction Fuzzy Hash: A5F06271504344AAE7108E16C8C4B66FFE8EB51724F18C89AED484A286C2799C44DA71
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBEC24 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 57bc03797fe8adba3934664e0bab3e91b4ad9c90ef29ae64450b9dd4a6ea4973
                                                                      • Instruction ID: a44eac243e9e292b03a578e6e0a1b92ae31191c76df6e543f4fa7331ba49e9e5
                                                                      • Opcode Fuzzy Hash: 57bc03797fe8adba3934664e0bab3e91b4ad9c90ef29ae64450b9dd4a6ea4973
                                                                      • Instruction Fuzzy Hash: 28014874A04308CFDB50EF64E545AE97BF6BB49340F10A2A5E80987315DB70A984CF42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB1628 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35120bffdbdcd602d84fdb5ea5b8dc93b9a42be19d6852875c59c6322e27b265
                                                                      • Instruction ID: e0a440d111621f30d9bb7f0134f2a616548be6b2b23c900688c87bf14d071128
                                                                      • Opcode Fuzzy Hash: 35120bffdbdcd602d84fdb5ea5b8dc93b9a42be19d6852875c59c6322e27b265
                                                                      • Instruction Fuzzy Hash: 0801AF74E01208AFDB44DFA9C589A9DFFF2AF88310F05C0A9A8089B365DB319A40DF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBC470 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 784904dde69b386e0aa7f2b4e773bead563339ea45c815fe221f1e080e325d65
                                                                      • Instruction ID: e712f125d7e5b54553aa6332197e2702381d9e7efaea746fbc0eced514ded218
                                                                      • Opcode Fuzzy Hash: 784904dde69b386e0aa7f2b4e773bead563339ea45c815fe221f1e080e325d65
                                                                      • Instruction Fuzzy Hash: 4E117E78D04269CFDB61CF69C981A9CBFF1BB09201F5091DAE859A3351EB31AD85DF10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB7431 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbbe6f16e501d2d4b6ad367715906719f1af38f18a9710f9fcae5cfa0e3d8e80
                                                                      • Instruction ID: 51fa4ee6634d85cdfff35e3251185e39e52197b4d109a7b1b62affb05b71c352
                                                                      • Opcode Fuzzy Hash: dbbe6f16e501d2d4b6ad367715906719f1af38f18a9710f9fcae5cfa0e3d8e80
                                                                      • Instruction Fuzzy Hash: 9BF0FE72A00108BFDF84DB59DC51ADEBBFAEB44254F14C169E409D7261E632E9508794
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB5F48 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61f0d4d5500205c599290e1d3b6f5dd7a3572ba8466764b8077d56b00a3210ab
                                                                      • Instruction ID: 6e7cd839185d72123e652d6858b208700c79d7bc9ffacb165b701934ca4512e1
                                                                      • Opcode Fuzzy Hash: 61f0d4d5500205c599290e1d3b6f5dd7a3572ba8466764b8077d56b00a3210ab
                                                                      • Instruction Fuzzy Hash: 1301A871C00219DFDB54DFAAC4447EEBAF5AF48360F149625E824AA2A0D7784A45CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB5FE8 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0dd52c810c2e897138734543def97e6922a9ee7aeecf733fb748d24c9b01a8ac
                                                                      • Instruction ID: cd47c6d23e0b7adab245de9ebafc4e74f4efa184f014a03d0fc0e956b05b29f8
                                                                      • Opcode Fuzzy Hash: 0dd52c810c2e897138734543def97e6922a9ee7aeecf733fb748d24c9b01a8ac
                                                                      • Instruction Fuzzy Hash: 28E039727041286F93049A6ED884C6BBBEEEBCC664315807AF508C7310DA319D0086A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE917 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6a0f59e131c7880c34168cc89403227f6c6e427c2a5f8aa0bfa2eab1b3717cf3
                                                                      • Instruction ID: f7b7a9fac705bf39958fda7c9ab9625021064aa31efe2e36cf720356b2dd6fa8
                                                                      • Opcode Fuzzy Hash: 6a0f59e131c7880c34168cc89403227f6c6e427c2a5f8aa0bfa2eab1b3717cf3
                                                                      • Instruction Fuzzy Hash: 3101FB74915308CFDB40EF69E1899EABFF5FF48340B15A469E40A9B355DB30D980CB84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD218 Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5af763a2c21ad914a8bd1c31e46685dcd1aab75ab5f9b71be7ca5d1bc7ca28f8
                                                                      • Instruction ID: 223ffbbeadd34182298d64be28e8a2e75a5a9cd3c0e47d8135d04d8aa54deafe
                                                                      • Opcode Fuzzy Hash: 5af763a2c21ad914a8bd1c31e46685dcd1aab75ab5f9b71be7ca5d1bc7ca28f8
                                                                      • Instruction Fuzzy Hash: 8FF0DAB0D0420A9FDB84DFA9D841ABEBBF5AF48204F1085A9D918E7340D775D5418BD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBBE40 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 74b426c07c01ed2a107f63096e62196ca019e2b0c67a71894257959c319de73f
                                                                      • Instruction ID: af9042d5b283df54d6b80d03739075ed0e0aa90012debf24f2c768db3c9c2722
                                                                      • Opcode Fuzzy Hash: 74b426c07c01ed2a107f63096e62196ca019e2b0c67a71894257959c319de73f
                                                                      • Instruction Fuzzy Hash: 5EF01C74D09208EFDB40DFA5D4055ACBFB4FB09301F0090A9E81993360DB315A90DF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBCCE1 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7e1b12f31142f9bf33199229eff71f966982b6cc0c1ba8d9cd289c22cad705c1
                                                                      • Instruction ID: 63a712633150193e1588c8686e3ac3840c1f1ee8d8ca592f264922b2946f25b9
                                                                      • Opcode Fuzzy Hash: 7e1b12f31142f9bf33199229eff71f966982b6cc0c1ba8d9cd289c22cad705c1
                                                                      • Instruction Fuzzy Hash: 7BF0ED72619204CFC3469FA4E0164EC7F35EF8E322B043065E10A9B382CB329981CF20
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBCDB9 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5171937f601349c9c958c21d7f5849e029d9f5cc18a0fbae264f9928b86996fc
                                                                      • Instruction ID: 98ecdb4e154384177553609cbac94e78beed5a62ca5443723255fc266e4ad33d
                                                                      • Opcode Fuzzy Hash: 5171937f601349c9c958c21d7f5849e029d9f5cc18a0fbae264f9928b86996fc
                                                                      • Instruction Fuzzy Hash: 7EF0D435A08208DFD745CFA9D0908EDBFB6EF4E321B14A094E409AB261C735E885CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE621 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 564a93eb7f6bb087d537d3642fdf952e1116af97d9ff65c49aff6f73caac8b1b
                                                                      • Instruction ID: 13dbef887dbf8332ac3f956afac2aa0e0405a99dd7bda0e91f671c6199ceabf4
                                                                      • Opcode Fuzzy Hash: 564a93eb7f6bb087d537d3642fdf952e1116af97d9ff65c49aff6f73caac8b1b
                                                                      • Instruction Fuzzy Hash: 46E0C23081A348AFC786CB71A8146DA3FB9CB03211F1510DAE050CA291DB765B44CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBA8A8 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ed699f76b933708fa5c626dc439685be17ba2fa7b3ace28d7beb2d57c036c2a6
                                                                      • Instruction ID: f2f8814fd51a6a2bfd775081b7d54129431f820232820557022d6d908e5fc270
                                                                      • Opcode Fuzzy Hash: ed699f76b933708fa5c626dc439685be17ba2fa7b3ace28d7beb2d57c036c2a6
                                                                      • Instruction Fuzzy Hash: AED05E3005A6485FE3461371AC0D2A67FA8DB47102F450092F84985492AFB55A85CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB0CF7 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 49c14079e2f8c621a40063d2fba94944aa785e06aa8990e3d2fd208d9707d9b7
                                                                      • Instruction ID: a488f6b12d0d051d562afa6584482b741a91678ceaf6a3560940a7c1f567a7e9
                                                                      • Opcode Fuzzy Hash: 49c14079e2f8c621a40063d2fba94944aa785e06aa8990e3d2fd208d9707d9b7
                                                                      • Instruction Fuzzy Hash: 5EE06D38A152188FDB50CF48D58088DBBB1FF48350F15E090E405AB229CB30FD80CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB063C Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8e52814bb1bc8591f14fdf26517ea7f088845c0bc985a936ecf27bdebf62ea52
                                                                      • Instruction ID: 8358ae526b6cadc40a654da9ceec88c68251c8e33099c698da7d4b5a3e341df2
                                                                      • Opcode Fuzzy Hash: 8e52814bb1bc8591f14fdf26517ea7f088845c0bc985a936ecf27bdebf62ea52
                                                                      • Instruction Fuzzy Hash: C5E04671626344DFC758CFA1C08189ABF72FF49381B202199E402AA6B4CB36D882CE54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD1C0 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 214094e7418ddee45bf0d5d4f447244666b1dd70e7e00903f1413535ba7200ee
                                                                      • Instruction ID: 4b788e699352650b4ef0ad97ccc429c56bd180cb5e60e566a28e8597016bef9f
                                                                      • Opcode Fuzzy Hash: 214094e7418ddee45bf0d5d4f447244666b1dd70e7e00903f1413535ba7200ee
                                                                      • Instruction Fuzzy Hash: F2E0B6B1D44209DFE780EFBAC905A9EBBF0BF08200F1585A9D019E7211EBB496048F91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBC88A Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97379ad0f00a51d319445765d8b491e525803161dec3c295ac09f6cf77503e9c
                                                                      • Instruction ID: 0ebcd97a4d5348aacaddec6d6717273f717a529a49980ed8ebf13f6657c89a3b
                                                                      • Opcode Fuzzy Hash: 97379ad0f00a51d319445765d8b491e525803161dec3c295ac09f6cf77503e9c
                                                                      • Instruction Fuzzy Hash: 7AE0C237604108CFD750DB40E4409E8BB39FF4A212F009092E10E93251CB329884CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBCD4A Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4352709ba06f8ebafc578220ece87d12a58678f2640d2951a0be044748de7ff
                                                                      • Instruction ID: 7576f364ce13d8c5361eb678e3b29fcd718e7cf4cef8556affada9e01ab73a46
                                                                      • Opcode Fuzzy Hash: f4352709ba06f8ebafc578220ece87d12a58678f2640d2951a0be044748de7ff
                                                                      • Instruction Fuzzy Hash: E0E0C2B5508204DFE7858F92C0094BE3F79EF9A302750A1D0F51A9E212CB31C442CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB05C4 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a354d1467818e23bc311c57df82cb8673aca49f96e4abfd7bbdc03939c92650
                                                                      • Instruction ID: 34d1e7bd706b04f169b0425ba626692158d94dcffd8a5b2aa9408e0009149308
                                                                      • Opcode Fuzzy Hash: 7a354d1467818e23bc311c57df82cb8673aca49f96e4abfd7bbdc03939c92650
                                                                      • Instruction Fuzzy Hash: 70E08C70522314DFCB54DFA1C485589BF70FF44381B1020A5E8169F2A8CB368982CF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBE630 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b8c4fcfa7f80b28325f237f6936efb22e2fab17c3fd87b2a6c1466ce5b718f4
                                                                      • Instruction ID: 711603d04e83b71a690a9bfa9854140dc1bf9458148496748a3ea624d6134d63
                                                                      • Opcode Fuzzy Hash: 9b8c4fcfa7f80b28325f237f6936efb22e2fab17c3fd87b2a6c1466ce5b718f4
                                                                      • Instruction Fuzzy Hash: 29D0A93081220CDBC788DAB6E8016997B39DB02244F0020ACE40402280CB334A80CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBD2B8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8c30fe55e589d74c79b15c9cbbedcf2d6f48396cdee27f891e0b600b4f1e989
                                                                      • Instruction ID: a9a26135780f81cadce461be8294f20078f456c4edc9b94712a30276ced09e68
                                                                      • Opcode Fuzzy Hash: f8c30fe55e589d74c79b15c9cbbedcf2d6f48396cdee27f891e0b600b4f1e989
                                                                      • Instruction Fuzzy Hash: 00D012361141085F5B81EE96EC40C967BDCBB18740744C432F604C7420E621E424D751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBA8B8 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 638e39511b5dc53db742fe1f807e5cdd839ecd37a55a73294915f7ac8db21935
                                                                      • Instruction ID: 71ed5561c69e182fa41eb76d4b5f6c1cfbf6301e9f5f301df22c8dcda013399c
                                                                      • Opcode Fuzzy Hash: 638e39511b5dc53db742fe1f807e5cdd839ecd37a55a73294915f7ac8db21935
                                                                      • Instruction Fuzzy Hash: 75C02B3004560C87D25537F5F40E3687F689F05312F045010F90D40890CFB281C0CFD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6B04 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8ce132c6840be0350ec140decabc9e5125ebd11d165d601dfd175fb2b6ae946b
                                                                      • Instruction ID: 06d9529f3696c6f56447286e5eb9d251fe5e7a2544c0cde0990fdad4c00b220c
                                                                      • Opcode Fuzzy Hash: 8ce132c6840be0350ec140decabc9e5125ebd11d165d601dfd175fb2b6ae946b
                                                                      • Instruction Fuzzy Hash: A2B0122A1D4541F7598033694E9086AED20FBF1701B70FC253306A0054C532C464D277
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 06FBEEF0 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: WkN
                                                                      • API String ID: 0-3468331921
                                                                      • Opcode ID: ab4dcadfd6f6c3c9d2b52aee5e60195aff6bb193f84fc97738c8577cf6eca590
                                                                      • Instruction ID: 676564ab08bceb2e9bdc1a44d7d8f3ff0ce9b0eb2b9c6d5a5a80612875cd9d3e
                                                                      • Opcode Fuzzy Hash: ab4dcadfd6f6c3c9d2b52aee5e60195aff6bb193f84fc97738c8577cf6eca590
                                                                      • Instruction Fuzzy Hash: 70E10D74E052198FCB14DFA9C9809AEFBF2BF49304F249169D814AB35AD731AD41CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBF338 Relevance: .3, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af65f22f99e209eb8beda2fed6e01b10626757b6d2c1244c727d381743112228
                                                                      • Instruction ID: a83f3b99782b0e6abe81d2c26462c08b951cea855b929c788abcd337f772a0bf
                                                                      • Opcode Fuzzy Hash: af65f22f99e209eb8beda2fed6e01b10626757b6d2c1244c727d381743112228
                                                                      • Instruction Fuzzy Hash: 95E10CB4E052198FCB14DFA9C9909AEFBF2FF49304F249169D814AB359D730A941CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB654F Relevance: .3, Instructions: 272COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0eb6adb330bc85e5f5cd5a882569cc9090418fa69ccd177a722df39367ce4973
                                                                      • Instruction ID: 994fca318bba66555e6099388a0cb339a1e9fe1f26fb124603ebc8cff77c102d
                                                                      • Opcode Fuzzy Hash: 0eb6adb330bc85e5f5cd5a882569cc9090418fa69ccd177a722df39367ce4973
                                                                      • Instruction Fuzzy Hash: 4DD1E83182075ACADB11EB64D994B9DF7B1FF95300F1097AAE0093B215EB70AAC5CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB6560 Relevance: .3, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a9f631a151809595c37cc434083ec9ba09cf87d3ea966d5ee422acda9fdf318
                                                                      • Instruction ID: d0d23b0cdf24367d915f29599ab46716d5aa74a06bdf177619e58a9ba52153e2
                                                                      • Opcode Fuzzy Hash: 0a9f631a151809595c37cc434083ec9ba09cf87d3ea966d5ee422acda9fdf318
                                                                      • Instruction Fuzzy Hash: 8BD1E631C2075ACADB11EB64D994A9DF7B1FF95300F1097AAE0093B215EB70AAC5CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB1DE0 Relevance: .2, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ae2894ed7e9b91fd0b67a7c780071eee66e18057f612238a00ad482590687660
                                                                      • Instruction ID: 65bc9029b19031f360ecf24b9bcf6e2383e1eb6d75895b8aff3b5b08a627913f
                                                                      • Opcode Fuzzy Hash: ae2894ed7e9b91fd0b67a7c780071eee66e18057f612238a00ad482590687660
                                                                      • Instruction Fuzzy Hash: 4A81C274E10219CFCB44CF9AD59499EFBF2FF88250F14A55AD415AB720D334AA42CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB1DD0 Relevance: .2, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f1a1c6de25eaba3cdc516c6a161f74424a76fa8e114b4bd14055725ad1424b2c
                                                                      • Instruction ID: 2c6932c80e7c0cc70296b1166fe1fb708d5b56f82a7559ba64f9cd9525750796
                                                                      • Opcode Fuzzy Hash: f1a1c6de25eaba3cdc516c6a161f74424a76fa8e114b4bd14055725ad1424b2c
                                                                      • Instruction Fuzzy Hash: 9E81D475E11219CFCB44CFAAD59499EFBF2FF88210F14A56AD415AB720D330AA42CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3240 Relevance: .2, Instructions: 157COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd0cc0ee4a11f6db84926e96ea06de406a78e71eacbb7fad064effcbdd02d2ca
                                                                      • Instruction ID: 3fbfedccfaa28b9bc0df92f9c7d5ed5361dd8370d093f3d0501ca61bd2c264fa
                                                                      • Opcode Fuzzy Hash: cd0cc0ee4a11f6db84926e96ea06de406a78e71eacbb7fad064effcbdd02d2ca
                                                                      • Instruction Fuzzy Hash: B4612776955A0AEFE780CF96E5C529DBFB1FB88310F20E48DC085871C9DB7182A1CB49
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB2C98 Relevance: .2, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d25854b4a2e509a1f5c76f5db33514134263fc2862991a8d5b047fc37d44e0f0
                                                                      • Instruction ID: c686771740c0d3d9e53f44caf8127ce3c3cd19a49ab3cd7b6ae9fc273cc21ad3
                                                                      • Opcode Fuzzy Hash: d25854b4a2e509a1f5c76f5db33514134263fc2862991a8d5b047fc37d44e0f0
                                                                      • Instruction Fuzzy Hash: 346105B1E0420ADFDB44DFAAD9815EEFBB2BF49310F14941AD425B7240D734AA41CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB2C88 Relevance: .2, Instructions: 151COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ac7b983fd57b555068ddcb94f8957437d9f4a41305a3ef6874e54acb5582d939
                                                                      • Instruction ID: 6060e5770798ef96c53df06422a05f05553392487e38c9a59f520beca7d0ef03
                                                                      • Opcode Fuzzy Hash: ac7b983fd57b555068ddcb94f8957437d9f4a41305a3ef6874e54acb5582d939
                                                                      • Instruction Fuzzy Hash: 115117B1E0420A9FDB44DFAAD9815EEFBB2FF88310F14D46AD415A7240D734AA42CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB326C Relevance: .1, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 87dfb265f0ee95b278ab9663bbe17e1327a8eac7098473bd875445a4a7e2e7d2
                                                                      • Instruction ID: 4181049c439497c5309a97be883b808d0f9ed0829d70e43263f98902d278c277
                                                                      • Opcode Fuzzy Hash: 87dfb265f0ee95b278ab9663bbe17e1327a8eac7098473bd875445a4a7e2e7d2
                                                                      • Instruction Fuzzy Hash: 9251297656160AEFE784CF96E5C529CBFB2FB88300B20E48DC085971C8DF7182A0CB49
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FBF328 Relevance: .1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b949e33c28875e03042dd3912e5a9ef2a89c6f2c0fc8991cd4d4553038d3c4c
                                                                      • Instruction ID: 247a6b8d19ee8d06c6146ac516f7170927e3af11e67fb394697a878bfce84d82
                                                                      • Opcode Fuzzy Hash: 2b949e33c28875e03042dd3912e5a9ef2a89c6f2c0fc8991cd4d4553038d3c4c
                                                                      • Instruction Fuzzy Hash: B8514D74E052198FDB14DFAAC9409EEFBF2BF89304F24916AD418A7316DB319941CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB3008 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc143150a9a8c65f62603a26bc5e8edf0391b81bf6159f58fe5071628b6d5a4c
                                                                      • Instruction ID: d8a623472fb7e4160675dec6f755c0adbac2f40026c39795b7ee144a800f66d8
                                                                      • Opcode Fuzzy Hash: dc143150a9a8c65f62603a26bc5e8edf0391b81bf6159f58fe5071628b6d5a4c
                                                                      • Instruction Fuzzy Hash: B941F7B1D0121ADFDB48CFAAC8815EEFBF6BF88340F14E12AC415A7244D7349A418F94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB2FF8 Relevance: .1, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e7876a31ebe66a126dc0ecaa8eb15083c3fddb2697e7d49ac8ebae6f44dacecd
                                                                      • Instruction ID: 8ade8d8ccbfc72736e4b229d8d863104bfcca4364e11922d1d6ab2786e2f8d7e
                                                                      • Opcode Fuzzy Hash: e7876a31ebe66a126dc0ecaa8eb15083c3fddb2697e7d49ac8ebae6f44dacecd
                                                                      • Instruction Fuzzy Hash: 7D4117B1E0560A9FDB48CFAAC8405EEFBB2BF89340F14E06AD415A7255D7349A41CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06FB8360 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1690196764.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6fb0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: T+-q$[V~*$[V~*$]\`
                                                                      • API String ID: 0-1849991408
                                                                      • Opcode ID: 97fd2be0b9281eebe3498596fbf37fd17e9974ad897809dd1bde0cc2699765c7
                                                                      • Instruction ID: e11d557036f76717e43e564c8f53413f30f62a6e98678c3ec15d1844e844b1a5
                                                                      • Opcode Fuzzy Hash: 97fd2be0b9281eebe3498596fbf37fd17e9974ad897809dd1bde0cc2699765c7
                                                                      • Instruction Fuzzy Hash: 1041B576D05526CFCB80DBAAC8512FDBBF9FB89290F089126E475E7280D339D9418BD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:11.1%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:175
                                                                      Total number of Limit Nodes:18
                                                                      execution_graph 37499 10e0848 37501 10e084e 37499->37501 37500 10e091b 37501->37500 37505 10e1382 37501->37505 37509 6ac1cf0 37501->37509 37513 6ac1d00 37501->37513 37507 10e1396 37505->37507 37506 10e1484 37506->37501 37507->37506 37517 10e7eb0 37507->37517 37510 6ac1d0f 37509->37510 37530 6ac14d4 37510->37530 37514 6ac1d0f 37513->37514 37515 6ac14d4 4 API calls 37514->37515 37516 6ac1d30 37515->37516 37516->37501 37518 10e7eba 37517->37518 37519 10e7ed4 37518->37519 37522 6adf9e8 37518->37522 37526 6adf9f8 37518->37526 37519->37507 37523 6adfa0d 37522->37523 37524 6adfc1e 37523->37524 37525 6adfc39 GlobalMemoryStatusEx 37523->37525 37524->37519 37525->37523 37528 6adfa0d 37526->37528 37527 6adfc1e 37527->37519 37528->37527 37529 6adfc39 GlobalMemoryStatusEx 37528->37529 37529->37528 37531 6ac14df 37530->37531 37534 6ac2c34 37531->37534 37533 6ac36b6 37533->37533 37535 6ac2c3f 37534->37535 37536 6ac3ddc 37535->37536 37539 6ac5a5e 37535->37539 37543 6ac5a60 37535->37543 37536->37533 37540 6ac5a81 37539->37540 37541 6ac5aa5 37540->37541 37547 6ac5c10 37540->37547 37541->37536 37545 6ac5a81 37543->37545 37544 6ac5aa5 37544->37536 37545->37544 37546 6ac5c10 4 API calls 37545->37546 37546->37544 37548 6ac5c1d 37547->37548 37549 6ac5c56 37548->37549 37551 6ac495c 37548->37551 37549->37541 37552 6ac4967 37551->37552 37554 6ac5cc8 37552->37554 37555 6ac4990 37552->37555 37554->37554 37556 6ac499b 37555->37556 37562 6ac49a0 37556->37562 37558 6ac5d37 37566 6acaf60 37558->37566 37575 6acaf48 37558->37575 37559 6ac5d71 37559->37554 37563 6ac49ab 37562->37563 37564 6ac6ed8 37563->37564 37565 6ac5a60 4 API calls 37563->37565 37564->37558 37565->37564 37568 6acaf91 37566->37568 37569 6acb091 37566->37569 37567 6acaf9d 37567->37559 37568->37567 37583 6acb1d8 37568->37583 37587 6acb1d6 37568->37587 37569->37559 37570 6acafdd 37591 6acc4d8 37570->37591 37600 6acc4c9 37570->37600 37577 6acaf61 37575->37577 37576 6acaf9d 37576->37559 37577->37576 37581 6acb1d8 3 API calls 37577->37581 37582 6acb1d6 3 API calls 37577->37582 37578 6acafdd 37579 6acc4d8 2 API calls 37578->37579 37580 6acc4c9 2 API calls 37578->37580 37579->37576 37580->37576 37581->37578 37582->37578 37609 6acb228 37583->37609 37618 6acb218 37583->37618 37584 6acb1e2 37584->37570 37588 6acb1e2 37587->37588 37589 6acb228 2 API calls 37587->37589 37590 6acb218 2 API calls 37587->37590 37588->37570 37589->37588 37590->37588 37592 6acc503 37591->37592 37627 6acca30 37592->37627 37632 6acca40 37592->37632 37593 6acc586 37594 6acc5b2 37593->37594 37595 6aca17c GetModuleHandleW 37593->37595 37594->37594 37596 6acc5f6 37595->37596 37599 6acd7c5 CreateWindowExW 37596->37599 37599->37594 37601 6acc4d8 37600->37601 37606 6acca30 GetModuleHandleW 37601->37606 37607 6acca40 GetModuleHandleW 37601->37607 37602 6acc586 37605 6acc5b2 37602->37605 37637 6aca17c 37602->37637 37606->37602 37607->37602 37610 6acb239 37609->37610 37613 6acb25c 37609->37613 37611 6aca17c GetModuleHandleW 37610->37611 37612 6acb244 37611->37612 37612->37613 37617 6acb4bd GetModuleHandleW 37612->37617 37613->37584 37614 6acb254 37614->37613 37615 6acb460 GetModuleHandleW 37614->37615 37616 6acb48d 37615->37616 37616->37584 37617->37614 37619 6acb214 37618->37619 37619->37618 37620 6aca17c GetModuleHandleW 37619->37620 37622 6acb25c 37619->37622 37621 6acb244 37620->37621 37621->37622 37626 6acb4bd GetModuleHandleW 37621->37626 37622->37584 37623 6acb254 37623->37622 37624 6acb460 GetModuleHandleW 37623->37624 37625 6acb48d 37624->37625 37625->37584 37626->37623 37628 6acca40 37627->37628 37629 6accaee 37628->37629 37630 6accfb8 GetModuleHandleW 37628->37630 37631 6accf87 GetModuleHandleW 37628->37631 37630->37629 37631->37629 37633 6acca6d 37632->37633 37634 6accaee 37633->37634 37635 6accfb8 GetModuleHandleW 37633->37635 37636 6accf87 GetModuleHandleW 37633->37636 37635->37634 37636->37634 37638 6acb418 GetModuleHandleW 37637->37638 37640 6acb48d 37638->37640 37641 6acd7c5 37640->37641 37642 6acd7c9 37641->37642 37643 6acd7fd CreateWindowExW 37641->37643 37642->37605 37645 6acd934 37643->37645 37646 6acb680 37647 6acb6c8 LoadLibraryExW 37646->37647 37648 6acb6c2 37646->37648 37649 6acb6f9 37647->37649 37648->37647 37713 6ac3050 DuplicateHandle 37714 6ac30e6 37713->37714 37650 109d044 37651 109d05c 37650->37651 37652 109d0b6 37651->37652 37657 6acd9c8 37651->37657 37661 6acd9b7 37651->37661 37665 6accc44 37651->37665 37674 6ace718 37651->37674 37658 6acd9ee 37657->37658 37659 6accc44 CallWindowProcW 37658->37659 37660 6acda0f 37659->37660 37660->37652 37662 6acd9c5 37661->37662 37663 6accc44 CallWindowProcW 37662->37663 37664 6acda0f 37663->37664 37664->37652 37666 6accc4f 37665->37666 37667 6ace789 37666->37667 37669 6ace779 37666->37669 37699 6accd6c 37667->37699 37683 6ace97c 37669->37683 37689 6ace8b0 37669->37689 37694 6ace8a0 37669->37694 37670 6ace787 37670->37670 37676 6ace728 37674->37676 37675 6ace789 37677 6accd6c CallWindowProcW 37675->37677 37676->37675 37678 6ace779 37676->37678 37679 6ace787 37677->37679 37680 6ace97c CallWindowProcW 37678->37680 37681 6ace8a0 CallWindowProcW 37678->37681 37682 6ace8b0 CallWindowProcW 37678->37682 37679->37679 37680->37679 37681->37679 37682->37679 37684 6ace93a 37683->37684 37685 6ace98a 37683->37685 37703 6ace968 37684->37703 37706 6ace958 37684->37706 37686 6ace950 37686->37670 37691 6ace8b2 37689->37691 37690 6ace950 37690->37670 37692 6ace968 CallWindowProcW 37691->37692 37693 6ace958 CallWindowProcW 37691->37693 37692->37690 37693->37690 37696 6ace8ae 37694->37696 37695 6ace950 37695->37670 37697 6ace968 CallWindowProcW 37696->37697 37698 6ace958 CallWindowProcW 37696->37698 37697->37695 37698->37695 37700 6accd77 37699->37700 37701 6acfe6a CallWindowProcW 37700->37701 37702 6acfe19 37700->37702 37701->37702 37702->37670 37704 6ace979 37703->37704 37710 6acfda0 37703->37710 37704->37686 37707 6ace968 37706->37707 37708 6ace979 37707->37708 37709 6acfda0 CallWindowProcW 37707->37709 37708->37686 37709->37708 37711 6accd6c CallWindowProcW 37710->37711 37712 6acfdba 37711->37712 37712->37704

                                                                      Executed Functions

                                                                      Function 06AD3028 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 655 6ad3028-6ad3049 656 6ad304b-6ad304e 655->656 657 6ad37ef-6ad37f2 656->657 658 6ad3054-6ad3073 656->658 659 6ad3818-6ad381a 657->659 660 6ad37f4-6ad3813 657->660 668 6ad308c-6ad3096 658->668 669 6ad3075-6ad3078 658->669 661 6ad381c 659->661 662 6ad3821-6ad3824 659->662 660->659 661->662 662->656 665 6ad382a-6ad3833 662->665 672 6ad309c-6ad30ab 668->672 669->668 670 6ad307a-6ad308a 669->670 670->672 781 6ad30ad call 6ad3848 672->781 782 6ad30ad call 6ad3840 672->782 674 6ad30b2-6ad30b7 675 6ad30b9-6ad30bf 674->675 676 6ad30c4-6ad33a1 674->676 675->665 697 6ad33a7-6ad3456 676->697 698 6ad37e1-6ad37ee 676->698 707 6ad347f 697->707 708 6ad3458-6ad347d 697->708 710 6ad3488-6ad349b 707->710 708->710 712 6ad37c8-6ad37d4 710->712 713 6ad34a1-6ad34c3 710->713 712->697 714 6ad37da 712->714 713->712 716 6ad34c9-6ad34d3 713->716 714->698 716->712 717 6ad34d9-6ad34e4 716->717 717->712 718 6ad34ea-6ad35c0 717->718 730 6ad35ce-6ad35fe 718->730 731 6ad35c2-6ad35c4 718->731 735 6ad360c-6ad3618 730->735 736 6ad3600-6ad3602 730->736 731->730 737 6ad3678-6ad367c 735->737 738 6ad361a-6ad361e 735->738 736->735 739 6ad37b9-6ad37c2 737->739 740 6ad3682-6ad36be 737->740 738->737 741 6ad3620-6ad364a 738->741 739->712 739->718 752 6ad36cc-6ad36da 740->752 753 6ad36c0-6ad36c2 740->753 748 6ad364c-6ad364e 741->748 749 6ad3658-6ad3675 741->749 748->749 749->737 755 6ad36dc-6ad36e7 752->755 756 6ad36f1-6ad36fc 752->756 753->752 755->756 759 6ad36e9 755->759 760 6ad36fe-6ad3704 756->760 761 6ad3714-6ad3725 756->761 759->756 762 6ad3708-6ad370a 760->762 763 6ad3706 760->763 765 6ad373d-6ad3749 761->765 766 6ad3727-6ad372d 761->766 762->761 763->761 770 6ad374b-6ad3751 765->770 771 6ad3761-6ad37b2 765->771 767 6ad372f 766->767 768 6ad3731-6ad3733 766->768 767->765 768->765 772 6ad3755-6ad3757 770->772 773 6ad3753 770->773 771->739 772->771 773->771 781->674 782->674
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2392861976
                                                                      • Opcode ID: 802191b75621f139aaf990da8a8236d112895ccea881e56455694c3b3ec49fba
                                                                      • Instruction ID: f0cd369beff3e1bad28cb9ec96785481670d41c41c99a4d2eabbb90944af6bcf
                                                                      • Opcode Fuzzy Hash: 802191b75621f139aaf990da8a8236d112895ccea881e56455694c3b3ec49fba
                                                                      • Instruction Fuzzy Hash: 65322F35E1061ADFCB54EF75C85459DB7B2FF89300F1086AAD44AAB224EB30ED85CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD7D40 Relevance: 3.0, Strings: 2, Instructions: 476COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1324 6ad7d40-6ad7d5e 1325 6ad7d60-6ad7d63 1324->1325 1326 6ad7d65-6ad7d6f 1325->1326 1327 6ad7d70-6ad7d73 1325->1327 1328 6ad7d8a-6ad7d8d 1327->1328 1329 6ad7d75-6ad7d83 1327->1329 1330 6ad7d8f-6ad7dab 1328->1330 1331 6ad7db0-6ad7db3 1328->1331 1338 6ad7d85 1329->1338 1339 6ad7de6-6ad7dfc 1329->1339 1330->1331 1332 6ad7db5-6ad7dcf 1331->1332 1333 6ad7dd4-6ad7dd6 1331->1333 1332->1333 1336 6ad7ddd-6ad7de0 1333->1336 1337 6ad7dd8 1333->1337 1336->1325 1336->1339 1337->1336 1338->1328 1343 6ad8017-6ad8021 1339->1343 1344 6ad7e02-6ad7e0b 1339->1344 1346 6ad7e11-6ad7e2e 1344->1346 1347 6ad8022-6ad8057 1344->1347 1356 6ad8004-6ad8011 1346->1356 1357 6ad7e34-6ad7e5c 1346->1357 1350 6ad8059-6ad805c 1347->1350 1352 6ad807f-6ad8082 1350->1352 1353 6ad805e-6ad807a 1350->1353 1354 6ad812f-6ad8132 1352->1354 1355 6ad8088-6ad8094 1352->1355 1353->1352 1358 6ad8138-6ad8147 1354->1358 1359 6ad8367-6ad8369 1354->1359 1363 6ad809f-6ad80a1 1355->1363 1356->1343 1356->1344 1357->1356 1378 6ad7e62-6ad7e6b 1357->1378 1374 6ad8149-6ad8164 1358->1374 1375 6ad8166-6ad81aa 1358->1375 1361 6ad836b 1359->1361 1362 6ad8370-6ad8373 1359->1362 1361->1362 1362->1350 1365 6ad8379-6ad8382 1362->1365 1366 6ad80b9-6ad80bd 1363->1366 1367 6ad80a3-6ad80a9 1363->1367 1372 6ad80bf-6ad80c9 1366->1372 1373 6ad80cb 1366->1373 1370 6ad80ad-6ad80af 1367->1370 1371 6ad80ab 1367->1371 1370->1366 1371->1366 1377 6ad80d0-6ad80d2 1372->1377 1373->1377 1374->1375 1384 6ad833b-6ad8351 1375->1384 1385 6ad81b0-6ad81c1 1375->1385 1380 6ad80e9-6ad8122 1377->1380 1381 6ad80d4-6ad80d7 1377->1381 1378->1347 1383 6ad7e71-6ad7e8d 1378->1383 1380->1358 1404 6ad8124-6ad812e 1380->1404 1381->1365 1390 6ad7e93-6ad7ebd 1383->1390 1391 6ad7ff2-6ad7ffe 1383->1391 1384->1359 1395 6ad81c7-6ad81e4 1385->1395 1396 6ad8326-6ad8335 1385->1396 1407 6ad7fe8-6ad7fed 1390->1407 1408 6ad7ec3-6ad7eeb 1390->1408 1391->1356 1391->1378 1395->1396 1406 6ad81ea-6ad82e0 call 6ad6568 1395->1406 1396->1384 1396->1385 1457 6ad82ee 1406->1457 1458 6ad82e2-6ad82ec 1406->1458 1407->1391 1408->1407 1415 6ad7ef1-6ad7f1f 1408->1415 1415->1407 1420 6ad7f25-6ad7f2e 1415->1420 1420->1407 1421 6ad7f34-6ad7f66 1420->1421 1429 6ad7f68-6ad7f6c 1421->1429 1430 6ad7f71-6ad7f8d 1421->1430 1429->1407 1431 6ad7f6e 1429->1431 1430->1391 1432 6ad7f8f-6ad7fe6 call 6ad6568 1430->1432 1431->1430 1432->1391 1459 6ad82f3-6ad82f5 1457->1459 1458->1459 1459->1396 1460 6ad82f7-6ad82fc 1459->1460 1461 6ad82fe-6ad8308 1460->1461 1462 6ad830a 1460->1462 1463 6ad830f-6ad8311 1461->1463 1462->1463 1463->1396 1464 6ad8313-6ad831f 1463->1464 1464->1396
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q
                                                                      • API String ID: 0-355816377
                                                                      • Opcode ID: 2e1035683526dc52584defd3b9ad8afbf5a74ca3eb2115cfdfb324b8c83a9688
                                                                      • Instruction ID: 3745821f5271718dad7784dca15d0e9a1d4e6fc4fbbbb45d8883e2432cf0dcef
                                                                      • Opcode Fuzzy Hash: 2e1035683526dc52584defd3b9ad8afbf5a74ca3eb2115cfdfb324b8c83a9688
                                                                      • Instruction Fuzzy Hash: 34029C34B002059FDB58EB68D590BAEB7E2FF88304F148569E44ADB394DB35EC46CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD5570 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $
                                                                      • API String ID: 0-3993045852
                                                                      • Opcode ID: 45f239a017b2bdb165957405187d69dbadb26de40af3e799f2c2b095bc57aa38
                                                                      • Instruction ID: b78d18924b304e53c205d3e5824364a3bf90051e565553a55daa10105790c084
                                                                      • Opcode Fuzzy Hash: 45f239a017b2bdb165957405187d69dbadb26de40af3e799f2c2b095bc57aa38
                                                                      • Instruction Fuzzy Hash: 8622CF35E002159FDF64EBA5C4906AEBBB2EF89314F248469D45AEF344DB31DC42CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADC148 Relevance: .6, Instructions: 643COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ebe37931c69efbf1bd4d05b698add2536c4a1830b87d19cff555555996b9f2bf
                                                                      • Instruction ID: 72d87e4ed14540afe7b90e46788b92f70f222360302e80bcbe3c39db1a59d8cc
                                                                      • Opcode Fuzzy Hash: ebe37931c69efbf1bd4d05b698add2536c4a1830b87d19cff555555996b9f2bf
                                                                      • Instruction Fuzzy Hash: 11329F34B002099FDB54EB68D980BAEB7B6FB88324F508565E407EB355DB35EC42CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADB299 Relevance: .5, Instructions: 548COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ac3b6a6837cf0eab46113ec280c70bd2f1bc46487042bfcece1df0ba97e749b8
                                                                      • Instruction ID: 04e8d98f4533f752c887f69a0dbe0acd32b3ed718f0e7295f4806e41a68c9094
                                                                      • Opcode Fuzzy Hash: ac3b6a6837cf0eab46113ec280c70bd2f1bc46487042bfcece1df0ba97e749b8
                                                                      • Instruction Fuzzy Hash: 991250B4E102098FDF64EB68C5807ADB7B2FB89314F218526E446EF395DA35DC81CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADAC90 Relevance: 10.4, Strings: 8, Instructions: 395COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 527 6adac90-6adacae 529 6adacb0-6adacb3 527->529 530 6adacbd-6adacc0 529->530 531 6adacb5-6adacba 529->531 532 6adacd1-6adacd4 530->532 533 6adacc2-6adacc6 530->533 531->530 534 6adace4-6adace7 532->534 535 6adacd6-6adacdf 532->535 536 6adaebc-6adaec6 533->536 537 6adaccc 533->537 538 6adace9-6adacfc 534->538 539 6adad01-6adad04 534->539 535->534 537->532 538->539 540 6adad1e-6adad21 539->540 541 6adad06-6adad0f 539->541 545 6adaead-6adaeb6 540->545 546 6adad27-6adad2a 540->546 543 6adad15-6adad19 541->543 544 6adaec7-6adaed4 541->544 543->540 555 6adaed6-6adaefe 544->555 556 6adaf50-6adaf51 544->556 545->536 545->541 547 6adad4d-6adad50 546->547 548 6adad2c-6adad48 546->548 549 6adad64-6adad66 547->549 550 6adad52-6adad5f 547->550 548->547 552 6adad6d-6adad70 549->552 553 6adad68 549->553 550->549 552->529 558 6adad76-6adad9a 552->558 553->552 561 6adaf00-6adaf03 555->561 559 6adaf61-6adaf9c 556->559 560 6adaf53 556->560 585 6adaeaa 558->585 586 6adada0-6adadaf 558->586 571 6adb18f-6adb1a2 559->571 572 6adafa2-6adafae 559->572 565 6adaf58-6adaf5b 560->565 562 6adaf05-6adaf21 561->562 563 6adaf26-6adaf29 561->563 562->563 569 6adaf2b-6adaf35 563->569 570 6adaf36-6adaf39 563->570 565->559 566 6adb1c4-6adb1c6 565->566 576 6adb1cd-6adb1d0 566->576 577 6adb1c8 566->577 574 6adaf48-6adaf4b 570->574 575 6adaf3b 570->575 578 6adb1a4 571->578 587 6adafce-6adb012 572->587 588 6adafb0-6adafc9 572->588 574->565 581 6adaf4d 574->581 653 6adaf3b call 6adb299 575->653 654 6adaf3b call 6adb1e8 575->654 576->561 580 6adb1d6-6adb1e0 576->580 577->576 578->566 581->556 584 6adaf41-6adaf43 584->574 585->545 591 6adadc7-6adae02 call 6ad6568 586->591 592 6adadb1-6adadb7 586->592 604 6adb02e-6adb06d 587->604 605 6adb014-6adb026 587->605 588->578 609 6adae1a-6adae31 591->609 610 6adae04-6adae0a 591->610 593 6adadb9 592->593 594 6adadbb-6adadbd 592->594 593->591 594->591 611 6adb154-6adb169 604->611 612 6adb073-6adb14e call 6ad6568 604->612 605->604 621 6adae49-6adae5a 609->621 622 6adae33-6adae39 609->622 613 6adae0c 610->613 614 6adae0e-6adae10 610->614 611->571 612->611 613->609 614->609 628 6adae5c-6adae62 621->628 629 6adae72-6adaea3 621->629 624 6adae3d-6adae3f 622->624 625 6adae3b 622->625 624->621 625->621 631 6adae64 628->631 632 6adae66-6adae68 628->632 629->585 631->629 632->629 653->584 654->584
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-3823777903
                                                                      • Opcode ID: c86a6b79df0d46d787891b6e16aeebdf2e39aa993bd342a35bfaf46af204683d
                                                                      • Instruction ID: 36ac85938dd58261e05c03fc3af7b074816b255ba2314aa9e3d5e825ac8424c7
                                                                      • Opcode Fuzzy Hash: c86a6b79df0d46d787891b6e16aeebdf2e39aa993bd342a35bfaf46af204683d
                                                                      • Instruction Fuzzy Hash: BDE16C30E0020A8FCB65EF69D5846AEB7F2EF89304F108929E546DB354DB35EC46CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADB618 Relevance: 8.0, Strings: 6, Instructions: 471COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 783 6adb618-6adb63a 784 6adb63c-6adb63f 783->784 785 6adb64f-6adb652 784->785 786 6adb641-6adb64a 784->786 787 6adb669-6adb66c 785->787 788 6adb654-6adb658 785->788 786->785 791 6adb66e-6adb672 787->791 792 6adb683-6adb686 787->792 789 6adb9af-6adb9e6 788->789 790 6adb65e-6adb664 788->790 802 6adb9e8-6adb9eb 789->802 790->787 791->789 793 6adb678-6adb67e 791->793 794 6adb688-6adb6e5 call 6ad6568 792->794 795 6adb6ea-6adb6ed 792->795 793->792 794->795 796 6adb6ef-6adb6f2 795->796 797 6adb71e-6adb727 795->797 799 6adb719-6adb71c 796->799 800 6adb6f4-6adb6f8 796->800 803 6adb72d 797->803 804 6adb83b-6adb844 797->804 799->797 810 6adb732-6adb735 799->810 800->789 806 6adb6fe-6adb70e 800->806 808 6adb9ed-6adba09 802->808 809 6adba0e-6adba11 802->809 803->810 804->789 805 6adb84a-6adb851 804->805 811 6adb856-6adb859 805->811 828 6adb88a-6adb88e 806->828 829 6adb714 806->829 808->809 813 6adbc7d-6adbc7f 809->813 814 6adba17-6adba3f 809->814 815 6adb774-6adb777 810->815 816 6adb737-6adb74c 810->816 817 6adb86b-6adb86e 811->817 818 6adb85b 811->818 823 6adbc86-6adbc89 813->823 824 6adbc81 813->824 869 6adba49-6adba8d 814->869 870 6adba41-6adba44 814->870 819 6adb779-6adb77d 815->819 820 6adb79a-6adb79d 815->820 816->789 837 6adb752-6adb76f 816->837 826 6adb885-6adb888 817->826 827 6adb870-6adb873 817->827 838 6adb863-6adb866 818->838 819->789 825 6adb783-6adb793 819->825 831 6adb79f-6adb7a2 820->831 832 6adb7a7-6adb7aa 820->832 823->802 833 6adbc8f-6adbc98 823->833 824->823 825->831 856 6adb795 825->856 826->828 840 6adb8af-6adb8b2 826->840 827->789 839 6adb879-6adb880 827->839 828->789 841 6adb894-6adb8a4 828->841 829->799 831->832 842 6adb7ac-6adb7b0 832->842 843 6adb7c1-6adb7c4 832->843 837->815 838->817 839->826 840->831 850 6adb8b8-6adb8bb 840->850 841->819 865 6adb8aa 841->865 842->789 847 6adb7b6-6adb7bc 842->847 848 6adb7ce-6adb7d1 843->848 849 6adb7c6-6adb7c9 843->849 847->843 851 6adb7db-6adb7de 848->851 852 6adb7d3-6adb7d8 848->852 849->848 853 6adb8bd-6adb8c0 850->853 854 6adb8c7-6adb8ca 850->854 859 6adb7eb-6adb7ee 851->859 860 6adb7e0-6adb7e6 851->860 852->851 853->827 858 6adb8c2 853->858 862 6adb8cc-6adb8ce 854->862 863 6adb8d1-6adb8d4 854->863 856->820 858->854 866 6adb7fe-6adb801 859->866 867 6adb7f0-6adb7f7 859->867 860->859 862->863 863->831 868 6adb8da-6adb8dd 863->868 865->840 875 6adb823-6adb826 866->875 876 6adb803-6adb81e 866->876 871 6adb7f9 867->871 872 6adb828-6adb831 867->872 873 6adb8df-6adb8eb 868->873 874 6adb8f0-6adb8f3 868->874 897 6adba93-6adba9c 869->897 898 6adbc72-6adbc7c 869->898 870->833 871->866 880 6adb836-6adb839 872->880 873->874 878 6adb8f5-6adb8fe 874->878 879 6adb903-6adb906 874->879 875->872 875->880 876->875 878->879 879->853 885 6adb908-6adb90b 879->885 880->804 880->811 886 6adb90d-6adb929 885->886 887 6adb92e-6adb931 885->887 886->887 889 6adb941-6adb944 887->889 890 6adb933-6adb93c 887->890 889->831 893 6adb94a-6adb94d 889->893 890->889 895 6adb94f-6adb964 893->895 896 6adb987-6adb98a 893->896 895->789 909 6adb966-6adb982 895->909 902 6adb98c-6adb98d 896->902 903 6adb992-6adb994 896->903 900 6adbc68-6adbc6d 897->900 901 6adbaa2-6adbb0e call 6ad6568 897->901 900->898 917 6adbc08-6adbc1d 901->917 918 6adbb14-6adbb19 901->918 902->903 905 6adb99b-6adb99e 903->905 906 6adb996 903->906 905->784 907 6adb9a4-6adb9ae 905->907 906->905 909->896 917->900 919 6adbb1b-6adbb21 918->919 920 6adbb35 918->920 922 6adbb27-6adbb29 919->922 923 6adbb23-6adbb25 919->923 924 6adbb37-6adbb3d 920->924 925 6adbb33 922->925 923->925 926 6adbb3f-6adbb45 924->926 927 6adbb52-6adbb5f 924->927 925->924 928 6adbb4b 926->928 929 6adbbf3-6adbc02 926->929 934 6adbb77-6adbb84 927->934 935 6adbb61-6adbb67 927->935 928->927 930 6adbbba-6adbbc7 928->930 931 6adbb86-6adbb93 928->931 929->917 929->918 940 6adbbdf-6adbbec 930->940 941 6adbbc9-6adbbcf 930->941 943 6adbbab-6adbbb8 931->943 944 6adbb95-6adbb9b 931->944 934->929 937 6adbb69 935->937 938 6adbb6b-6adbb6d 935->938 937->934 938->934 940->929 945 6adbbd1 941->945 946 6adbbd3-6adbbd5 941->946 943->929 947 6adbb9d 944->947 948 6adbb9f-6adbba1 944->948 945->940 946->940 947->943 948->943
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2392861976
                                                                      • Opcode ID: d7cf1fb6d12b518878bcfc05e6d83559bccc5cf89b0e87608e2cf54d4fba6dfe
                                                                      • Instruction ID: 6e8f6af1e4fa3b4b1d335cdb6028df36aff6464e29ed71f177f4802503117ae8
                                                                      • Opcode Fuzzy Hash: d7cf1fb6d12b518878bcfc05e6d83559bccc5cf89b0e87608e2cf54d4fba6dfe
                                                                      • Instruction Fuzzy Hash: 08026C70E002098FDBA4EF68D5807ADB7B1FB85310F118566D416DF295DB35EC86CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD9110 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 951 6ad9110-6ad9135 952 6ad9137-6ad913a 951->952 953 6ad99f8-6ad99fb 952->953 954 6ad9140-6ad9155 952->954 955 6ad99fd-6ad9a1c 953->955 956 6ad9a21-6ad9a23 953->956 962 6ad916d-6ad9183 954->962 963 6ad9157-6ad915d 954->963 955->956 957 6ad9a2a-6ad9a2d 956->957 958 6ad9a25 956->958 957->952 961 6ad9a33-6ad9a3d 957->961 958->957 968 6ad918e-6ad9190 962->968 964 6ad915f 963->964 965 6ad9161-6ad9163 963->965 964->962 965->962 969 6ad91a8-6ad9219 968->969 970 6ad9192-6ad9198 968->970 981 6ad921b-6ad923e 969->981 982 6ad9245-6ad9261 969->982 971 6ad919c-6ad919e 970->971 972 6ad919a 970->972 971->969 972->969 981->982 987 6ad928d-6ad92a8 982->987 988 6ad9263-6ad9286 982->988 993 6ad92aa-6ad92cc 987->993 994 6ad92d3-6ad92ee 987->994 988->987 993->994 999 6ad92f0-6ad930c 994->999 1000 6ad9313-6ad9321 994->1000 999->1000 1001 6ad9331-6ad93ab 1000->1001 1002 6ad9323-6ad932c 1000->1002 1008 6ad93ad-6ad93cb 1001->1008 1009 6ad93f8-6ad940d 1001->1009 1002->961 1013 6ad93cd-6ad93dc 1008->1013 1014 6ad93e7-6ad93f6 1008->1014 1009->953 1013->1014 1014->1008 1014->1009
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2125118731
                                                                      • Opcode ID: 78910f418b49dc5e871b5a4ed6b88b922a44be8a6ff629c08a76efb278843614
                                                                      • Instruction ID: 94748d09ca911c9b16e862e0438bc5c89c8093aa2d937bcf2fe306f7063a16c8
                                                                      • Opcode Fuzzy Hash: 78910f418b49dc5e871b5a4ed6b88b922a44be8a6ff629c08a76efb278843614
                                                                      • Instruction Fuzzy Hash: 3A913D34F0061A9FDB94EB65D8507AFB3F6ABC9204F108569D40AEB344EB70DC46CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADCF00 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1017 6adcf00-6adcf1b 1018 6adcf1d-6adcf20 1017->1018 1019 6adcf69-6adcf6c 1018->1019 1020 6adcf22-6adcf64 1018->1020 1021 6adcf6e-6adcf70 1019->1021 1022 6adcf7b-6adcf7e 1019->1022 1020->1019 1023 6add3e9 1021->1023 1024 6adcf76 1021->1024 1025 6add3ec-6add3f8 1022->1025 1026 6adcf84-6adcf87 1022->1026 1023->1025 1024->1022 1030 6add3fe-6add6eb 1025->1030 1031 6add021-6add030 1025->1031 1028 6adcf89-6adcfcb 1026->1028 1029 6adcfd0-6adcfd3 1026->1029 1028->1029 1035 6add01c-6add01f 1029->1035 1036 6adcfd5-6adcfe4 1029->1036 1229 6add6f1-6add6f7 1030->1229 1230 6add912-6add91c 1030->1230 1033 6add03f-6add04b 1031->1033 1034 6add032-6add037 1031->1034 1039 6add91d-6add956 1033->1039 1040 6add051-6add063 1033->1040 1034->1033 1035->1031 1038 6add068-6add06b 1035->1038 1041 6adcfe6-6adcfeb 1036->1041 1042 6adcff3-6adcfff 1036->1042 1045 6add06d-6add0af 1038->1045 1046 6add0b4-6add0b7 1038->1046 1057 6add958-6add95b 1039->1057 1040->1038 1041->1042 1042->1039 1047 6add005-6add017 1042->1047 1045->1046 1050 6add0b9-6add0fb 1046->1050 1051 6add100-6add103 1046->1051 1047->1035 1050->1051 1054 6add10d-6add110 1051->1054 1055 6add105-6add10a 1051->1055 1060 6add159-6add15c 1054->1060 1061 6add112-6add154 1054->1061 1055->1054 1065 6add95d-6add979 1057->1065 1066 6add97e-6add981 1057->1066 1069 6add17f-6add182 1060->1069 1070 6add15e-6add17a 1060->1070 1061->1060 1065->1066 1071 6add9b4-6add9b7 1066->1071 1072 6add983-6add9af 1066->1072 1077 6add184-6add186 1069->1077 1078 6add191-6add194 1069->1078 1070->1069 1073 6add9b9 call 6adda75 1071->1073 1074 6add9c6-6add9c8 1071->1074 1072->1071 1094 6add9bf-6add9c1 1073->1094 1083 6add9cf-6add9d2 1074->1083 1084 6add9ca 1074->1084 1085 6add18c 1077->1085 1086 6add2a7-6add2b0 1077->1086 1087 6add1dd-6add1e0 1078->1087 1088 6add196-6add1d8 1078->1088 1083->1057 1099 6add9d4-6add9e3 1083->1099 1084->1083 1085->1078 1097 6add2bf-6add2cb 1086->1097 1098 6add2b2-6add2b7 1086->1098 1095 6add229-6add22c 1087->1095 1096 6add1e2-6add224 1087->1096 1088->1087 1094->1074 1101 6add22e-6add270 1095->1101 1102 6add275-6add278 1095->1102 1096->1095 1106 6add3dc-6add3e1 1097->1106 1107 6add2d1-6add2e5 1097->1107 1098->1097 1122 6adda4a-6adda5f 1099->1122 1123 6add9e5-6adda48 call 6ad6568 1099->1123 1101->1102 1109 6add27a-6add290 1102->1109 1110 6add295-6add297 1102->1110 1106->1023 1107->1023 1129 6add2eb-6add2fd 1107->1129 1109->1110 1119 6add29e-6add2a1 1110->1119 1120 6add299 1110->1120 1119->1018 1119->1086 1120->1119 1123->1122 1142 6add2ff-6add305 1129->1142 1143 6add321-6add323 1129->1143 1148 6add309-6add315 1142->1148 1149 6add307 1142->1149 1145 6add32d-6add339 1143->1145 1160 6add33b-6add345 1145->1160 1161 6add347 1145->1161 1150 6add317-6add31f 1148->1150 1149->1150 1150->1145 1163 6add34c-6add34e 1160->1163 1161->1163 1163->1023 1166 6add354-6add370 call 6ad6568 1163->1166 1174 6add37f-6add38b 1166->1174 1175 6add372-6add377 1166->1175 1174->1106 1178 6add38d-6add3da 1174->1178 1175->1174 1178->1023 1231 6add6f9-6add6fe 1229->1231 1232 6add706-6add70f 1229->1232 1231->1232 1232->1039 1233 6add715-6add728 1232->1233 1235 6add72e-6add734 1233->1235 1236 6add902-6add90c 1233->1236 1237 6add736-6add73b 1235->1237 1238 6add743-6add74c 1235->1238 1236->1229 1236->1230 1237->1238 1238->1039 1239 6add752-6add773 1238->1239 1242 6add775-6add77a 1239->1242 1243 6add782-6add78b 1239->1243 1242->1243 1243->1039 1244 6add791-6add7ae 1243->1244 1244->1236 1247 6add7b4-6add7ba 1244->1247 1247->1039 1248 6add7c0-6add7d9 1247->1248 1250 6add7df-6add806 1248->1250 1251 6add8f5-6add8fc 1248->1251 1250->1039 1254 6add80c-6add816 1250->1254 1251->1236 1251->1247 1254->1039 1255 6add81c-6add833 1254->1255 1257 6add835-6add840 1255->1257 1258 6add842-6add85d 1255->1258 1257->1258 1258->1251 1263 6add863-6add87c call 6ad6568 1258->1263 1267 6add87e-6add883 1263->1267 1268 6add88b-6add894 1263->1268 1267->1268 1268->1039 1269 6add89a-6add8ee 1268->1269 1269->1251
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q
                                                                      • API String ID: 0-831282457
                                                                      • Opcode ID: fd989dfbef08ec0767d04b96d7bbfa6be13735757baba27ef0b6e14116f6f070
                                                                      • Instruction ID: 9b576601fa32d456ff54e841f3bcc01a5fd4e288a9bf04e1abe63619cab4f437
                                                                      • Opcode Fuzzy Hash: fd989dfbef08ec0767d04b96d7bbfa6be13735757baba27ef0b6e14116f6f070
                                                                      • Instruction Fuzzy Hash: FF622034A002168FCB55FB68D590A5EB7B2FF84304F248A69D046DF369DB75ED46CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD4B38 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1277 6ad4b38-6ad4b5c 1278 6ad4b5e-6ad4b61 1277->1278 1279 6ad4b63-6ad4b7d 1278->1279 1280 6ad4b82-6ad4b85 1278->1280 1279->1280 1281 6ad4b8b-6ad4c83 1280->1281 1282 6ad5264-6ad5266 1280->1282 1300 6ad4c89-6ad4cd6 call 6ad53e8 1281->1300 1301 6ad4d06-6ad4d0d 1281->1301 1283 6ad526d-6ad5270 1282->1283 1284 6ad5268 1282->1284 1283->1278 1286 6ad5276-6ad5283 1283->1286 1284->1283 1314 6ad4cdc-6ad4cf8 1300->1314 1302 6ad4d91-6ad4d9a 1301->1302 1303 6ad4d13-6ad4d83 1301->1303 1302->1286 1320 6ad4d8e 1303->1320 1321 6ad4d85 1303->1321 1317 6ad4cfa 1314->1317 1318 6ad4d03-6ad4d04 1314->1318 1317->1318 1318->1301 1320->1302 1321->1320
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: fcq$XPcq$\Ocq
                                                                      • API String ID: 0-3575482020
                                                                      • Opcode ID: 4631322a8a7317460e007a00ec74939371fcc7daa70a57dfd64f558a8181ef4c
                                                                      • Instruction ID: eb61c948cd74f48c360ca98a0465ba4a53009c007463207e3caddace8f9d95aa
                                                                      • Opcode Fuzzy Hash: 4631322a8a7317460e007a00ec74939371fcc7daa70a57dfd64f558a8181ef4c
                                                                      • Instruction Fuzzy Hash: D0615130E002199FEB54AFA5C8547AEBAF6FFC8700F208529D146EB395DB758C468B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD9105 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1703 6ad9105-6ad9135 1705 6ad9137-6ad913a 1703->1705 1706 6ad99f8-6ad99fb 1705->1706 1707 6ad9140-6ad9155 1705->1707 1708 6ad99fd-6ad9a1c 1706->1708 1709 6ad9a21-6ad9a23 1706->1709 1715 6ad916d-6ad9183 1707->1715 1716 6ad9157-6ad915d 1707->1716 1708->1709 1710 6ad9a2a-6ad9a2d 1709->1710 1711 6ad9a25 1709->1711 1710->1705 1714 6ad9a33-6ad9a3d 1710->1714 1711->1710 1721 6ad918e-6ad9190 1715->1721 1717 6ad915f 1716->1717 1718 6ad9161-6ad9163 1716->1718 1717->1715 1718->1715 1722 6ad91a8-6ad9219 1721->1722 1723 6ad9192-6ad9198 1721->1723 1734 6ad921b-6ad923e 1722->1734 1735 6ad9245-6ad9261 1722->1735 1724 6ad919c-6ad919e 1723->1724 1725 6ad919a 1723->1725 1724->1722 1725->1722 1734->1735 1740 6ad928d-6ad92a8 1735->1740 1741 6ad9263-6ad9286 1735->1741 1746 6ad92aa-6ad92cc 1740->1746 1747 6ad92d3-6ad92ee 1740->1747 1741->1740 1746->1747 1752 6ad92f0-6ad930c 1747->1752 1753 6ad9313-6ad9321 1747->1753 1752->1753 1754 6ad9331-6ad93ab 1753->1754 1755 6ad9323-6ad932c 1753->1755 1761 6ad93ad-6ad93cb 1754->1761 1762 6ad93f8-6ad940d 1754->1762 1755->1714 1766 6ad93cd-6ad93dc 1761->1766 1767 6ad93e7-6ad93f6 1761->1767 1762->1706 1766->1767 1767->1761 1767->1762
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q
                                                                      • API String ID: 0-355816377
                                                                      • Opcode ID: 2b07711aa6f10c330ff23d3bb9b53d0dd41a931f56efb9bcbe40f109961e8b1e
                                                                      • Instruction ID: c8e903e131e5a0ce069f9fc31b93626b8fd0d247d31be193744054ff19aba12e
                                                                      • Opcode Fuzzy Hash: 2b07711aa6f10c330ff23d3bb9b53d0dd41a931f56efb9bcbe40f109961e8b1e
                                                                      • Instruction Fuzzy Hash: 8D516234B042069FDB94EB75D890BAFB3FAABC8644F108469D40ADB344DA30DC46CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD4B28 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1770 6ad4b28-6ad4b5c 1772 6ad4b5e-6ad4b61 1770->1772 1773 6ad4b63-6ad4b7d 1772->1773 1774 6ad4b82-6ad4b85 1772->1774 1773->1774 1775 6ad4b8b-6ad4c83 1774->1775 1776 6ad5264-6ad5266 1774->1776 1794 6ad4c89-6ad4cd6 call 6ad53e8 1775->1794 1795 6ad4d06-6ad4d0d 1775->1795 1777 6ad526d-6ad5270 1776->1777 1778 6ad5268 1776->1778 1777->1772 1780 6ad5276-6ad5283 1777->1780 1778->1777 1808 6ad4cdc-6ad4cf8 1794->1808 1796 6ad4d91-6ad4d9a 1795->1796 1797 6ad4d13-6ad4d83 1795->1797 1796->1780 1814 6ad4d8e 1797->1814 1815 6ad4d85 1797->1815 1811 6ad4cfa 1808->1811 1812 6ad4d03-6ad4d04 1808->1812 1811->1812 1812->1795 1814->1796 1815->1814
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: fcq$XPcq
                                                                      • API String ID: 0-936005338
                                                                      • Opcode ID: 22068b5c5865d64d5520be6ab65ef04981d22d342aacaa9d9dfeb6745a86fd6b
                                                                      • Instruction ID: 5dcf4f318511255ed71c215e7652e2ff96bf028f308f0fe82677d1e7d6468cae
                                                                      • Opcode Fuzzy Hash: 22068b5c5865d64d5520be6ab65ef04981d22d342aacaa9d9dfeb6745a86fd6b
                                                                      • Instruction Fuzzy Hash: DF516030F002099FDB55AFA5C854BAEBAF6FFC8700F208529E146AB395DA758C418B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACB228 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 6a6e2d8d91cdbb970b5c1dbfda327ce443ff816556b1ed200282d203b4a9ea9b
                                                                      • Instruction ID: 8db4e815b1caa88c63526dc9b878aa668830b5ed22d29af032c4714e81994e15
                                                                      • Opcode Fuzzy Hash: 6a6e2d8d91cdbb970b5c1dbfda327ce443ff816556b1ed200282d203b4a9ea9b
                                                                      • Instruction Fuzzy Hash: 10715370A00B058FDB64EF2AC45575ABBF1BF88310F008A2DD48A9BB50DB35E845CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 010EEB68 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2872999473.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10e0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ee1735c257585ac8425e564682fb40c6313db9d1e3b458e2fe32e96b7204e2e
                                                                      • Instruction ID: d826a6a28ac31a24759d165b24917ee3e523cca2c682036b14b7856ca0bc8209
                                                                      • Opcode Fuzzy Hash: 2ee1735c257585ac8425e564682fb40c6313db9d1e3b458e2fe32e96b7204e2e
                                                                      • Instruction Fuzzy Hash: 5F414232D103599FCB10EFBAD8046DABFF5AF89210F1485AAE544A7251DB389881CBE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACD7C5 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06ACD922
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: CreateWindow
                                                                      • String ID:
                                                                      • API String ID: 716092398-0
                                                                      • Opcode ID: 74a7a2c4f2a0b173d4b7e848f1091a711de5a8c3e6d97b2d1e11377304f89111
                                                                      • Instruction ID: e94521a3f21f87200f90b72c3469efc2440201d864010a1f8b5f6a66b79f8b41
                                                                      • Opcode Fuzzy Hash: 74a7a2c4f2a0b173d4b7e848f1091a711de5a8c3e6d97b2d1e11377304f89111
                                                                      • Instruction Fuzzy Hash: 4151EEB5C00249EFDF15DFA9C984ADEBFB6BF48310F14816AE818AB220D7719841CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACD804 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06ACD922
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: CreateWindow
                                                                      • String ID:
                                                                      • API String ID: 716092398-0
                                                                      • Opcode ID: 74aae08b7a767ee0c80237a7eac07182acf365ff7ab1c6cd22b7323842576393
                                                                      • Instruction ID: ea7cef5bd3a9e7b67189ab499d74aa984c0cc03715dd55d6d092f742f693b58d
                                                                      • Opcode Fuzzy Hash: 74aae08b7a767ee0c80237a7eac07182acf365ff7ab1c6cd22b7323842576393
                                                                      • Instruction Fuzzy Hash: EB51CEB5D00349EFDB14DFAAC884ADEBFB5BF48310F24852AE819AB210D7709841CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACD810 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06ACD922
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: CreateWindow
                                                                      • String ID:
                                                                      • API String ID: 716092398-0
                                                                      • Opcode ID: 8d4687e49955f441f95dbef4b670fe8a489205ebad9fdec299fb2c7db3dfcf6b
                                                                      • Instruction ID: 45daa76d0f068378b63094e6d325629d313cbc69772d199ec22ef7d0405c4bc3
                                                                      • Opcode Fuzzy Hash: 8d4687e49955f441f95dbef4b670fe8a489205ebad9fdec299fb2c7db3dfcf6b
                                                                      • Instruction Fuzzy Hash: FE41C0B5D10309EFDB14DF9AC884ADEBBB5BF48310F24852AE818AB210D7749845CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACCD6C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 06ACFE91
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: CallProcWindow
                                                                      • String ID:
                                                                      • API String ID: 2714655100-0
                                                                      • Opcode ID: e3f45eb9f9113336baa3c3ea0c7ef8af9a53165cec34d62e5fd98a1c908485d3
                                                                      • Instruction ID: 9f725fdbda99989291070c7a5e4bcb2305e067d211f564ce4de5aa360b7f08db
                                                                      • Opcode Fuzzy Hash: e3f45eb9f9113336baa3c3ea0c7ef8af9a53165cec34d62e5fd98a1c908485d3
                                                                      • Instruction Fuzzy Hash: 6B4105B4900209CFDB54DF99C448AAABBF6FF89324F24845DD519AB321D734A841CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AC3048 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06AC30D7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 84541dd4ab2db23a972a7352c284d5a4d8fb1196a834f8e12ea0102f0e58eb51
                                                                      • Instruction ID: 20ad0a3749ec5e8914c764080ba065b0f5308f6e708d85efa06c8636a142ae84
                                                                      • Opcode Fuzzy Hash: 84541dd4ab2db23a972a7352c284d5a4d8fb1196a834f8e12ea0102f0e58eb51
                                                                      • Instruction Fuzzy Hash: A321E4B5D00208DFDB10CFAAD984ADEBBF5EF48320F14841AE958A7350C375A954CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AC3050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06AC30D7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: d6d6410969821f6938628542a77c62f7bfe28971042fab336fef693c4e3b50c1
                                                                      • Instruction ID: 7706b3c79353c83ef52d22bbe2fa80c243af54eb7199805441d9d47ec4e76e1c
                                                                      • Opcode Fuzzy Hash: d6d6410969821f6938628542a77c62f7bfe28971042fab336fef693c4e3b50c1
                                                                      • Instruction Fuzzy Hash: FE21C4B5900258DFDB10CF9AD984ADEFFF4EB48320F14841AE954A7350D375A944CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACB679 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 06ACB6EA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: 801e33adab1626b0eeba933cd192fc4d69b3869f8dfdcf4176d4b6f68c658700
                                                                      • Instruction ID: ac39e5f3dcb58a8d5bc721ba9eb41b4e1509332bb5fee458e121b71e6c62b983
                                                                      • Opcode Fuzzy Hash: 801e33adab1626b0eeba933cd192fc4d69b3869f8dfdcf4176d4b6f68c658700
                                                                      • Instruction Fuzzy Hash: A611F6B6D003499FDB20DFAAD844ADEFBF8EB48320F10842EE519A7210C375A545CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACB680 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 06ACB6EA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: 6e8eb014e6bba4700eef57351bb4132302a0152dc166b5f3f917d659b0d16bb7
                                                                      • Instruction ID: 31cd416fa1d6e386048a2b6696725cf7097f0677ea9e1601b8ed87c16fc40875
                                                                      • Opcode Fuzzy Hash: 6e8eb014e6bba4700eef57351bb4132302a0152dc166b5f3f917d659b0d16bb7
                                                                      • Instruction Fuzzy Hash: E81104B6D003499FDB10DF9AD844ADEFBF8EB48320F10842ED419A7210C375A545CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 010EEC50 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 010EECB7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2872999473.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10e0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: GlobalMemoryStatus
                                                                      • String ID:
                                                                      • API String ID: 1890195054-0
                                                                      • Opcode ID: af18a41891e677c1b0fddc33dacef92c8541abc22560710c5c9d4b77f0f1816a
                                                                      • Instruction ID: 3b72749967a81a5d7e4c4424925376751f9e19af55df2ebb18b427fdb56741d4
                                                                      • Opcode Fuzzy Hash: af18a41891e677c1b0fddc33dacef92c8541abc22560710c5c9d4b77f0f1816a
                                                                      • Instruction Fuzzy Hash: 8F111FB2C006699FCB10CF9AD548BDEFBF4AB48320F10816AD818B7241D378A940CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ACA17C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,06ACB244), ref: 06ACB47E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880244410.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ac0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 4a1cc3a6e0d190d9d2b5d185a3b0dee03793efab2489a1f6ac2a2ee6f7e83727
                                                                      • Instruction ID: 514037bd5d886e1df7ee5abf42940fa2ce663deda4f3dd95f836a3be06d567a5
                                                                      • Opcode Fuzzy Hash: 4a1cc3a6e0d190d9d2b5d185a3b0dee03793efab2489a1f6ac2a2ee6f7e83727
                                                                      • Instruction Fuzzy Hash: 2D1102B6C047498FDB10DF9AD544ADEFBF8EB48224F10842AD419B7210C379A545CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADDA75 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: PH^q
                                                                      • API String ID: 0-2549759414
                                                                      • Opcode ID: e811a73d48361b83fe5dc3efd24ba7a6587eda6676b4087868305ce1a1a05a45
                                                                      • Instruction ID: 2934b79e7a85a887204d17be6105f2b21edc20455c3f792100a305ee9b7c26c9
                                                                      • Opcode Fuzzy Hash: e811a73d48361b83fe5dc3efd24ba7a6587eda6676b4087868305ce1a1a05a45
                                                                      • Instruction Fuzzy Hash: 8341B030E003099FDB61FFA4C4546AEBBB2BF85204F204529E442EB245DB75E846CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD21D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: PH^q
                                                                      • API String ID: 0-2549759414
                                                                      • Opcode ID: ac0ce454d83f7aaf56d2e2fcf24717638af28348d207e71f3c58dc26f3dab0a0
                                                                      • Instruction ID: 78ca9985141b51b610eaad4c0764c36c1ddb63089b0e819880aae2d2044522f9
                                                                      • Opcode Fuzzy Hash: ac0ce454d83f7aaf56d2e2fcf24717638af28348d207e71f3c58dc26f3dab0a0
                                                                      • Instruction Fuzzy Hash: A731CD30B002058FDB59AB74C51476F7AE2AF89604F208468E546DB388DE3ADE46CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD69E0 Relevance: .5, Instructions: 498COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6552d0b58188a32cb904530bb6604fce70bf9343f17e03fb7851c487ade33c18
                                                                      • Instruction ID: 75d2857f3e6294696831b8dc86bdef37892b4870b9f9f258cb712ea215b431d3
                                                                      • Opcode Fuzzy Hash: 6552d0b58188a32cb904530bb6604fce70bf9343f17e03fb7851c487ade33c18
                                                                      • Instruction Fuzzy Hash: B802AB34B002048FDB54EB68D544BAEB7F2EF88354F149569E45ADB390DB36EC46CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD61B8 Relevance: .2, Instructions: 229COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f2ed2fdddfe78e1e3453870229c5fcfee29cececb1d6f9612cb7d9737750b979
                                                                      • Instruction ID: e50783fdd8e7d3ef5e391f1cd742d83005f072c6c4aad4f7b9e322a6ae16fd74
                                                                      • Opcode Fuzzy Hash: f2ed2fdddfe78e1e3453870229c5fcfee29cececb1d6f9612cb7d9737750b979
                                                                      • Instruction Fuzzy Hash: E061AF71F000214FCB55AB7EC88466FAADBAFC4624F15447AE80EDB364EE65DD0287D2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD4268 Relevance: .2, Instructions: 225COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e25db860ddab880d52ac6d226ad9c7d24c1689e969193e10f86e4dc808b93e74
                                                                      • Instruction ID: e907b71ff1bb9065a14404d85aa11077f4a044a276e82a59e72c035060a459fa
                                                                      • Opcode Fuzzy Hash: e25db860ddab880d52ac6d226ad9c7d24c1689e969193e10f86e4dc808b93e74
                                                                      • Instruction Fuzzy Hash: 6D812B34B006099FDF54EBA9D4547AEB7F6EF89304F108529D40AEB394EB31EC428B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD4588 Relevance: .2, Instructions: 218COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 912e51c528b8a03eaac188e7cd42b16c311daef7ae5165eb913c2f3b34e06281
                                                                      • Instruction ID: f42717bd09d38c00a87983477a94fe41595fa5e1b707cd5dad0d24ed84470b73
                                                                      • Opcode Fuzzy Hash: 912e51c528b8a03eaac188e7cd42b16c311daef7ae5165eb913c2f3b34e06281
                                                                      • Instruction Fuzzy Hash: 79913C30E106198FDF64DF68C890BDDB7B1FF89300F208695D549AB295EB70AA85CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD45A0 Relevance: .2, Instructions: 210COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16024f96e6edba5a90b0934b5508b39cc2b1db42c0b061cb7c7b517eb38320a9
                                                                      • Instruction ID: 0da0fa4925898f2a8ff22520bcf43f243f7812594bf16de21202ff45665ab9c0
                                                                      • Opcode Fuzzy Hash: 16024f96e6edba5a90b0934b5508b39cc2b1db42c0b061cb7c7b517eb38320a9
                                                                      • Instruction Fuzzy Hash: 8E914D30E1061A8BDF60DF68C880B9DB7B1FF89300F208695D549BB255EB70AA85CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADEAC8 Relevance: .2, Instructions: 204COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 066306f0255ac0c6bf2a8291c7367b140d17edbbffc6a2647e3ff9a2f6bd303c
                                                                      • Instruction ID: 3bd8e1aa044706b1f57a0f401a2a4cd118a9da0cb174d6f0ce925f6afebdf589
                                                                      • Opcode Fuzzy Hash: 066306f0255ac0c6bf2a8291c7367b140d17edbbffc6a2647e3ff9a2f6bd303c
                                                                      • Instruction Fuzzy Hash: 0A713930A002099FDB54EBA9D990A9EBBF6FF88304F148569E446EB355DB30ED46CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADEAD8 Relevance: .2, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f3278e8ecc6377132c51ff19176f2032cf4e89e170b8139b2734baedca30898
                                                                      • Instruction ID: 86e51e2c588649bf8fc9498164cab841d2a8227f0ef28480fed6c619721df853
                                                                      • Opcode Fuzzy Hash: 3f3278e8ecc6377132c51ff19176f2032cf4e89e170b8139b2734baedca30898
                                                                      • Instruction Fuzzy Hash: 28711930A002099FDB54EFA9D990A9EBBF6FF88304F148569D446EB355DB30ED46CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADFC39 Relevance: .2, Instructions: 181COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce780239884eaca6eaddc9316de524dfefe2d52b2784866ef669c99c8dac1a90
                                                                      • Instruction ID: c022adba3423263002b2638a01f728633d057440065be4854ade0f3275932181
                                                                      • Opcode Fuzzy Hash: ce780239884eaca6eaddc9316de524dfefe2d52b2784866ef669c99c8dac1a90
                                                                      • Instruction Fuzzy Hash: DE51EF31E001059FCB64FBB8E8446AEBBB2FB85315F108869E50BDB255DF359D56CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADF9E8 Relevance: .2, Instructions: 173COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 940535090806e8be92aac579d037456500a55b9b55a7a27ea5e12a144ea6cb68
                                                                      • Instruction ID: 169e23e5fbfabfd2de7fda8245e3e0ffca46f6246351189ffcda91e19adc8d9d
                                                                      • Opcode Fuzzy Hash: 940535090806e8be92aac579d037456500a55b9b55a7a27ea5e12a144ea6cb68
                                                                      • Instruction Fuzzy Hash: 6851D834B102149FEFA0776CD9547AF265AD789350F20492AE40FDB3E9CB79CC868392
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADF9F8 Relevance: .2, Instructions: 163COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0b88dce0d376909d32837a6dc36131c93e235ecb72d55e6e4967bfd0cb59e84
                                                                      • Instruction ID: b88a16ff3608dc6097eed2e2a38a3405e3176660bfc7556452d8ab4e201f5273
                                                                      • Opcode Fuzzy Hash: b0b88dce0d376909d32837a6dc36131c93e235ecb72d55e6e4967bfd0cb59e84
                                                                      • Instruction Fuzzy Hash: D651B134B102149FEFA47768D95476F265AD789350F20482AE40FDB3E9CA79CC8643A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD5560 Relevance: .1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85f02dd6bf7d354e9c8cb8d60759e8f5016d3dc088401c1162ecf3a8f7bb7f51
                                                                      • Instruction ID: f3a305bf5e79a83c18b640efb653fa977a32405b81f06c4a3f9a593a5c171806
                                                                      • Opcode Fuzzy Hash: 85f02dd6bf7d354e9c8cb8d60759e8f5016d3dc088401c1162ecf3a8f7bb7f51
                                                                      • Instruction Fuzzy Hash: 1841C035E001059FDF64ABA9C880B7EFBB2EB45310F24886AD55BDF681C634E981CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD53E8 Relevance: .1, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9783dc69f43a1c8b26655571b7d1af9ee94aa5d3475c39cf1f7c2abdd3278a5
                                                                      • Instruction ID: 2a422f70d8a8e01c86b7dd9effbf4c98950ef916b08adebddea3da52276e492b
                                                                      • Opcode Fuzzy Hash: d9783dc69f43a1c8b26655571b7d1af9ee94aa5d3475c39cf1f7c2abdd3278a5
                                                                      • Instruction Fuzzy Hash: A3415D71E006098FDF70DFA9D880AAFFBB2FB95311F20492AE156DB650D330E9558B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD2080 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 825bc98a281ebc597411dba6cc197385dcbc178d408f9996636129b3726021a1
                                                                      • Instruction ID: c05f2906d44cbef355322f6600e221299b00bfd3bbafb8daad499a5b72980e86
                                                                      • Opcode Fuzzy Hash: 825bc98a281ebc597411dba6cc197385dcbc178d408f9996636129b3726021a1
                                                                      • Instruction Fuzzy Hash: 3F315C35E106059FCB59EFA4D85479EB7B2BF89300F14C529EA06EB340DB71AD42CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD2090 Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a867f0a6827e034be33b46a3be93d852bdd89156569244387e7cef120f3e6f6a
                                                                      • Instruction ID: a3d52304f010c6f98b1a3bbb7c46229e90cd828ce5b8f16388210a11ce05598c
                                                                      • Opcode Fuzzy Hash: a867f0a6827e034be33b46a3be93d852bdd89156569244387e7cef120f3e6f6a
                                                                      • Instruction Fuzzy Hash: 32313C34E106099FCB59EFA5D85479EB7B2BF89300F14C529EA0AEB350DB71AD42CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3A68 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 927423acf121738a5009a159df3a4577f029c5092a80c440a59232b80ddbaf12
                                                                      • Instruction ID: 2c824aa82b65e81c784e702e32729eea5bce551b02cf602bebf033dfaa1a258a
                                                                      • Opcode Fuzzy Hash: 927423acf121738a5009a159df3a4577f029c5092a80c440a59232b80ddbaf12
                                                                      • Instruction Fuzzy Hash: 46219A75F016159FDF40EF69D880BEFBBF5EB48610F008025E906EB291E731D8028BA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3A78 Relevance: .1, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3303e941a8cf2619d9c0fabb206734b771a378a9179004fc129918e2ed53e5b7
                                                                      • Instruction ID: 0c5b11c0c19e208cf511b9dc617ba2357692b5cbac5832ffdc3f1baa5af5461b
                                                                      • Opcode Fuzzy Hash: 3303e941a8cf2619d9c0fabb206734b771a378a9179004fc129918e2ed53e5b7
                                                                      • Instruction Fuzzy Hash: 9C217A79F006159FDF50EF69D880AAEBBF5EB48610F108029E906EB395E731DD01CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0109D044 Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2872725947.000000000109D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0109D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_109d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ed19d47e7d738076631afe35ea3c201c3f69a7b40d767ed7b177c8d1803e0d66
                                                                      • Instruction ID: 4329bfd572a777faaa53264ece4e24ba3de8dfca5421f6862b9cbdbd22063bc2
                                                                      • Opcode Fuzzy Hash: ed19d47e7d738076631afe35ea3c201c3f69a7b40d767ed7b177c8d1803e0d66
                                                                      • Instruction Fuzzy Hash: 0E2134B1584204EFCF11DF68C9D4B2ABFA5FB84314F20C6ADE9894B252C73AD446DB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD6CD8 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bde9c76c8f36916467a3072555730c5ad831970e3ae9e5c5e36c00cc24dcd2f6
                                                                      • Instruction ID: d84c41ac98e1d93a68b879b64439007034f1a11478adefffab8aea4a068f4ba5
                                                                      • Opcode Fuzzy Hash: bde9c76c8f36916467a3072555730c5ad831970e3ae9e5c5e36c00cc24dcd2f6
                                                                      • Instruction Fuzzy Hash: 25217F30B101199FDF94EB69E95079EB7F6EB84354F249425E80AEB384DB35EC428B84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3B88 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84b5f6079bf5ef0717f3cea7bcb24903ba2e3e7fb6edc6ed23f49f3673cfff6f
                                                                      • Instruction ID: 4a5a7b14d78a7f9e07025f88d26780cc4c01d1e75198ecdfbbda780feafb6dff
                                                                      • Opcode Fuzzy Hash: 84b5f6079bf5ef0717f3cea7bcb24903ba2e3e7fb6edc6ed23f49f3673cfff6f
                                                                      • Instruction Fuzzy Hash: 42118B36B105285FDF94A768C814AAF73BAEBC9215F04413AC50AEB384DA659C028B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADA2C0 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: be16205fc1dade55f50b5a50f1ebd045486c3c624ff74d004840603885527cee
                                                                      • Instruction ID: 363bb774e5c184f7b28160d08c8ae2db078acc08215988593cfcaf52ad215c6d
                                                                      • Opcode Fuzzy Hash: be16205fc1dade55f50b5a50f1ebd045486c3c624ff74d004840603885527cee
                                                                      • Instruction Fuzzy Hash: D101B5387055101FCB61F77DE85076B77D6EB8A614F104469E10BCF356DA26DC428791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3021 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 98f2b89ebc5afe8f6e14918d64c64bc347a5d288a1e6e3be5435717ba632f410
                                                                      • Instruction ID: b1b0c92b14a6b1f25bd483f8aa851f37c1f088f0b7391fd6cb633c8dad7b5ad5
                                                                      • Opcode Fuzzy Hash: 98f2b89ebc5afe8f6e14918d64c64bc347a5d288a1e6e3be5435717ba632f410
                                                                      • Instruction Fuzzy Hash: 2511A571E002199FCF64EB75D8405DEF7B5EF89350F1085AAD406E7240DA31CA46CBD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD41C8 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e73250b5e19c991aa27d5cfed08af6d468629e27a3c922b0a579bb9e59d68aa8
                                                                      • Instruction ID: 84f115230208f86d48c7004e9c4ad7a70081654107b31da5276ac99a2ce802a0
                                                                      • Opcode Fuzzy Hash: e73250b5e19c991aa27d5cfed08af6d468629e27a3c922b0a579bb9e59d68aa8
                                                                      • Instruction Fuzzy Hash: 2401B134B045111FDB61A6BDA850B2BB7DADBCEA14F14887AE10BCB395E961DC0343A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3B78 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cc65168c9184bd448290b989d5846bbc01baae9ab62e5432d29e1a2df638d65a
                                                                      • Instruction ID: 7be8c58015137a4170b7d75be233fbdd700ae856ac31134dfce436a6938b6276
                                                                      • Opcode Fuzzy Hash: cc65168c9184bd448290b989d5846bbc01baae9ab62e5432d29e1a2df638d65a
                                                                      • Instruction Fuzzy Hash: 1901D435B104146BDF54AA69DC11AEF76BFDBC9614F00003AD50ADB284DE619C0247E3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0109D03F Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2872725947.000000000109D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0109D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_109d000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                      • Instruction ID: 025c68aafad10deea26af8cb80e34adeb9dc394be64dd498b9413452dd4b5dda
                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                      • Instruction Fuzzy Hash: 5B110075544240DFCB12CF18C5D4B15BFA1FB84314F24C6A9E8894B252C33AD40ADF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3848 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c6dd7555cdc5e0dafcfba9653479d165203aa627ebc9dd1cb14eb0622fee5b8
                                                                      • Instruction ID: b02afec4e92bbba46419d0720bfc1e5fa4550285a6455908f943b55814d01bd4
                                                                      • Opcode Fuzzy Hash: 6c6dd7555cdc5e0dafcfba9653479d165203aa627ebc9dd1cb14eb0622fee5b8
                                                                      • Instruction Fuzzy Hash: BF11B0B5D01259EFCB00DF9AD884ADEFFB4FB49324F10852AE918A7240D374A954CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD3840 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af97259980b8e12bb0509894035ecd886c2b033a40f2068bfe6a3a0c3b8f7fbf
                                                                      • Instruction ID: e9be79220cbd9fc68fbb85647a36b72d3026b01320ab51ad15c5f1d4f17c75d1
                                                                      • Opcode Fuzzy Hash: af97259980b8e12bb0509894035ecd886c2b033a40f2068bfe6a3a0c3b8f7fbf
                                                                      • Instruction Fuzzy Hash: 5A21FCB5D00659EFCB00DF9AD884ADEFBB4BB08320F10852AE918A7200C374A944CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD41D8 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3182f9614f656463eaa5cfde0b8c8f6d4d964c235cd02532c3f944f4380547d
                                                                      • Instruction ID: 596556e015ab3fdf6ea2f2ac2def4334bf97cf8fa415a2eddec7ee809a5f74f8
                                                                      • Opcode Fuzzy Hash: f3182f9614f656463eaa5cfde0b8c8f6d4d964c235cd02532c3f944f4380547d
                                                                      • Instruction Fuzzy Hash: BF018135B001101BDB64A6AEA85472BB2DAEBCD714F20883AE50FCB344ED75EC4343A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADED49 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4df2ba7c62caf4a330dfb5a1dcc0a4bc46866a8c1961a37d4cb82119ab756403
                                                                      • Instruction ID: f5dce4071e066649551254ab689fe558e5657025981f57233e00669b41f23c61
                                                                      • Opcode Fuzzy Hash: 4df2ba7c62caf4a330dfb5a1dcc0a4bc46866a8c1961a37d4cb82119ab756403
                                                                      • Instruction Fuzzy Hash: 46018F75B005104BCF65EBAC949076F73D6EBC9614F10882AE54BCF344EE21EC138795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADED58 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a153dfbc457eed457ababd7198197dccc67847f88cce126f883fc26d1fb876d4
                                                                      • Instruction ID: 155832255286389f15c989a5449c991a43140d35f950322d70abd112acba472f
                                                                      • Opcode Fuzzy Hash: a153dfbc457eed457ababd7198197dccc67847f88cce126f883fc26d1fb876d4
                                                                      • Instruction Fuzzy Hash: 88018C35B001141BDF65A76DA85072F72DAEBCAA10F108839E24BCF340EE65EC034395
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADA2D0 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b6c766b47ccb77bdba06b4fac8a0ee7f45a533534d72249f230b0b196ba70da
                                                                      • Instruction ID: 24f40e2b95d460ea9cf582eda50ab212f9a968fedac3e1515c15251c05654cf7
                                                                      • Opcode Fuzzy Hash: 6b6c766b47ccb77bdba06b4fac8a0ee7f45a533534d72249f230b0b196ba70da
                                                                      • Instruction Fuzzy Hash: DD013134B005145FDB61B7BDE85072AB3D6E7C9624F108439E20FCB354DA26EC428795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADC798 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 22ee39510a8b4c099e51cd3d4162fcad48001cb54b19e4fd30a25c22b16840d7
                                                                      • Instruction ID: f9a73288d8534c0d766e10c4d2ceb719357a026a556fb987e96b5a019549708c
                                                                      • Opcode Fuzzy Hash: 22ee39510a8b4c099e51cd3d4162fcad48001cb54b19e4fd30a25c22b16840d7
                                                                      • Instruction Fuzzy Hash: 3601A431F102289FCF64AA65E840A9EB7B9FB85724F404539E907EB344DB35AC05CBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD6438 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71cfa7c8742a3b73219ed3b96a972c0426e2343bc540c58dd5e4816afde25d77
                                                                      • Instruction ID: 7888b677f5a643096fbfa521b5d0d41bfdba6e2d5e941ec291dc90a879f91eb2
                                                                      • Opcode Fuzzy Hash: 71cfa7c8742a3b73219ed3b96a972c0426e2343bc540c58dd5e4816afde25d77
                                                                      • Instruction Fuzzy Hash: 99E0D8B1E242086BEF50FFB0DA1578B7BAEDB42218F20C8A1D456DB142E132C9458751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 06AD7660 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2222239885
                                                                      • Opcode ID: 381eef088a3547ba104618f01b58e12430eab8c77f09e59f6240cd02ed64aca0
                                                                      • Instruction ID: f1648290287d2dd883db09815f0dcaee5462302df9d198478b1c220ff72b43b5
                                                                      • Opcode Fuzzy Hash: 381eef088a3547ba104618f01b58e12430eab8c77f09e59f6240cd02ed64aca0
                                                                      • Instruction Fuzzy Hash: DA12FD30E002198FDB68EF65C954A9EB7F2BF84704F2085A9D40AAB354DB31DD86CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADA8F8 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-3823777903
                                                                      • Opcode ID: deea8d39b882513553bd9bbc6e78a931eb93015878a781d57ebaab770c2aef88
                                                                      • Instruction ID: 4180823b0fdf18c23cb011066b2110e6aa81e3f3b63231842c112a7d226e8b6a
                                                                      • Opcode Fuzzy Hash: deea8d39b882513553bd9bbc6e78a931eb93015878a781d57ebaab770c2aef88
                                                                      • Instruction Fuzzy Hash: D7915E30E002099FDB64EFA5DA54BAEB7F2BF84304F108529E5429B298DB759C46CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD7060 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                      • API String ID: 0-390881366
                                                                      • Opcode ID: 22792f899e30b3b9db31ee932cad33428443656dad7fa1b0bbba46206284c5de
                                                                      • Instruction ID: 5df8d641f8ff8ea9621d44df32d5719ac115473ebb759ffbf6d6a5f978eae5fc
                                                                      • Opcode Fuzzy Hash: 22792f899e30b3b9db31ee932cad33428443656dad7fa1b0bbba46206284c5de
                                                                      • Instruction Fuzzy Hash: 44F12B34B00209CFDB59EBA5D594B6EB7F2BF84304F248568D4469B368DB75EC82CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD8398 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2125118731
                                                                      • Opcode ID: 52584b44e40f5839dcf9337ae5becc47e8d89b10cacad42e307534acb3f24145
                                                                      • Instruction ID: 64e80d96bfc713e61403dd356600af5e64eb6072857f6b502ea2f7c33461ed7f
                                                                      • Opcode Fuzzy Hash: 52584b44e40f5839dcf9337ae5becc47e8d89b10cacad42e307534acb3f24145
                                                                      • Instruction Fuzzy Hash: F3B12A30B002099FDB64EB69D594A9EB7F2FF84300F248969D046DB358DB79DC86CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06AD87B0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LR^q$LR^q$$^q$$^q
                                                                      • API String ID: 0-2454687669
                                                                      • Opcode ID: 8855f21e3f419b6f91570a9fa5b2090ed40216df49225d1924322798c3a81858
                                                                      • Instruction ID: cb8288661a3d356f42178e25ac40926d5933a1cdc9a393b22f2d446a87ee32db
                                                                      • Opcode Fuzzy Hash: 8855f21e3f419b6f91570a9fa5b2090ed40216df49225d1924322798c3a81858
                                                                      • Instruction Fuzzy Hash: 81519E34B002059FDB58EB28C984A6EB7F6FB88704F108968E456DF399DB35EC45CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 06ADAC87 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.2880318470.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_6ad0000_invoice & packing list.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                      • API String ID: 0-2125118731
                                                                      • Opcode ID: 61cc745dfbfe18fd0551df51a945c4d040aeade519e97108035928c710f5bfc2
                                                                      • Instruction ID: a1d79a74209cb1f7d981ef519a88425a77013c8600e1e291ca54171fc510d639
                                                                      • Opcode Fuzzy Hash: 61cc745dfbfe18fd0551df51a945c4d040aeade519e97108035928c710f5bfc2
                                                                      • Instruction Fuzzy Hash: BD519D34F102058FCF65EB65D584AAEB3F2EB89310F148929E946DB358DB31EC42CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%